Enterprise Recon 2.6.1

Examples

This section provides examples of SQL statements that can be used to query Enterprise Recon data via the ODBC Reporting feature.

Examples:

  1. Retrieve Current State of Sensitive Data Matches
  2. Download Scan Summary Reports by Scan Schedule Label
  3. Download Captured Match Samples Across Scans for Specific Target
  4. Metadata Information for Sensitive Data Locations
  5. Sensitive Data Locations by File Format

Retrieve Current State of Sensitive Data Matches

Retrieve the current count of sensitive data matches by data type, Target Location, Target and Group.

Required data tables:

Sample SQL statement:

SELECT F.LABEL as `GROUP`, B.LABEL AS `TARGET`, E.LOCATION as `LOCATION`, C.LABEL as `MATCHSEVERITY`, D.LABEL as `DATATYPE`, A.QUANTITY as `MATCHCOUNT` FROM DATA_LOCATION_MATCH A, DATA_TARGET B, DATA_MATCH_SEVERITY C, DATA_MATCH_TYPES D, DATA_LOCATION E, DATA_GROUP F WHERE F.GUID = B.GUID AND A.TUID = B.TUID and A.CUID = D.CUID and A.SEVID = C.SEVID and A.LOCID = E.LOCID and A.TUID = E.TUID

Sample data:

GROUP TARGET LOCATION MATCHSEVERITY DATATYPE MATCHCOUNT
CLOUD AWSS3:AMAZON_S3_USERA Amazon S3 Bucket bucket1 Folder Folder1/My-File.pdf->(pdf) Match Personal Names (English) 10
CLOUD AWSS3:AMAZON_S3_USERA Amazon S3 Bucket bucket1 Folder Folder1/My-File.pdf->(pdf) Test Test Data 2
SERVER UBUNTU-SERVER MariaDB Server employee-db:3308 Catalog employee-info Match SWIFT Code 3
SERVER UBUNTU-SERVER MariaDB Server employee-db:3308 Catalog employee-info Match Email addresses 27
CLIENT WINDOWS-MACHINE File path D:\Sample-Data\Data.txt Prohibited Track 2 2
CLIENT WINDOWS-MACHINE File path D:\Sample-Data\Data.txt Prohibited Visa 1

Download Scan Summary Reports by Scan Schedule Label

Download the summary reports for a specific Target according to the scan schedule label. Information available in this scan summary report includes the number of matches per data type enabled for the scan, the number of scanned locations, scan root path, and more.

Required data tables:

Sample SQL statement:

SELECT A.LABEL as `TARGET`, B.REPORTID as `REPORTID`, C.LABEL as `DATATYPE`, B.LABEL as `SCANLABEL`, B.ROOT as `ROOT`, B.START as `START`, B.END as `END`, B.FAILED as `FAILED`, B.STOPPED as `STOPPED`, B.LOCATIONS as `LOCATIONS`, B.BYTES as `BYTES`, B.INACCESSIBLE as `INACCESSIBLE`, B.MATCHES as `MATCHCOUNT`, B.SAMPLES as `SAMPLECOUNT` FROM DATA_TARGET A, SCANREPORT_SUMMARY B, DATA_MATCH_TYPES C WHERE B.LABEL LIKE '%16JUL%' AND B.TUID = 8283249956251157105 AND A.TUID = B.TUID AND B.CUID = C.CUID

Sample data:

TARGET REPORTID DATATYPE SCANLABEL ROOT START END FAILED STOPPED LOCATIONS BYTES INACCESSIBLE MATCHCOUNT SAMPLECOUNT
WINDOWS-MACHINE 1594381354 Personal Names (English) WINDOWS-MACHINE File path D:\a-PDPA JUL10-1942 File path D:\a-PDPA 10/7/2020 7:42:55 PM 10/7/2020 7:42:56 PM 0 0 17 1498179 1 2 2
WINDOWS-MACHINE 1594381354 Passport Number WINDOWS-MACHINE File path D:\a-PDPA JUL10-1942 File path D:\a-PDPA 10/7/2020 7:42:55 PM 10/7/2020 7:42:56 PM 0 0 17 1498179 1 0 0
WINDOWS-MACHINE 1594382215 Login credentials WINDOWS-MACHINE File path D:\My-Data\All JUL10-1956 File path D:\My-Data\All 10/7/2020 7:57:16 PM 10/7/2020 7:57:18 PM 0 0 54 14033628 1 198 198
WINDOWS-MACHINE 1594382215 American Express WINDOWS-MACHINE File path D:\My-Data\All JUL10-1956 File path D:\My-Data\All 10/7/2020 7:57:16 PM 10/7/2020 7:57:18 PM 0 0 54 14033628 1 22 22
WINDOWS-MACHINE 1594382215 Visa WINDOWS-MACHINE File path D:\My-Data\All JUL10-1956 File path D:\My-Data\All 10/7/2020 7:57:16 PM 10/7/2020 7:57:18 PM 0 0 54 14033628 1 14 14

Download Captured Match Samples Across Scans for Specific Target

Download the first 1000 match samples captured across all scans for a specific Target. Match samples are available by data type per location, per scan.

