Stealthaudit Sensitive Data Discovery Add-On Installation Guide for Installation Inform- Ation and Prerequisites

2020 StealthAUDIT® Sensitive Data Discovery Add-on User Guide StealthAUDIT®

TOC

Sensitive Data Discovery Add-On Overview 3

Sensitive Data Criteria Editor 4

Navigation Pane 4

Configuration Pane 5

Criteria Tester Window 9

Add Sub-Criteria 10

Sensitive Data System Criteria 17

Default Metadata Tag Values 25

Supported Formats for Scanning & Metadata 27

Scan-able Formats 27

Archive 27 Document 28 Email & Messaging 28 Other 28 Presentation 30 Raster Image 30 Spreadsheet 30 Text & Markup 31

Metadata Only Formats 32

Image Files 32 Vector Image 32

Scans Against Files with no Extensions 33

Exempted File Extensions 35

More Information 36

Appendix 37

Doc_ID 652 2

Copyright 2020 STEALTHBITS TECHNOLOGIES, INC. ALL RIGHTS RESERVED StealthAUDIT® Sensitive Data Discovery Add-On Overview The Sensitive Data Discovery Add-On allows StealthAUDIT to scan file content for matches to the sensitive data criteria. There are several pre-defined criteria, but users can also customize existing criteria or create new criteria.

The Sensitive Data Discovery Add-on can be used with any of the following StealthAUDIT solutions:

l AWS Solution

l Dropbox Solution

l Exchange Solution – Only with specific data collectors:

l EWSMailbox Data Collector

l EWSPublicFolder Data Collector

l ExchangeMailbox Data Collector

l File System Solution

l PostgreSQL Solution

l MongoDB Solution

l MySQL Solution

l Oracle Solution

l SharePoint Solution

l SQL Solution NOTE: Changes made in the Sensitive Data Criteria Editor are global for Sensitive Data Dis- covery in StealthAUDIT. In other words, any changes to criteria will affect all solutions using the Sensitive Data Discovery Add-on.

See the StealthAUDIT Sensitive Data Discovery Add-On Installation Guide for installation information and prerequisites.

Doc_ID 652 3

Copyright 2020 STEALTHBITS TECHNOLOGIES, INC. ALL RIGHTS RESERVED StealthAUDIT® Sensitive Data Criteria Editor The Sensitive Data Criteria Editor is accessed from the Criteria Tab in the Settings > Sensitive Data node. Use the Sensitive Data Criteria Editor to view pre-defined criteria and to customize or create user-defined criteria. Sensitive Data Criteria can be configured in individual data collectors that use the Sensitive Data Discovery Add-On or can be configured to inherit Sensitive Data Criteria settings from the Settings > Sensitive Data node. See the Sensitive Data section of the StealthAUDIT User Guides v11.0 for additional information.

The Sensitive Data Criteria Editor contains two sections:

l Navigation Pane – User-configured criteria can be added and removed in the Navigation Pane using the Add or Remove options. See the Navigation Pane section for additional information.

l Configuration Pane – Displays configured settings for the currently selected criteria in the Nav- igation Pane. See the Configuration Pane section for additional information.

Navigation Pane The Navigation Pane lists all user-created and pre-configured Sensitive Data criteria.

Doc_ID 652 4

The options in the Navigation Pane are:

l Add Criteria [1] – Adds a new criteria under the User Criteria list

l Remove Criteria [2] – Removes a user-created criteria from the User Criteria list

l User Criteria – Lists all user-created criteria

l System Criteria – Lists all pre-configured criteria. For a list of pre-configured System Criteria, see the Sensitive Data System Criteria section for additional information.

l System Criteria cannot be modified or removed. To use existing System Criteria configurations in a User Criteria, right-click on a System Criteria and select Duplicate from the right-click menu. A configurable copy of the System Criteria appears under User Criteria.

Configuration Pane Use the Configuration Pane to view sub-criteria information for System Criteria and to view, add, edit, and remove sub-criteria information for User Criteria.

Doc_ID 652 5

The information in the Configuration Pane changes based on the criteria currently selected in the Navigation Pane.

