Management Console Detailed Guide

Overview

What is GuardWare DISCOVER?

GuardWare DISCOVER is a data discovery and remediation system that helps organisations locate and safeguard sensitive information throughout their digital environment. The system scans your computers, file servers, email systems, and cloud storage to locate sensitive data such as credit card numbers, personal identification information, and any data deemed confidential.

What Can DISCOVER Do?

Find Sensitive Data: DISCOVER scans across multiple locations to identify where sensitive information is stored, including employee workstations, shared file servers, and Microsoft 365 services (Exchange, SharePoint).

Analyse and Classify: Once sensitive data is found, DISCOVER categorises the data based on predefined types (such as credit card data, social security numbers, or custom-defined sensitive information), assigns sensitivity levels to help prioritise which data needs immediate attention, and tracks who owns the data and where it's located.

Take Action: After identifying sensitive data, you can move the files containing the sensitive data to secure locations, encrypt data via GuardWare PROTECT, delete files from the found location, and notify relevant personnel when sensitive data is found in inappropriate places.

How DISCOVER Works

DISCOVER operates through two main components:

Management Console (Web Interface): This is the control centre where administrators log in through a web browser to configure the types of sensitive data to look for, select which devices and locations to scan, review scan results, generate reports, and take action on discovered sensitive files.

DISCOVER Agents: These are software applications installed on computers that carry out the scans and remediations. Agents connect to target devices (computers, servers, cloud services) to search for sensitive data, collect information about what they find and its location, and send the results back to the Management Console. Multiple agents can work simultaneously across your network to complete scans faster.

Scanning Methods

DISCOVER supports two approaches to scanning:

Agent-Based Scanning: The DISCOVER Agent software is installed directly on a device, and that device scans its own files locally. This method works well for individual workstations and provides fast, efficient scanning.

Agentless Scanning: An agent on one device connects remotely to other devices or services to scan them over the network. This approach is useful for servers, cloud services, and devices where you cannot install the agent software directly.

What Types of Data Can DISCOVER Find?

Predefined Data Types: DISCOVER comes with a built-in library that has data types for Payment Card Industry (PCI) data and Personally Identifiable Information (PII) data.

Custom Data Types: You can define your own sensitive data patterns for organisation-specific information like employee ID formats, internal project codes, proprietary document types, and confidential business terms or phrases.

File Format Support DISCOVER can scan standard documents (Word, Excel, PDF, text files), compressed archives (ZIP, RAR), image files using Optical Character Recognition (OCR) to extract text from images, and email messages alongside any attachments.

DISCOVER Management Console Login/Logout

The Management Console is accessed through a web browser and serves as the control point for all DISCOVER operations. All users must log in with secure credentials and two-factor authentication to access the console.

Understanding User Types

Before logging in, it's important to understand the types of user accounts in DISCOVER:

Super Admin: This is the elevated administrator account when DISCOVER is first set up for your organisation. The Super Admin has complete control over the system, including creating organisations, other user accounts, configuring system settings, managing data types and classifications, and overseeing all scanning and remediation activities. Organisations will receive one Super Admin credential during initial setup.

Organisation User: These are additional user accounts created by the Super Admin or other authorised users. Organisation users can perform operations such as running scans, reviewing results, investigating sensitive files, and performing remediation actions.

Login as Super Admin

Login as Organisation User

Login with Microsoft Account

When you log in as Super Admin for the first time, you'll complete a one-time setup process that includes changing your temporary password and configuring two-factor authentication.

1. Open your web browser and navigate to the DISCOVER Management Console. This URL will look similar to: https://domain_name/gwapp/login

1. Enter the Super Admin credentials created during the server installation process in their respective fields and click Log In.

2. Two-factor authentication adds an extra layer of security by requiring both your password and a time-based code from your mobile device. On your mobile device, download and install either Google Authenticator or Microsoft Authenticator from your device's app store. Open the authenticator app on your mobile device and tap the option to add a new account (usually a + button). Point your device's camera at the QR code displayed on the DISCOVER login screen. The authenticator app will automatically scan the code and add DISCOVER to your list of accounts. The app will now display a six-digit code that changes every 30 seconds. Enter the current six-digit code shown in your authenticator app into the Authentication field on the DISCOVER login screen and click the Authenticate button.