Required data tables:

Sample SQL statement:

SELECT DATA_GROUP.LABEL as `GROUP`, DATA_TARGET.LABEL as `TARGET`, SCANREPORT_SAMPLE.REPORTID as `SCAN_REPORTID`, SCANREPORT_SAMPLE.START as `SCAN_START`, SCANREPORT_SAMPLE.END as `SCAN_END`, SCANREPORT_SAMPLE.LOCATION as `LOCATION`, DATA_MATCH_TYPES.LABEL as `DATA_TYPE`, SCANREPORT_SAMPLE.SAMPLE as `MATCH_SAMPLE` FROM DATA_GROUP, DATA_TARGET, DATA_MATCH_TYPES, SCANREPORT_SAMPLE WHERE SCANREPORT_SAMPLE.TUID = 8283249956251157105 AND SCANREPORT_SAMPLE.LOCATION LIKE ‘MariaDB Server%’ AND DATA_GROUP.GUID = DATA_TARGET.GUID AND DATA_TARGET.TUID = SCANREPORT_SAMPLE.TUID AND DATA_MATCH_TYPES.CUID = SCANREPORT_SAMPLE.CUID LIMIT 1000

Sample data:

GROUP TARGET SCAN_REPORTID SCAN_START SCAN_END LOCATION DATA_TYPE MATCH_SAMPLE
CLIENT WINDOWS-MACHINE 1595219201 20/7/2020 12:25:32 PM 20/7/2020 12:25:33 PM MariaDB Server GL-CPU-10:3308 Catalog employee-db Table employee-info American Express 374394#####5102
CLIENT WINDOWS-MACHINE 1595219201 20/7/2020 12:25:32 PM 20/7/2020 12:25:33 PM MariaDB Server GL-CPU-10:3308 Catalog employee-db Table employee-info International Bank Account Number (IBAN) ABCD EFGH 1234 5678 IJKL MNOP 901
CLIENT WINDOWS-MACHINE 1595219201 20/7/2020 12:25:32 PM 20/7/2020 12:25:33 PM MariaDB Server GL-CPU-10:3308 Catalog employee-db Table employee-info Email addresses userA@example.com
CLIENT WINDOWS-MACHINE 1595219201 20/7/2020 12:25:32 PM 20/7/2020 12:25:33 PM MariaDB Server GL-CPU-10:3308 Catalog employee-db Table employee-info United States Social Security Number (robust) 123-45-6789
CLIENT WINDOWS-MACHINE 1595219201 20/7/2020 12:25:32 PM 20/7/2020 12:25:33 PM MariaDB Server GL-CPU-10:3308 Catalog employee-db Table employee-info Personal Names (English) Sherlock Holmes

Metadata Information for Sensitive Data Locations

Get an overview of metadata types for sensitive data locations for a specific Target.

Required data tables:

Sample SQL statement:

SELECT LM.TUID as `TARGETUID`, T.LABEL as `TARGET`, LM.LOCID as `LOCATIONID`, LOC.LOCATION as `LOCATION`, LM.METAID as `METAID`, M.LABEL as `METALABEL` FROM DATA_LOCATION_META LM INNER JOIN DATA_META M ON LM.METAID = M.METAID INNER JOIN DATA_LOCATION LOC ON LOC.TUID = LM.TUID INNER JOIN DATA_TARGET T ON T.TUID = LM.TUID WHERE LM.TUID = 8283249956251157105

Sample data:

TARGETUID TARGET LOCATIONID LOCATION METAID METALABEL
8283249956251157105 WINDOWS-MACHINE 54600 MariaDB Server :3308 Catalog employee-db Table employee-info 38 Permission Full
8283249956251157105 WINDOWS-MACHINE 54600 MariaDB Server :3308 Catalog employee-db Table employee-info 39 Permission Modify
8283249956251157105 WINDOWS-MACHINE 54600 MariaDB Server :3308 Catalog employee-db Table employee-info 40 Permission Execute
8283249956251157105 WINDOWS-MACHINE 54601 MariaDB Server :3308 Catalog employee-db Table employee-info 19 File Owner
8283249956251157105 WINDOWS-MACHINE 54602 MariaDB Server :3308 Catalog employee-db Table employee-info 10 Document Created

Sensitive Data Locations by File Format

Get an overview of the common file formats or content types where sensitive data was found for a specific Target.

Required data tables:

Sample SQL statement:

SELECT LC.TUID as `TARGETUID`, T.LABEL as `TARGET`, LC.LOCID as `LOCATIONID`, LOC.LOCATION as `LOCATION`, LC.CTID as `CONTENTID`, C.LABEL as `CONTENTTYPE` FROM DATA_LOCATION_CONTENT_TYPE LC INNER JOIN DATA_CONTENT_TYPES C ON LC.CTID = C.CTID INNER JOIN DATA_LOCATION LOC ON LOC.TUID = LC.TUID INNER JOIN DATA_TARGET T ON T.TUID = LC.TUID WHERE LC.TUID = 8283249956251157105

Sample data:

TARGETUID TARGET LOCATIONID LOCATION CONTENTID CONTENTTYPE
8283249956251157105 WINDOWS-MACHINE 54599 MariaDB Server :3308 Catalog employee-db Table employee-info 66 ZIP Archive
8283249956251157105 WINDOWS-MACHINE 54600 MariaDB Server :3308 Catalog employee-db Table employee-info 1 7zip Archive
8283249956251157105 WINDOWS-MACHINE 54600 MariaDB Server :3308 Catalog employee-db Table employee-info 21 HTML/XML Document
8283249956251157105 WINDOWS-MACHINE 54601 MariaDB Server :3308 Catalog employee-db Table employee-info 44 Adobe Portable Document
8283249956251157105 WINDOWS-MACHINE 54602 MariaDB Server :3308 Catalog employee-db Table employee-info 66 ZIP Archive