Doc_ID 652 6

The options at the top of the Configuration Pane are:

NOTE: Configuration settings for System Criteria cannot be modified.

l Navigation Path [1] – Displays information on current location within the Sensitive Data Criteria Editor

l Name [2] – Name of the criteria as it is shown in the Navigation Pane

l Test Criteria Button [3] – Opens the Criteria Tester window to test current criteria configurations. See the Criteria Tester Window section for additional information.

l Confidence Level [4] – Displays the current confidence level which indicates to users how accurate a match is for a criteria

l The Confidence Level is reported on a scale from 0 - 100. The closer the number is to 100, the more accurate a match is for a criteria.

l Risk Score [5] – Displays the general level of risk a criteria represents when found in a file that is not properly secured

l The Risk Score can be set to Low, Medium, or High.

l Click the Risk Score button to change the Risk Score for user-configured criteria.

l Required matched criteria list [6] – Lists sub-criteria configured for currently selected top-level criteria in the Navigation Pane. The columns in the table are:

l Name – Name of the sub-criteria

l Type – Type of sub-criteria: Keywords, Regex, or Summary

l Content – Values associated with sub-criteria

l Minimum Matches – Minimum number of match hits required for a sub-criteria match hit

l Match Type – Displays whether the sub-criteria Must Match or Must Not Match

Doc_ID 652 7

The options at the bottom of the Configuration Pane are:

NOTE: Configuration settings for System Criteria cannot be modified.

l Add – Add a sub-criteria to the required matched criteria list. The three types of sub-criteria that can be added are Keyword, Regular Expression (Pattern), and Summary. See the Add Sub- Criteria section for additional information.

l Remove – Remove sub-criteria from the Required matched sub-criteria list

l Edit – Edit the currently selected sub-criteria

l Must match at least this many criteria – Adjust the slider to configure how many sub-criteria must be matched for the sensitive data criteria to be reported

l The minimum value is 1

l The maximum value is the number of sensitive data sub-criteria that has been added to the required matched criteria list CAUTION: The character distance feature does not account for summaries that are nested within other summaries

l Matches should be within this proximity of characters – Match hits for this criteria should be within this many characters of one another in order for there to be a match. Adjust the slider to set the default character distance required for match hits.

l The minimum value is 0

l The maximum value is 200

Doc_ID 652 8

l Using this feature requires any combination of two or more Regular Expression (Pattern) and Keyword sub-criteria

l Include keywords as part of match hits – Check this box to enable the inclusion of keywords as part of match hits

l Metadata for this criteria – Click the green (+) button to add a new metadata type for the criteria. Delete a metadata type by clicking the X in the gray metadata tag button.

l For a list of available out-of-the-box metadata tags, see the Default Metadata Tag Values section for additional information.

l Cancel – Exit the Sensitive Data Criteria Editor without saving changes

l Save – Save changes made to the current criteria

Criteria Tester Window Use the Criteria Tester window to test current criteria configurations.

Doc_ID 652 9

The options in the Criteria Tester are:

l Use the following sample text – Enter sample text to test against current configured criteria in the Use the following sample text textbox

l Use the following file – Click Browse to import a file as sample text to test against currently configured criteria

l Test Data – Click Test Data to test the sample text against currently configured criteria. Match hits will appear in the Test Results section.

l Test Results – Displays match hits for the sample text typed into the text box. The two tabs under Test Results are:

l Criteria – Displays the specific criteria for which the sample text is considered a match

l Matched Data – Displays the sample text that was matched for the configured criteria

Add Sub-Criteria There are three types of sub-criteria that can be added to a top-level criteria in the Sensitive Data Criteria Editor. The following sections summarize configuration option for each sub-criteria. Regular Expression (Pattern) Criteria

Regular Expression criteria are a set of pattern matching rules that provide a concise and flex- ible means for matching strings of text. This criteria type can be used to verify a series of numbers as potentially valid, e.g. credit card numbers.

