Content Scanning

Follow

Contents

Content scanning in BetterCloud enables you to be alerted when your domain’s files contain sensitive data, and to automatically take action on those files by triggering workflows. Content scanning is currently available for the following providers.

  • Google Drive
  • Box
  • Slack
  • Dropbox

There are two ways of carrying out content scanning. The first method is by configuring the Sensitive Data Scanned alert template, which enables you to scan all files for sensitive information, and also supports additional conditions to scope the alerts further. You can also add a content scanning condition to one of our exposure-focused alert templates, allowing you to hone in on sensitive data that is being shared publicly, with users outside of your domain, or with all users on your domain, and to take action accordingly.

You can find more detailed information about the kind of sensitive data that BetterCloud is scanning for here.

*Please Note:

  • Content Scanning is only available on our Pro and Enterprise subscription levels.
  • Content scanning alerts only scan documents that have been edited from this point forward. They will not retroactively scan all documents on your domain. Retroactive scanning will be added in the coming months.

Sensitive Data Scanned Alert

To get started, navigate to the Alerts Manager under Alerts > Manage from the left nav. The Sensitive Data Scanned alert is a template, meaning it must be configured prior to becoming active. To do so either click on the alert’s name, or select “Edit” from the carrot on the right side of the page.

Content_Scanning_1.png

Name your alert to make sure you can identify it later, and add a description.

Content_Scanning_2.png

You can add a condition to scope this alert further, but it is not required in order to configure the alert.Content_Scanning-3.png

The Content Scanning section is where you can decide what type of content to look for. In this example we will look for United States Social Security Numbers. You can narrow the information types presented by using the dropdown for “Region” and “Category”.

Content_Scanning-4.gif

Clicking the “+” symbol allows you to add additional information types. Select the trash can icon next to an information type to remove it from your selection.

Content_Scanning-5.png

These additional conditions will function with OR logic, meaning that a file that contains any of the specified information types will trigger the alert.

By default the checkbox for “Include Private Files” will be unchecked and BetterCloud will not scan private files. You may check this box to include private files in the scan.

Content_Scanning-6.png

*Please Note: Including private files may significantly increase the amount of time the alert takes to process, and will remove any “Shared With” conditions from the alert.

As with any other alert, you can also set a threshold, and enable notifications through email, SMS, and webhook.

Content-Scanning-7.png

Select “Publish” to activate your new alert.

Content will be scanned upon the following events:

Google Drive
File Added
File Downloaded
File Edited
File Previewed
Sharing Setting Changed
Collaborator Added

Box
File Added*
File Downloaded
File Edited*
File Previewed
Shared Link Created*
Collaborator Added*

Slack
Public File Added
Public File Edited
File Shared Publicly

Dropbox
File Added*
File Downloaded
File Edited*
File Previewed
Shared File Downloaded
Shared File Viewed
File Downloaded via Shared Link
File Viewed via Shared Link
Shared Link Added*
Collaborator Added*

*Please Note: BetterCloud cannot guarantee that all events marked with an asterisk will be detected in the case of large folder trees

Externally Shared, Public, and Domain File Alerts

In order to identify sensitive data that has been shared publicly, with external users, or with your entire domain, you can add content scanning to one of the following alert templates from the Alerts Manager:

  • Files Shared Publicly
  • Files with Public Sharing Links
  • Files Shared Externally
  • Files Shared with Domain with Link
  • Files Shared with Domain

Other configurations for these alerts are essentially the same as for the Sensitive Data Scanned alert, but with the built-in conditions for file exposure configured by default.

Content_Scanning_3.png

Adding content scanning to one of these alerts creates a new custom alert, which can then be used to trigger workflows to revoke external sharing or send you information about the triggering file.

Auditing Results

Once your alert has triggered, it will display on the Triggered Alerts page, under Alerts > Triggered from the left nav.

Content_Scanning_4.png

Click on the result in the "Matches" column to review the matches. The review flyout shows the name of the file, the number of matches, and the date and time when the file triggered the alert. Files with multiple matches will only appear once in the review flyout. Click on the link under the “Violations” column to view the list of matches. The page shows the title of the file, a link to view the file, the owner, the category that was matched, and the matched text. The list of matched entries is partially obscured for security purposes.

Content_Scanning-review.png

When scanning documents, BetterCloud employs additional validation besides a basic regular expression match. If you are testing with dummy data, it will have to meet this additional validation in order to trigger the alert. Meaning, you will not be able to enter a random 9 digit number, it will also need to match the pattern of a valid Social Security Number. Additionally, in order to avoid scanning duplicate data for a file that is being actively edited, a document must be unedited for at least 5 minutes before BetterCloud will scan it.

You may also view the file from its results page:

Content_Scanning-view_file.png

Please note the following sharing setting requirements that must be met in order to view files in each available provider:

G Suite

All file sharing levels support view links.

Slack

Public file sharing levels support view links.

Dropbox

Files with public sharing links support view links. Dropbox generates links to files when a public sharing link has been generated for that file.

Box

Files with public sharing links support view links. Box generates links to files when a public sharing link has been generated for that file.

Triggering a Workflow

As with any other alert, once a content scanning alert is published, it can be used as a workflow event. You can locate it under the Alerts dropdown for the relevant integration in the WHEN section of the Workflow Builder.

Once the workflow is published, future events that trigger the alert will also trigger the workflow, allowing you to take automated action based on sensitive data identified on your domain.

*Please Note: Workflows will only take action on files that triggered the alert after it has been published.

Important Information/Requirements

  • Content Scanning is only available on our Pro and Enterprise subscription levels.
  • Customers that are currently using Drive in g.bettercloud.com will need to contact their Customer Success Manager to migrate over to the new platform.
  • All content scanning is from this point forward, meaning that only documents that are edited after the alert is enabled will be scanned and can trigger the alert.
  • Scans are only carried out on any given document after it has not been edited for at least 5 minutes.
  • Currently only files under 50MB in size will be scanned.
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request