Enterprise Recon Cloud 2.11.1
How To Scan Confluence On-Premises
This section covers the following topics:
- Overview
- Licensing
- Requirements
- Set Up and Scan a Confluence On-Premises Target
- Edit Confluence On-Premises Target Path
- Confluence API Limits
- Remediate Matches in Confluence On-Premises
Overview
When Confluence On-Premises is added as a scan Target, ER Cloud returns all spaces, blog posts, and pages that are accessible to the Confluence user account.
When the Target is probed, you can select specific spaces, blog posts, and/or pages (along with the associated comments and attachments) when setting up the scan schedule.
Example of Confluence On-Premises structure:
Confluence On-Premises [host name: my-confluence-server]
    +- Confluence on target MY-CONFLUENCE-SERVER
        +- Space Engineering
            +- Blog Post
                +- Blog Post A
                +- Blog Post B
        +- Space Product
            +- Page Features
                +- Page Feature A
                +- Page Feature B
            +- Page Release
                +- Page Release Q1
                +- Page Release Q2
To set up and scan Confluence On-Premises as a Target:
To scan specific paths in a Confluence On-Premises Target, refer to the Edit Confluence On-Premises Target Path section.
Licensing
For Sitewide Licenses, all scanned Confluence On-Premises Targets consume data from the Sitewide License data allowance limit.
For Non-Sitewide Licenses, Confluence On-Premises Targets require one Server & DB License per host machine, and consume data from the Server & DB License data allowance limit.
See Target Licenses for more information.
Requirements
| Component | Description | 
|---|---|
| Version Support | Confluence Data Center 7.4 LTS, 7.19 LTS, and 8.5 LTS. 
          Using a different Confluence On-Premises version?
           Ground Labs supports and tests the versions listed above. However, versions not indicated may still work as expected. | 
| Proxy Agent | 
 Recommended Proxy Agents: 
 Use the pre-configured Linux cloud Agents to scan cloud
    Targets only. For the list of Targets according to the type, refer to
    Target Types in the
    Add Targets
    section. For more information about Agents in ER Cloud, refer to the
    About Enterprise Recon Cloud 2.11.1 section. | 
| Default Port | 443 | 
| Confluence Credentials | "View" space permission is required. Use credentials of either an individual user with "View" space permission, or a user that belongs to a Confluence group with "View" space permission. If User A has “View” space permission for Space A and B, but not for Space C, only Space A and Space B can be added and scanned. If User A has “View” space permission for Space A and Space B, and User A also belongs to a Confluence group with “View” space permission for Space C, all three spaces can be added and scanned. | 
| API Limits | 1000 requests (or above) per minute is recommended. Refer to the Confluence API Limits section below. | 
Set Up and Scan a Confluence On-Premises Target
Add Confluence On-Premises as a New Target
- From the New Scan page, add Targets. Refer to the Add Targets section.
- In the Select Target Type dialog box, select Server.
- In the Enter New Target Hostname field, enter the host name of the Confluence server.
- Click Test. If ER Cloud can connect to the Target, the button changes to a Commit button.
- Click Commit to add the Target.
- In the Select Types dialogbox, click Server Applications > Confluence.
- 
    In the next window, fill in the following details:  Section Description Path details In the Path field, enter the path to scan. If the field is left blank, all Confluence spaces (on the default connector port) the user or user's Confluence group(s) has "View" permissions to are added. Refer to the Path Syntax table for more information on the path syntax to use. Credential Details If you have stored the credentials, select from Stored Credentials. If not, fill in the following fields: - New Credential Label: Enter a descriptive label for the credential set.
- New Username: Enter the Confluence account user name.
- New Password: Enter the Confluence account password.
 "View" space permission is required.Use credentials of either an individual user with "View" space permission, or a user that belongs to a Confluence group with "View" space permission. Proxy Details Select a suitable Agent. Refer to the Requirements - Proxy Agent section. 
- Click Test. If ER Cloud can connect to the Target, the button changes to a Commit button.
- Click Commit to add the Target.
Scan a Confluence On-Premises Target
- 
    (Optional) On the Select Locations page, probe the Target to browse and select specific Target locations to scan. Refer to Probe Targets in the Start a Scan section. Comments and attachments associated with the selected location(s) are also scanned.
- Click Next.
- On the Select Data Types page, select the data type profile to be included in your scan (refer to the Use Data Type Profile section) and click Next.
- On the Set Schedule page, configure the parameters for your scan. For more information, refer to Set Schedule in the Start a Scan section.
- Click Next.
- On the Confirm Details page, review the details of the scan schedule, and click Start Scan to start the scan. Otherwise, click Back to modify the scan schedule settings.
Edit Confluence On-Premises Target Path
To scan a specific path in Confluence On-Premises:
- Set Up and Scan a Confluence On-Premises Target.
- In the Select Locations section, select your Confluence On-Premises Target location and click Edit.
- 
    In the Edit Confluence dialog box, enter the path to scan using the following syntax: Location to Scan Path Syntax All spaces Syntax: [:<port>] If connection to the Confluence server uses a port other than 443, the [:<port>] value must be defined in the Path field. Example: Leave the Path field blank or :9999 All pages in a specific space Syntax: [:<port>/]<Space Name> Example: Engineering All blog posts in a specific space Syntax: [:<port>/]<Space Name>/$b Example: Engineering/$b A specific blog post in a specific space Syntax: [:<port>/]<Space Name>/$b/<Blog Post Name> Example: Engineering/$b/New Feature All subpages under a specific page Syntax: [:<port>/]<Space Name>/<Page Name> Example: Engineering/Features A specific subpage under a specific page Syntax: [:<port>/]<Space Name>/<Page Name>/<Page Name> Example: Engineering/Features/Versioning Comments and attachments associated with the selected location(s) are also scanned.
- Click Test and then Commit to save the path to the Target location.
Confluence API Limits
ER Cloud uses REST API to query and retrieve data from Confluence. The number and frequency of REST API requests that users can make can be configured using the rate limiting feature.
When rate limiting is enabled and the Limit requests option is selected, we recommend setting the Requests allowed per node to a value not lower than 1000 requests per minute per user to allow ER Cloud to properly execute scans.
If an organization reaches the configured request limits, the following scan issues may be encountered:
- The scan speed will substantially decrease, and
- The scan schedule will take too long to complete and will be stuck in "Scanning" state.
For more information, refer to Confluence - Rate Limiting.
Remediate Matches in Confluence On-Premises
The following remediation actions are supported for Confluence On-Premises Targets:
To remediate matches in Confluence On-Premises, refer to the Perform Remedial Actions section.
For more information on the supported remedial actions, refer to the Remedial Actions in ER Cloud section.
PRO This feature is only available in Enterprise Recon Cloud PRO Edition. To find out more about upgrading your ER Cloud license, please contact Ground Labs Licensing. See Subscription License for more information.