Doc_ID 652 10

The options on the Regular Expression window are:

l Name – Name of the Regular Expression sub-criteria as it appears in the Configuration Window

l Expression – Enter the Regular Expression in the Expression text box

l Case Sensitive Expression – Check the box for Case Sensitive Regular Expression pattern matching

l Validation – Select a validation method from the Validation drop-down. The default value is No validation required.

l Sample Value – Text entered into the Sample Value text box will be used to test pattern matches for the expression in the Expression text box

Doc_ID 652 11

l Test Match – Click the Test Match button to test the expression entered in the Expression text box against the text in the Sample Value text box

l Match Type – Choose whether pattern matches for the Regular Expression criteria Must Match or Must Not Match

l Must Match – The Regular Expression must be matched for there to be a match

l Must Not Match – If the Regular Expression is matched and is designated Must Not Match, then the potential match is invalidated

l Apply this expression to these file components – Select which file components the expression will apply to:

l Name

l Contents

l Metadata

l Look for at least this many occurrences – Adjust the slider to configure how many occurrences are required for a match hit

l The minimum value is 1

l The maximum value is 10

Keyword Criteria

Keywords criteria consist of a list of comma-separated words. If any word in the list is found in the file, it is considered a hit.

Doc_ID 652 12

The configurations on the Keywords window are:

l Name – Name of the keyword sub-criteria as it appears in the Configuration Window

l Add Keyword – Add a keyword to the Value list

l Remove Keyword – Remove a selected keyword from the Value list

l Import Keyword File – Import keyword(s) from a file

l Export Keyword File – Export keyword(s) as a file

l Match Type – Choose whether keyword matches for the Keyword criteria Must Match or Must Not Match

l Case Sensitive Keywords – If enabled, checks letter case when matching Keywords

Doc_ID 652 13

l Count only distinct occurrences – Check the box to enable only distinct occurrences to be counted during scan jobs

l Apply these keywords to these file components – Select which file components the keyword(s) will apply to:

l Name

l Contents

l Metadata

l Look for at least this many occurrences – Adjust the slider to configure how many occurrences are required for keyword criteria to match

l The minimum value is 1

l The maximum value is 10

Summary Criteria

Summary criteria are designed as a way of combining Regular Expression Criteria and Key- words Criteria.

Click Add and select Summary to add a new Summary criteria to the Required matched criteria list. Select the new criteria and click Edit to configure the new Summary Criteria.

Doc_ID 652 14

The options on the Configuration Pane > Summary Criteria Configuration are:

l Name – Name of the Summary sub-criteria

l Test Criteria – Opens the Criteria Tester window to test current Summary criteria configurations

l Required matched criteria – Lists sub-criteria configured for currently selected criteria in the Navigation Pane. The columns in the table are:

l Name – Name of the sub-criteria

l Type – Type of sub-criteria (Keyword, Regex, or Summary)

l Content – Values associated with sub-criteria

Doc_ID 652 15

l Minimum Matches – Minimum matches required for a match hit

l Match Type – Displays whether the sub-criteria Must Match or Must Not Match

l Add – Add a sub-criteria to the required matched criteria list. The three types of sub-criteria that can be added are Keyword, Regular Expression (Pattern), and Summary.

l Remove – Remove a sub-criteria from the Required matched sub-criteria list

l Edit – Edit the currently selected sub-criteria

l Match Type – Choose whether match hits for the Summary criteria Must Match or Must Not Match

l Must match at least this many criteria – Adjust the slider to configure how many sub-criteria must be matched for the top-level criteria to be considered a match

l The minimum value is 1

l The maximum value is the number of sensitive data sub-criteria that has been added to the Required matched criteria list CAUTION: The character distance feature does not account for summaries that are nested within other summaries

l Matches should be within this proximity of match hits – Adjust the slider to set the default character distance required for match hits.