1. You'll now be prompted to change your temporary password to a permanent one. Enter a strong password that meets the following requirements: minimum eight characters in length, includes at least one uppercase letter, includes at least one lowercase letter, includes at least one number, and includes at least one special character (such as !, @, #, $, %, etc.).

1. In the login screen, re-enter the email and the newly set password and click Log In. You now have access to the DISCOVER Management Console.

Logging Out

Always log out when you finish working in the Management Console, especially on shared computers. Logging out properly ensures your session is terminated, and unauthorised users cannot access the system using your credentials.

To Log Out:

Look for the Power button (⏻) icon in the top-right corner of the Management Console interface and click it to log out safely. You'll be immediately logged out and returned to the login page.

Your session data will be cleared, and you'll need to log in again to access the Management Console.

ORGANISATION

The ORGANISATION section is where you configure fundamental system settings and manage user access to the DISCOVER Management Console. This section controls who can use the system, how the DISCOVER Agent software is configured for deployment, where sensitive files are stored during investigations, and how email notifications are sent.

What You Can Do in This Section

Manage Organisations: Super Admins can create multiple organisations within DISCOVER, each with its own users, data, and settings. This is useful for companies with separate business units or managed service providers supporting multiple clients.

Manage User Accounts: Add new users to the Management Console, edit user details and permissions, disable user access when needed, and reset passwords or authentication codes.

Configure Email Notifications: Set up your organisation's email server so that system notifications, alerts, and reports come from your domain.

Prepare the DISCOVER Agent: Configure the Agent installer (MSI file) with your organisation's settings before deploying it to devices across your network.

Set Up Secure Storage: Define a protected location where sensitive files will be stored when you investigate or remediate them, ensuring they're kept in a secure environment.

Integrate Cloud Services: Connect DISCOVER to Microsoft 365 services (Exchange Online, SharePoint, OneDrive) to enable scanning of cloud-based data.

Organisation Creation

An organisation in DISCOVER represents a distinct entity with its own users, data classifications, scan configurations, and results. If you're a Super Admin, you can create separate organisations to keep their data and operations completely isolated from each other.

When to Create Multiple Organisations

Create separate organisations when you need to maintain complete separation between business units (e.g., different subsidiaries or departments with independent data governance policies), manage multiple clients where each client's data must remain isolated, or operate in different geographical regions with distinct regulatory requirements.

To Create a New Organisation:

1. Navigate to ORGANISATION in the left-hand menu and click +Create New.

1. In the Name field, enter the organisation's name. This will be displayed throughout the Management Console and in reports.

2. In the Location field, enter the geographical location or primary office address. This helps identify the organisation, especially when managing multiple entities.

3. The Database Name field will automatically populate based on the organisation name you entered. This is the technical identifier used by the system and typically doesn't need to be changed.

4. Select the appropriate timezone from the drop-down menu. This is important because it determines when scheduled scans run and affects all timestamps in reports. Choose the timezone that matches where most of your users are located or where your business operations are centred.

5. Upload your organisation's logo for visual identification by clicking Choose file. Supported file formats are JPG, JPEG, and PNG. The logo will appear in the Management Console header.

6. In the URL field, you can enter your organisation's website address. In the Description field, you can add notes about the organisation, such as its purpose or the business unit it represents.

7. Click Create Organisation. The new organisation will be created with its own isolated database and settings.

Adding a User to an Organisation

Once you've created an organisation, you need to add users who will have access to its Management Console. Users must be explicitly added to each organisation they need to access.

To Add a User:

1. Navigate to ORGANISATION and select the organisation you want to add a user to (if you manage multiple organisations).

2. In the Name field, enter a unique username for the new user (can be changed later). This is what the user will be identified as.

3. In the Email field, enter the user's valid email address. This is what the user will enter when logging in, and also where the system notifications will be sent.

4. Click Create User.

The new user will receive an email containing their username, a one-time password for first login, and a link to the Management Console login page. The user can then follow the steps in the First-Time Login: Organisation User section to complete their account setup.

