/build/static/layout/Breadcrumb_cap_w.png

Scan local drives for POSSIBLE PII and report on it.

We are tasked to routinely scan local drives for PII.  Scanning the entire drive was putting a long load on the system just running that task. We decided to search the most common area where a user would download or place files containing PII in.  If they are positive in those areas we do a deeper scan.  We use a kscipt that runs as logged in user to gather the info and a CIR to capture it to the SMA.  Then have reports on the data gathered by the SMA.

Scan and gather the info with a script

9k=



this code looks for either "ssn" or "DOB" at beginning of words in the files.  You can use other or additional words by changing the search pattern (between the " ") https://ss64.com/nt/findstr.html

findstr /s /i /m "\<SSN\> \<DOB\>" %userprofile%\desktop\*.txt > c:\programdata\quest\kace\user\pii.txt
findstr /s /i /m "\<SSN\> \<DOB\>" %userprofile%\desktop\*.doc* >> c:\programdata\quest\kace\user\pii.txt
findstr /s /i /m "\<SSN\> \<DOB\>" %userprofile%\desktop\*.xls* >> c:\programdata\quest\kace\user\pii.txt
findstr /s /i /m "\<SSN\> \<DOB\>" %userprofile%\desktop\*.csv >> c:\programdata\quest\kace\user\pii.txt
findstr /s /i /m "\<SSN\> \<DOB\>" %userprofile%\desktop\*.accdb >> c:\programdata\quest\kace\user\pii.txt
findstr /s /i /m "\<SSN\> \<DOB\>" %userprofile%\downloads\*.txt >> c:\programdata\quest\kace\user\pii.txt
findstr /s /i /m "\<SSN\> \<DOB\>" %userprofile%\downloads\*.doc* >> c:\programdata\quest\kace\user\pii.txt
findstr /s /i /m "\<SSN\> \<DOB\>" %userprofile%\downloads\*.xls* >> c:\programdata\quest\kace\user\pii.txt
findstr /s /i /m "\<SSN\> \<DOB\>" %userprofile%\downloads\*.csv >> c:\programdata\quest\kace\user\pii.txt
findstr /s /i /m "\<SSN\> \<DOB\>" %userprofile%\downloads\*.accdb >> c:\programdata\quest\kace\user\pii.txt
findstr /s /i /m "\<SSN\> \<DOB\>" %userprofile%\documents\*.txt >> c:\programdata\quest\kace\user\pii.txt
findstr /s /i /m "\<SSN\> \<DOB\>" %userprofile%\documents\*.doc* >> c:\programdata\quest\kace\user\pii.txt
findstr /s /i /m "\<SSN\> \<DOB\>" %userprofile%\documents\*.xls* >> c:\programdata\quest\kace\user\pii.txt
findstr /s /i /m "\<SSN\> \<DOB\>" %userprofile%\documents\*.csv >> c:\programdata\quest\kace\user\pii.txt
findstr /s /i /m "\<SSN\> \<DOB\>" %userprofile%\documents\*.accdb >> c:\programdata\quest\kace\user\pii.txt


you then create a cir

ShellCommandTextReturn(cmd /c if exist C:\ProgramData\quest\KACE\user\pii.txt type C:\ProgramData\quest\KACE\user\pii.txt)

9k=


You can use the wizard or sql to create reports.  for wizard just check system info you want displayed and also include checking the CIR for that under the custom fields section.  my 2 basic filters are

9k=



Comments

This post is locked
 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