l The minimum value is 0

l The maximum value is 200

l Using this feature requires any combination of two or more Regular Expression (Pat- tern) and Keyword sub-criteria

l Include keywords as part of match hits – Check this box to enable the inclusion of keywords as part of match hits

l Cancel – Exit the Sensitive Data Criteria Editor without saving changes

l Save – Save changes made to the current selected criteria

Doc_ID 652 16

Criteria Metadata Category Validation

ABA Routing Number U.S., Financial Data Financial ✓ Data

Austrian IBAN Austria, Financial Data, GDPR, IBAN ✓ IBAN

Austrian National ID Austria, GDPR, National ID, PII National ID

Austrian SSN Austria, GDPR, National ID, PII National ID

Authorized Keys Credentials Credentials

AWS Connection Strings Credentials Credentials

Belgian IBAN Belgium, Financial Data, GDPR, IBAN ✓ IBAN

Belgian National ID Belgium, GDPR, National ID, PII National ID

Belgian SSN Belgium, GDPR, National ID, PII National ID

Bulgarian IBAN Bulgaria, Financial Data, GDPR, IBAN ✓ IBAN

Bulgarian National ID Bulgaria, GDPR, National ID, PII National ID

Canada SIN Canada, National ID, PII National ID ✓

CPT Codes U.S., HIPAA, Medical Medical

Credit Cards Financial Data, PCI Financial ✓ Data

Credit Card Magnetic Stripe Financial Data, PCI Financial Data

Doc_ID 652 17

Criteria Metadata Category Validation

Croatian IBAN Croatia, Financial Data, GDPR, IBAN ✓ IBAN

CUSIP Number U.S., Financial Data, SOX Financial ✓ Data

Cypriot IBAN Cyprus, Financial Data, GDPR, IBAN ✓ IBAN, PII

Czech Birth Number Czech Republic, GDPR, National National ID ID, PII

Czech IBAN Czech Republic, Financial Data, IBAN ✓ GDPR, IBAN, PII

Czech National ID Czech Republic, GDPR, National National ID ID, PII

Czech Passport Czech Republic, GDPR, Passport, Passport PII

Danish IBAN Denmark, Financial Data, GDPR, IBAN ✓ IBAN, PII

Danish National ID Denmark, GDPR, National ID, PII National ID

DEA Registration Number U.S., Medical Medical ✓

DSA Private Key Credentials Credentials

DSA Private Key (Encrypted) Credentials Credentials

EC Private Key Credentials Credentials

EC Private Key (Encrypted) Credentials Credentials

Employer Identification Num- U.S., Financial Data Financial ber (EIN) Data

Estonian IBAN Estonia, Financial Data, GDPR, IBAN ✓

Doc_ID 652 18

Criteria Metadata Category Validation

IBAN

Estonian National ID Estonia, GDPR, National ID, PII National ID

Financial Documents Financial Data, SOX, U.S. Financial Data

Finnish IBAN Finland, Financial Data, GDPR, IBAN ✓ IBAN

Finnish Personal ID Finland, GDPR, National ID, PII National ID

French Drivers License France, Driver's License, GDPR, PII Driver's License

French IBAN France, Financial Data, GDPR, IBAN ✓ IBAN