SMTP Configuration

SMTP (Simple Mail Transfer Protocol) is the technology used to send emails. By configuring SMTP, you tell DISCOVER to use your organisation's email server instead of GuardWare's default server when sending notifications, user invitations, password resets, scan reports, and security alerts.

Why Configure SMTP?

When SMTP is not configured, all emails from DISCOVER come from GuardWare's servers. While functional, this can be confusing for recipients and may be flagged as suspicious by email filters. By configuring your own SMTP server, emails come from your organisation's domain, improving trust, ensuring branding consistency, and preventing emails from being blocked by spam filters that don't recognise GuardWare's domain.

When to Configure SMTP?

Configure SMTP if your organisation requires that all system emails come from your domain for security or compliance reasons, your email security policies block emails from external domains, or you want to maintain brand consistency in all communications.

What You'll Need:

Before configuring SMTP, ensure you have the following information:

• SMTP server address (e.g., smtp.office365.com or mail.yourcompany.com.au).

• SMTP port number (commonly 25, 465, or 587, depending on security settings).

• Username and password for an email account authorised to send mail through your server.

• Whether your server requires STARTTLS encryption and authentication.

To Configure SMTP:

1. Navigate to ORGANISATION > SMTP Configuration.

2. In the SMTP Server field, enter your mail server's address (e.g., smtp.office365.com).

3. In the SMTP Port field, enter the port number your server uses. Common values are:

   1. Port 25 for unencrypted connections (rarely used).

   2. Port 465 for SSL/TLS-encrypted connections,

   3. Port 587 for STARTTLS-encrypted connections (most common).

4. In the SMTP Username field, enter the username of the email account that will send notifications.

5. In the SMTP Email field, enter the email address that will appear in the From field of notifications (e.g., [email protected]).

6. In the SMTP Password field, enter the password for the SMTP account.

7. If your email server requires STARTTLS encryption, toggle Enable STARTTLS to Yes. STARTTLS encrypts the connection between DISCOVER and your email server, protecting credentials and message content. Most modern email servers require this.

8. In Enable SMTP Authentication, select Yes if your server requires you to log in with a username and password before sending emails. Select No if your server allows sending without authentication.

9. In the Test Email Address field, enter an email address where you can receive a test message and click Save.

DISCOVER will attempt to send a test email using your configuration. Check the inbox of the test email address to confirm the message was received.

Confirm that your email server allows connections from DISCOVER's IP address (you may need to add it to an allowlist). Ensure STARTTLS is enabled if your server requires it, and also, check your spam/junk folder in case the test email was filtered.

Set Up Secure Location

When DISCOVER identifies sensitive files during scans, you may need to investigate them further or move them to a protected location. The Secure Location is a designated storage area where these files are safely copied or moved, ensuring they're protected from unauthorised access while you review or remediate them.

Why Set Up a Secure Location?

A Secure Location serves several purposes: centralising sensitive files in a controlled environment rather than leaving them scattered across devices, enabling investigation of files without leaving copies in insecure locations, supporting remediation actions like moving sensitive files away from unauthorised users, and maintaining a trail of which files were moved and when.

DISCOVER supports two configuration methods, depending on whether the system has discovered the target device or not.

New Secure Location Configuration

Use this option to set up a Secure Location on a device that has not yet been discovered by DISCOVER.

To Configure a New Secure Location:

1. Navigate to ORGANISATION > Set Up Secure Location.

2. In the Target Type field, select New.

3. In the Host Name field, enter the exact name of the target device. This must match the device's actual computer name or hostname (case-sensitive). To find a device's hostname on Windows: Right-click Start > System > look for Device name.

   
4. Choose how DISCOVER will connect to the device from the Select Protocol drop-down.

   1. WinRM (Windows Remote Management): Use this for remote Windows devices. This protocol allows DISCOVER to connect to Windows machines over the network using Microsoft's management protocol.

   2. SSH (Secure Shell): Use this for devices that do not use Microsoft Windows. This protocol provides secure remote access to Unix-based systems.

