Discovery Jobs

Overview

To locate and classify sensitive information, it is first necessary to create a Discovery job. This involves managing the creation, modification, and deletion of these jobs. Additionally, it is possible to manually start a specific job or abort a running job.

Structure of a Discovery Job

A discovery job consists of data patterns, which contain the pattern information needed to extract sensitive information, and detection profiles, which are collections of one or more data patterns.
Since the job scans each data source, connection information defined in the access control system is required.
While jobs can be run manually, a schedule can also be set up for periodic execution. Queries are used to access each database and retrieve columns containing sensitive information; however, users cannot view, modify, or delete these queries.

Creating a Discovery Job

Click the + Discovery Jobs button on the Discovery job page to open the job creation page.

• When creating a Discovery Job, selecting all connections may lead to a significantly longer scanning time. It is recommended to select only the specific connections needed for the scan to optimize performance.

• While built-in profiles are available for convenience, they contain a broad range of patterns, which may lead to a high number of false positives. To minimize both scan time and false positives, it is recommended to create a custom profile that includes only the necessary patterns for your scan.

• Recommended Process: Create a custom Detection Profile → Create a Discovery Job → Execute the Discovery Job → Review and verify the scan results → Check the inventory

1. Job Name Specification : Assign a name to the job for easy identification. Job names cannot be duplicated. If you enter a name already in use and attempt to save it, an error message will appear.

2. Description : Enter a description for the job.

3. Schedule Configuration : Specify a schedule to execute the job at regular intervals. The schedule should be entered in cron format. If you select "Manual," no schedule will be set. Regardless of whether a schedule is configured or manually set, all discovery jobs can be manually initiated from the Discovery Job list.

4. Sample Size Configuration : Scanning all columns can place a heavy load on the server. To mitigate this, you can limit the scan to a specified number of rows. Using an excessively small value may result in unreliable detection results, so the minimum sample size is restricted to 100 rows. While there is no maximum value, using a very large number can severely impact server performance. Therefore, you should choose the value carefully. The default is set to 1000.

5. Connection Selection : Select the connection to be scanned. You can choose all existing connections or specify particular ones selectively.

   1. Click the + Connection button to add a connection

      

   2. In the popup window, select the target connection and click the Add button.

      

   3. Check if the selected connection has been added to the list.

      

6. Specify Detection Profile: Select the pattern set that will be used when the job is performed

   1. Click the + Detection Profile button

      

   2. Select the profile to be used from the popup window and click the Add button.

      

   3. Check if the selected profile has been added to the list.

      

7. Click the Save button to save the settings.

Modifying a Discovery Job

Clicking on a specific job (row) in the list on the Discovery Job page will display the details page for that job.

• Editing Discovery Job Metadata : By clicking the Edit button in the top-right corner, you can modify the Job Name, Description, Schedule, and Sample Size settings.

  

• Editing the Connection of a Discovery Job : Select the Connections tab on the details page to view the connections assigned to the job. You can add a new connection by clicking the +Connection button on the right.

  

  • To remove a connection, check the connection to be removed from the list in the Connections tab and click the Remove button. At least one connection must be assigned to the job.
    

    

• Editing the Detection Profile of a Discovery Job : Select the Detection Profiles tab on the details page to view the Detection Profiles assigned to the job. You can add a new Detection Profile by clicking the + Detection Profile button on the right.

  

  • To remove a Detection Profile, check the Detection Profile to be removed from the list in the Detection Profiles tab and click the Remove button. At least one Detection Profile must be assigned to the job.

    

Deleting a Discovery Job

To delete a Discovery job, select the checkbox next to the specific job in the Discovery job list and click the Delete button. However, jobs that are currently running cannot be modified or deleted until they have been stopped.

Controlling Discovery Job Execution

• Discovery Job Status Information:

  • Created : The job has been created but has not yet been executed.

  • Running : The job is currently in progress.

  • Completed : The job has been successfully completed.

  • Failed : The job was executed but failed.

  • Aborted : The job was forcibly stopped by the user during execution.

• Manual Start of a Specific Job: To start a job manually, select the desired job from the list and click the Run Now button.

• Aborting a Specific Running Job: To abort a job that is currently running, select the "Running" job from the list and click the Stop button.

Checking the status of a Discover Job

You can check the execution status of a Discovery Job at the following location:

• Navigate to the Administrator > Discovery > Discovery Management > Discovery Job page to view Discovery Job details page's Run History tab

  

• Navigate to Administrator > Discovery > Discovery Management > Discovery History page to view the list of Discovery Jobs and their details. Clicking on each job will display its detailed screen.