French INSEE (SSN) France, GDPR, National ID, PII National ID

French National ID France, GDPR, National ID, PII National ID

French Passport France, GDPR, Passport, PII Passport

French Tax ID France, GDPR, National ID, PII National ID ✓

French VAT France, Financial Data, GDPR, VAT Financial Data

Generic Certificate Credentials Credentials

Generic Private Key Credentials Credentials

Generic Public Key Credentials Credentials

German Driver's License Germany, Driver's License, GDPR, Driver's PII License

German IBAN Germany, Financial Data, GDPR, IBAN ✓ IBAN

Doc_ID 652 19

Criteria Metadata Category Validation

German National ID Germany, GDPR, National ID, PII National ID

German Passport Germany, GDPR, Passport, PII Passport

German SSN Germany, GDPR, National ID, PII National ID

German Tax ID Germany, GDPR, National ID, PII National ID ✓

German VAT Germany, Financial Data, GDPR, Financial VAT Data

Google Cloud Keys & Con- Credentials Credentials nection Strings

Greek IBAN Greece, Financial Data, GDPR, IBAN ✓ IBAN

Greek National ID Greece, GDPR, National ID, PII National ID

HCPCS Codes U.S., HIPAA, Medical Medical

Hungarian IBAN Hungary, Financial Data, GDPR, IBAN ✓ IBAN

Hungarian National ID Hungary, GDPR, National ID, PII National ID

Hungarian Personal ID Hungary, GDPR, National ID, PII National ID

Hungarian SIN Hungary, GDPR, National ID, PII National ID

ICD-10 Insurance Codes U.S., HIPAA, Medical Medical

IPv4 Address Networking Networking

IPv6 Address Networking Networking

Irish IBAN Ireland, Financial Data, GDPR, IBAN ✓ IBAN

Irish National ID Ireland, GDPR, National ID, PII National ID

Doc_ID 652 20

Criteria Metadata Category Validation

Italian IBAN Italy, Financial Data, GDPR, IBAN IBAN ✓

Italian SSN Italy, GDPR, National ID, PII National ID

ITAR Foreign Nationals U.S., ITAR ITAR

ITAR Restricted Munitions U.S., ITAR ITAR

ITIN Number U.S., National ID, PII National ID

Kerberos Tickets Credentials Credentials

Latvian IBAN Latvia, Financial Data, GDPR, IBAN IBAN ✓

Latvian Personal ID Latvia, GDPR, National ID, PII National ID ✓

Legal Documents U.S., Legal Documents Legal Docu- ments

Lithuanian IBAN Lithuania, Financial Data, GDPR, IBAN ✓ IBAN

Lithuanian Personal ID Lithuania, GDPR, National ID, PII National ID

Luxembourgian IBAN Luxembourg, Financial Data, IBAN ✓ GDPR, IBAN

Maltan IBAN Malta, Financial Data, GDPR, IBAN IBAN ✓

Medical Diagnoses U.S., HIPAA, Medical Medical

Medicare Beneficiary Iden- U.S., HIPAA, Medical Medical tifier (MBI)

Microsoft Azure Connection Credentials Credentials Strings

National Drug Code U.S., Medical Medical

National Provider Identifier U.S., Medical Medical ✓

Doc_ID 652 21

Criteria Metadata Category Validation

(NPI)