5. In the Username field, enter the username that has permission to access the target device. The format depends on the device type:

   1. For local accounts, enter just the username (e.g., administrator).

   2. For Azure AD (Entra ID) accounts, enter the full email address (e.g., [email protected]).

   3. For domain accounts, use the format DOMAIN\username (e.g., YOURCOMPANY\admin).

6. In the Password field, enter the password for this account.

7. In the Destination Folder field, enter the full path where files should be stored. For Windows: Use a format like C:\Secure Location or D:\Investigation Files.

8. Click Save to apply configurations.

DISCOVER will attempt to connect to the specified location using the credentials provided. If successful, you'll see a status of Active, indicating the Secure Location is ready to use. If the connection fails, verify that the hostname, credentials, and path are correct, the device is accessible from the DISCOVER Agent, and the account has appropriate permissions to access the destination folder.

Discovered Secure Location Configuration

Use this option to set up a Secure Location on a device that DISCOVER has already discovered through a previous scan or discovery job. This is the simpler option for devices already on your network and visible to DISCOVER.

When to Use This Option:

Choose Discovered Secure Location for devices already on your network that have been scanned previously, or any device that appears in DISCOVER's discovered devices list.

Discovered Secure Location Configuration

Use this feature to register a secure storage path on a previously discovered device, allowing sensitive files to be copied or moved for investigation or remediation. This is intended for devices already on the network, providing a convenient setup for standard endpoints.

To Configure a Discovered Secure Location:

1. Navigate to ORGANISATION > Set Up Secure Location.

2. In the Target Type field, select Discovered.

3. Click the device drop-down menu. You'll see a list of all devices that DISCOVER has previously discovered on your network. Select the device you want to use as the Secure Location. If you don't see the device you're looking for, it hasn't been discovered yet. You'll need to either run a discovery scan first (see Target Discovery section) or configure it as a New Secure Location.

4. In the destination path field, enter the full directory path where files should be stored (e.g., C:\Secure Location or D:\Investigation Files) and click Save.

DISCOVER will validate the path and confirm the location is accessible. Once verified, the Secure Location is ready to receive files from investigations and remediation actions.

Set Investigation Password

When you download files through DISCOVER's Investigate function for closer inspection, the system password-protects the files during download, ensuring only authorised users can access the sensitive files, even if the file is intercepted or stored in insecure locations.

The password is applied to each individual downloaded file. You can view or change the password at any time. Users performing investigations must know this password to extract files from the ZIP archive.

To Set an Investigation Password:

1. Navigate to ORGANISATION > Set Investigation Password.

2. You have two options:

   1. Manual Entry: Enter a strong password in the password field. The password must meet the following requirements: minimum eight characters in length, at least one uppercase letter, at least one lowercase letter, at least one number, and at least one special character (such as !, @, #, $, %, etc.).

   2. Automatic Generation: Click Generate to have DISCOVER create a strong, random password that meets all security requirements.

3. Click Set Password. The password is now active and will be applied to all future investigation file downloads.

4. If you have not set up Microsoft or Google Authenticator prior, you will be prompted to set up the authenticator for secure password configuration and viewing.

5. If you need to view the current Investigation Password (for example, to share it with authorised users), navigate to ORGANISATION > Set Investigation Password, enter your DISCOVER Management Console login credentials and the 6-digit authentication code, then click the View (👁) icon. The current password will be displayed.

To change the password, simply enter a new password or generate a new one automatically and click Set Password again.

Users

The Users feature is where you manage who can access the DISCOVER Management Console. From this section, you can create new user accounts, edit existing user details, disable users who no longer need access, and reset authentication credentials when users have login issues.

Proper user management ensures that only authorised personnel can run scans, view sensitive data results, and perform remediation actions.

Add New User

When you first log in as Super Admin, no other users exist in the system. You'll need to enrol users to enable them to access the Management Console and perform scanning and remediation tasks.

To Add a New User:

1. Navigate to ORGANISATION > Users and click the +Enroll New User button.

2. In the Email Address field, enter a valid email address, and in the Username field, enter the user's full name as it should appear in the Management Console.

3. Select how the new user will receive their initial password:

   1. Email: The system automatically sends the new user a one-time password and login link to the email address you entered. This is the recommended method as it's convenient and secure. The user receives everything they need to log in immediately.

   2. Manual: You manually set or generate the password and must communicate this password to the user securely through another secure channel. To use this method:

      1. Click the Key () icon to generate a random secure password.

      2. Manually enter a password that meets the security requirements.

4. Click Save to create the user account.

The new user receives their credentials and can access the Management Console following the First-Time Login: Organisation User process. On first login, they'll set up two-factor authentication and create their permanent password.

Additional User Management Functions

After creating users, you can perform several management tasks from the ORGANISATION > Users page.

Edit a User:

1. Navigate to ORGANISATION > Users. Locate the user in the list and click the Edit (🖉) icon next to their name.

2. In the pop-up window, you can update the Display Name field to change how the user's name appears in the system, or update the Email field if the user's email address has changed.

3. Click Update to save the changes.

Disable a User:

Disabling a user becomes necessary

• When an employee leaves the organisation or changes roles and no longer needs access to DISCOVER.

• When you need to temporarily suspend access due to security concerns.

• When inspecting access and removing unused accounts.

1. Navigate to ORGANISATION > Users. Locate the user you want to disable and click the Disable (⊘) icon.

2. A confirmation prompt will appear. Review the username to ensure you're disabling the correct account. Click Disable to confirm.

The user immediately loses access to the Management Console and cannot log in. Their existing scan results and activities remain in the system for recording purposes. You cannot disable your own account while logged in.

Reset OTP (One-Time Password Authentication):

The Reset OTP becomes necessary

• When the user has lost access to their authenticator app (e.g., lost or replaced their phone).

• When the user's authentication codes are not working.

• When the user has reported that their device may be compromised.

• When you need to force re-registration.

1. Navigate to ORGANISATION > Users and locate the user who needs their authentication reset. Click Reset OTP next to their name.

2. A confirmation prompt will appear. Click Reset to confirm.

The user's existing two-factor authentication is invalidated. The next time they log in, they'll be prompted to scan a new QR code with their authenticator app. This generates fresh authentication codes linked to their account.

Reset Password:

1. Navigate to ORGANISATION > Users and locate the user who needs a password reset. Click the Key (🗝) icon next to their name.

1. In the pop-up window, enter the new password in the password field. The password must meet security requirements (minimum eight characters with uppercase, lowercase, numbers, and special characters).

2. Re-enter the same password in the confirmation field and click Reset to save the new password.

The user's old password is immediately invalidated and cannot be used to log in. The user has to now log in with the new password you've set. The user is not automatically notified of the password change, and it needs to be communicated via secure channels, such as in person, phone call, or encrypted messaging.

Agent Configuration

The DISCOVER Agent is a software application that must be installed on devices within your network to perform scanning tasks. Before deploying Agents, you need to configure the Agent MSI (Microsoft Installer) file with your organisation's specific settings. After configuration, you'll download this MSI file and install it on target devices across your network. Each installed Agent can then connect to the Management Console and execute scanning tasks.

The Agent MSI must be configured with your organisation's information so that installed Agents know which Management Console to connect to, which location or business unit they belong to, and how to identify themselves within your DISCOVER environment.

Once configured, any device where you install the MSI automatically becomes an Agent with the correct settings.

To Configure the Agent MSI:

1. Navigate to ORGANISATION > Agent Configuration.

2. In the LOCATION field, enter the location identifier for this Agent deployment. This is typically:

3. A geographical location (e.g., "Sydney Office", "Melbourne Data Centre").

4. A business unit or department (e.g., "Finance", "HR").

5. A network segment identifier (e.g., "HQ Network", "Remote Sites").

6. Click Update.

DISCOVER generates a customised MSI installer file containing your organisation and location settings. The configured MSI is now ready for download in the RESOURCES section of the Management Console.

Now navigate to RESOURCES > Agent Download to download the configured MSI file. Deploy the MSI to target devices using your preferred method: manual installation on individual devices, deployment through Group Policy in Active Directory environments, or distribution through your organisation's software deployment tools.

Each time you update the location or organisation settings, you must download a fresh MSI file. Any previously downloaded MSI files will still contain the old settings. Agents installed before configuration changes will continue to function with their original settings. To apply new settings, you must reinstall using the updated MSI.

