Enterprise Recon 2.10.0

Email Locations

This section covers the following topics:

Supported Email Locations

  • Locally Stored Email Data
  • IMAP/IMAPS Mailbox
  • HCL Notes

Licensing

For Sitewide Licenses, all scanned email Targets consume data from the Sitewide License data allowance limit.

For Non-Sitewide Licenses, email Targets require Client Licenses, and consume data from the Client License data allowance limit.

See Target Licenses for more information.

Locally Stored Email Data

When running a Local Storage and Local Memory scan, ER2 detects and scans offline email data stores and data files for sensitive data. ER2 does not scan data files locked by the email server.

Scanning a locally stored email data file may produce matches from ghost records or slack space that you are not able to find on the live email server itself.

Directly scan Microsoft Exchange Information Store data files
  1. Stop the Microsoft Exchange Information Store service and back up the Microsoft Exchange Server.
  2. Once the backup is complete, copy the backup of the Information Store to a location that ER2 can access.
  3. Select that location as a Local Storage location. See Local Storage and Local Memory for more information.

IMAP/IMAPS Mailbox

To scan IMAP/IMAPs mailboxes, check that your system meets the following requirements:

Requirements Description
Proxy Agent
  • Windows Agent with database runtime components
  • Windows Agent
  • Linux Agent with database runtime components
  • Linux Agent
  • macOS Agent
Email client The Target Internet mailbox must have IMAP enabled.

To Add an IMAP/IMAPS Mailbox

  1. From the New Scan page, Add Targets.
  2. In the Enter New Target Hostname field, enter the name of the IMAP/IMAPS server for the mailbox you want to scan.
  3. Select the IMAP mailbox type to set up:
    1. IMAP: Select Email > Internet Mailbox.
    2. IMAPS (IMAP over SSL): Select Email > Internet SSL Mailbox.
      Select an Email Target type to scan.
  4. In the Internet Mailbox or Internet SSL Mailbox page, fill in the following fields:
    Dialog box to configure the path, credentials and proxy agent for an Internet SSL Mailbox Target.

    Field Description
    Path Enter the email address that you want to scan.
    For example, <user_name@domain_name.com>.
    New Credential Label Enter a descriptive label for the credential set.
    New Username Your internet mailbox user name.
    Password Your internet mailbox password.
    Agent to act as proxy host Select a Proxy Agent host with direct Internet access.
    Recommended Least Privilege User Approach

    Data discovery or scanning of data requires read access. Remediation actions that act directly on supported file systems including Delete Permanently, Quarantine, Encryption and Masking require write access in order to change, delete and overwrite data.

    To reduce the risk of data loss or privileged account abuse, the Target credentials provided for the intended Target should only be granted read-only access to the exact resources and data that require scanning. Never grant full user access privileges or unrestricted data access to any application if it is not required.

  5. Click Test. If ER2 can connect to the Target, the button changes to a Commit button.
  6. Click Commit to add the Target.

HCL Notes

To scan HCL Notes mailboxes, check that your system meets the following requirements:

Requirements Description
Proxy Agent
  • Windows Agent with database runtime components
  • Windows Agent
One task at a time

Each Agent can perform only one task at a time. Attempting to perform multiple tasks simultaneously, for example, scanning and probing a Notes Target at the same time, will cause an error.

To perform multiple tasks at the same time, use multiple Agents.

Notes client

The Agent host must have one of the following installed:

  • HCL Notes client 8.5.3
  • HCL Notes client 9.0.1

Single-user installation ER2 works best with an Agent host running a Single-user installation of the Notes client.
Admin user User credentials with administrator rights to the target mailbox.
Others

Make sure that:

  • The Agent host has a fully configured Notes client installed.
  • The Notes client can connect to the target Domino server.
  • The Notes client can access emails with credentials used for scanning.

To Add a Notes Mailbox

  1. From the New Scan page, Add Targets.
  2. In the Enter New Target Hostname field, enter the host name of the Domino server that the Target Notes mailbox resides on.
  3. Click Test. If ER2 can connect to the Target, the button changes to a Commit button.
  4. Click Commit to add the Target.
  5. In the Select Types dialog box, select Email > HCL Notes.
  6. Fill in the fields as follows:
    Dialog box to configure the path, credentials and proxy agent for an HCL Notes Target.
    Field Description
    Path

    Enter the path to scan. Use the following syntax:

    <user_name/domino_domain> is your Notes User Name.
    • Scans all resources available for user credentials provided.
      Syntax: Leave Path blank.
    • Scans all resources available for the user name provided.
      Syntax: <user_name/domino_domain>
      Example: administrator/exampledomain
    • Scans a specific path available for the user credentials provided.
      Syntax: <user_name/domino_domain/path>
      Example: administrator/exampledomain/mail
    • You can specify a specific server partition to connect to.
      Syntax: (partition=<server_partition_name>)
      Example: (partition=serverPartitionA)

      Specify a server partition when:

      • Connecting to a specific server partition in a Domino domain.
      • The target Domino server has a server name that is different from its host name.

    To connect to a specific path in serverPartitionA on a Domino server, enter:
    (partition=serverPartitionA)/administrator/exampledomain/mail/administ.nsf.
    New Credential Label Enter a descriptive label for the credential set.
    New Username Your Notes User Name.
    New Password Your HCL Notes password.
    Agent to act as proxy host Select a Proxy Agent that resides on a Proxy host with the appropriate HCL Notes client installed.
    Recommended Least Privilege User Approach

    To reduce the risk of data loss or privileged account abuse, the Target credentials provided for the intended Target should only be granted read-only access to the exact resources and data that require scanning. Never grant full user access privileges or unrestricted data access to any application if it is not required.

  7. Click Test. If ER2 can connect to the Target, the button changes to a Commit button.
  8. Click Commit to add the Target.

Notes User Name

To find your Notes user name:

  1. Open the Notes client.
  2. From the menu bar, select File > Security > User Security.
  3. A password prompt opens. In the prompt, your Notes user name is displayed in the format <user_name/domino_domain>.
    Login and password window in IBM Notes with "User name" set to "Administrator/groundlabs".
  4. If no password prompt opens, find your Notes user name in the User Security screen.
    User Security window with the "Security Basics" tab opened in IBM Notes.

Microsoft Exchange (EWS)