Netherland IBAN Netherlands, Financial Data, IBAN ✓ GDPR, IBAN

Netherland Personal ID Netherlands, GDPR, National ID, National ID PII

Norwegian Personal ID Norway, GDPR, National ID, PII National ID

P7B/PKCS#7 Certificate Credentials Credentials

Passport Application - Canada, Passport, PII Passport Canada

Passport Application - USA U.S., Passport, PII Passport

Passwords Credentials Credentials

PGP Key Block Credentials Credentials

Pharmaceuticals and Sup- Medical Medical plements

Polish IBAN Poland, Financial Data, GDPR, IBAN ✓ IBAN

Polish SSN Poland, GDPR, National ID, PII National ID ✓

Polish Tax ID Poland, GDPR, National ID, PII National ID ✓

Portuguese IBAN Portugal, Financial Data, GDPR, IBAN ✓ IBAN

Romanian IBAN Romania, Financial Data, GDPR, IBAN ✓ IBAN

Romanian Personal ID Romania, GDPR, National ID, PII National ID ✓

RSA Private Key Credentials Credentials

Doc_ID 652 22

Criteria Metadata Category Validation

RSA Private Key (Encrypted) Credentials Credentials

Slack Token Credentials Credentials

Slovak IBAN Slovakia, Financial Data, GDPR, IBAN ✓ IBAN

Slovak Passport Slovakia, GDPR, Passport, PII Passport

Slovenian IBAN Slovenia, Financial Data, GDPR, IBAN ✓ IBAN

Spain Driver's License Spain, Driver's License, GDPR, PII Driver's License

Spain IBAN Spain, Financial Data, GDPR, IBAN IBAN ✓

Spain National ID Spain, GDPR, National ID, PII National ID

Spain Passport Spain, GDPR, Passport, PII Passport

Spain SSN Spain, GDPR, National ID, PII National ID

Spain Tax ID Spain, GDPR, National ID, PII National ID ✓

Spain VAT Spain, Financial Data, GDPR, VAT Financial Data

Swedish IBAN Sweden, Financial Data, GDPR, IBAN ✓ IBAN

Swedish Personal ID Sweden, GDPR, National ID, PII National ID ✓

SWIFT/BIC Financial Data Financial Data

Swiss SSN Switzerland, National ID, PII National ID

UK Drivers License U.K., Driver's License, GDPR, PII Driver's License

Doc_ID 652 23

Criteria Metadata Category Validation

UK IBAN U.K., Financial Data, GDPR, IBAN IBAN ✓

UK NHS U.K., GDPR, Medical, PII Medical ✓

UK NINO U.K., GDPR, National ID, PII National ID

UK Passport U.K., GDPR, Passport, PII Passport

UNIX etc/passwd Credentials Credentials

US Address U.S., Address Address

US Drivers License U.S., Driver's License, PII Driver's License

US SSN U.S., National ID, PII National ID ✓

US Tax Forms U.S., Financial Data Financial Data

Doc_ID 652 24

Copyright 2020 STEALTHBITS TECHNOLOGIES, INC. ALL RIGHTS RESERVED StealthAUDIT® Default Metadata Tag Values Sensitive Data Criteria can be tagged with one or more metadata tags to describe the criteria. The following is a list of default metadata tag values:

Tag Name Value Description

Address Physical location of an individual or an organization.

Country Data related to a single, specific country, tagged by country name. This (By Name) may include items such as National ID, Driver's License, or bank account number (ex. IBAN). Current list of tagged countries for StealthAUDIT v11.0: Austria, Belgium, Bulgaria, Canada, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzer- land, U.K., U.S.

Credentials Data that can authenticate a user when logging into an account, service, computer, or other software.

Driver's A government document permitting a person to drive a motor vehicle. License

Financial Data related to financial and monetary information, for example: IBANs, Credit Data Cards, and Tax Forms.

GDPR The General Data Protection Regulation: A regulation in EU law on data protection and privacy in the European Union and the European Economic Area. Also addresses the transfer of personal data outside the EU and EEA areas.

HIPAA Health Insurance Portability and Accountability Act: A U.S. federal statute that modernizes the flow of healthcare information and stipulates how personally identifiable information maintained by the healthcare and healthcare insurance indus- tries should be protected from fraud and theft.

IBAN International Bank Account Number: A standard international numbering system developed to identify an overseas bank account.

ITAR International Traffic in Arms Regulations: U.S. regulations to restrict and control

Doc_ID 652 25

Tag Name Value Description

the export of defense and military related technologies to safeguard U.S. national security and further U.S. foreign policy objectives.

Legal Docu- A document that states some contractual relationship or grants some legal right. ments

Medical Relating to the science of medicine, or to the treatment of illness and injuries. This can include conditions and diagnoses.

National ID An official government-issued document that identifies a specific individual with relation to the issuing nation.

Networking Related to computer networking, for example, an IP address.

Passport An official document issued by a government, certifying the holder's identity and citizenship and entitling them to travel under its protection to and from foreign countries.

PCI Payment Card Industry compliance: Refers to the technical and operational stand- ards that businesses follow to secure and protect credit card data provided by cardholders and transmitted through card processing transactions.

PII Personally Identifiable Information: Data that can identify a specific individual, for example, Social Security Number, mailing address, phone number, etc.

SOX The Sarbanes–Oxley Act: A United States federal law that set new or expanded requirements for all U.S. public company boards, management, and public accounting firms.

VAT Value-Added Tax: A tax on the amount by which the value of an article has been increased at each stage of its production or distribution.

Doc_ID 652 26

Copyright 2020 STEALTHBITS TECHNOLOGIES, INC. ALL RIGHTS RESERVED StealthAUDIT® Supported Formats for Scanning & Metadata This section provides a comprehensive listing of all formats supported by the Sensitive Data Dis- covery Add-On. The list is divided into three major categories:

l Scan-able Formats

l Metadata Only Formats

l Scans Against Files with no Extensions

Scan-able Formats The Sensitive Data Discovery Add-On can identify any file type, extract text, and extract metadata from the following formats. It will also identify file types and extract metadata of any attachments. If the attachment’s file type is a scan-able format, then it can extract text from the attachment as well.

The following file formats are supported as scan-able formats: