DATA RECON 2.0.25
Databases can be scanned in two ways:
(Not recommended) The data storage files of a database can be scanned directly. Performing a Local Storage scan on a database server automatically picks up data storage files and scans them for sensitive data.
Scanning data storage files may run into the following issues:
- Matches from ghost records or slack space may be found, instead of only data that can be queried from the database.
- The data storage files may be locked by a database that is running.
To avoid these issues, perform a live database scan.
Live Database Scan
A live database scan is run by querying the database directly to search for sensitive data.
Supported Databases and Requirements
The following databases are supported:
|Microsoft SQL Server 2005 and above||
|PostgreSQL 9.5 and above||
|Oracle Database 9 and above||
|IBM DB2 11.1 and above||
|Sybase/SAP Adaptive Server Enterprise (ASE) 15.7 and above||
DATA RECON does not modify data in the databases it scans. As a result, direct remedial action is unavailable for matches found in a live database scan.
You can, however, mark matches for manual remedial action. See Remediating and Marking Matches for more information.
Your database credentials must have SELECT (data reader) access to the database resources to be scanned.
To add credentials for a database search location, click on No usernames or passwords:
In the Search target credentials dialog box:
- Click + Add and select one of the following:
- Microsoft SQL
- IBM DB2
- Fill in the following fields:
- Target location: Enter the database server hostname.
- Username: Enter your user name.
- Password: Enter your password.
- (optional) Under Encrypt credentials enter a master password to encrypt stored credentials.
- Click Ok.
Add Databases to Search Locations
In the main menu, click Search all local files:
In the Search targets dialog box:
- Click + Add.
- Select Databases.
- Select one of the following and click + to expand the selection:
- Microsoft SQL
- IBM DB2
- In the Add database server field, enter the database server host name as hostname[:port].
Specify a port if the database server is not using a default port. For more options, see Database Connection Options below.
- Press Enter to add the specified database server as a search location.
- (Optional) Click + to expand the added database server and select specific resources to scan.
- Click Select and then Ok to finish adding the location.
Database Connection Options
Connect using a fully qualified domain name (FQDN)
When adding an Oracle Database as a search location, you may need to enter the FQDN of the database server instead of its host name.
Oracle 12x/TNS: protocol adapter error
If you are using Oracle 12x, or if the Oracle database displays a "TNS: protocol adapter error", you must specify a SERVICE_NAME.
Add the service name to the database server host name:
|Microsoft SQL Server||
Scan a specific SQL Server instance (where multiple are running):
Scan a specific Sybase instance (where multiple are running):