Integrations

The Integrations section allows you to connect DISCOVER to Microsoft 365 cloud services, enabling the system to scan Exchange Online (email), SharePoint Online, and other Microsoft 365 services for sensitive data.

When you integrate Microsoft 365, you're granting DISCOVER permission to access and scan content in your organisation's Exchange and SharePoint environments using Microsoft's Graph API. This is authenticated using OAuth 2.0, Microsoft's secure authorisation framework.

To Integrate Microsoft 365:

1. Navigate to ORGANISATION > Integrations.

2. Click Connect Microsoft 365. You'll be redirected to Microsoft's sign-in page.

3. On the Microsoft sign-in page, you'll see a list of accounts if you're already signed into Microsoft services in your browser. Select your Global Administrator account from the list. If your account isn't listed or you're not signed in, click Use another account.

1. Enter your Global Administrator email address and password. Click Next and sign in.

2. If your account is protected by multi-factor authentication (MFA), you'll need to approve the sign-in request. This might involve:

   1. Approving a notification in the Microsoft Authenticator app.

   2. Entering the code from your authenticator app.

   3. Responding to a text message or phone call, depending on your MFA settings.

1. After authenticating, you'll see a permissions consent screen listing what DISCOVER is requesting access to. Check the box labelled Consent on behalf of your organisation and click Accept.

1. You'll be redirected back to the DISCOVER Management Console. A confirmation message will appear stating “Microsoft 365 monitoring configured successfully.”

DATA GOVERNANCE

The DATA GOVERNANCE section is where you define and manage how DISCOVER identifies and classifies sensitive information. Here you can also manage what types of data the system looks for during scans, how that data is categorised and prioritised, and who receives notifications when sensitive information is discovered.

Proper data governance configuration is essential before running scans, as it determines what DISCOVER considers "sensitive" and how it responds when such data is found.

What You Can Do in This Section

Create Data Classifications: Organise data into categories with different sensitivity levels (e.g., Public, Internal, Confidential, Secret).

Assign Data Owners: Designate specific individuals who are responsible for particular types of sensitive data. When DISCOVER finds data they own, data owners automatically receive email alerts.

Create Custom Data Types: Create data type information to look for during scans. You can use built-in data types (credit cards, social security numbers, etc.) or create custom data types for organisation-specific sensitive information.

Create Data Subtypes: Refine data types with more specific patterns to reduce false positives and improve detection accuracy. For example, within "Phone Number," you might create subtypes for mobile vs. landline or separate formats by country.

When DISCOVER scans a file and detects sensitive content, it matches the content against data types and subtypes, assigns the appropriate sensitivity level based on the classification, and notifies the assigned data owner via email. If a file contains multiple data types with different sensitivity levels, DISCOVER automatically assigns the highest sensitivity level to that file.

Data Classification

Data Classifications allow you to group multiple data types under labels that represent different levels of sensitivity. This helps you quickly identify which files contain the most critical information and need immediate attention.

DISCOVER assigns a sensitivity level to each classification based on the order in which you create them. The first classification you create becomes Level 0 (least sensitive), the second becomes Level 1, the third becomes Level 2, and so on, up to Level 15 (most sensitive).

When DISCOVER scans a file and detects multiple data types, it automatically assigns the file to the classification with the highest sensitivity level among all detected data types.

For example, if a document contains both "Employee Email Addresses" (classified as Internal, Level 1) and "Credit Card Numbers" (classified as Confidential, Level 3), DISCOVER assigns the file to the Confidential classification because Level 3 is higher than Level 1.

Before creating manual classifications, plan your hierarchy from least sensitive to most sensitive.

Manual Data Classification

When you first log in to DISCOVER, no data classifications exist. You must create at least one classification before you can assign classifications to a data type or begin creating custom data types.

1. Navigate to DATA GOVERNANCE > Data Classification > +Add Classification.

2. Enter an appropriate and unique Classification Name.

3. Give a Description (optional).

1. Select a Color for each data classification for visual identification.

2. Click Save.

Sync Data Classification

If you have set up Integrations, you can sync the data classification from Microsoft Purview. Based on the classifications created there, the sensitive data will be synced according to Microsoft’s data classification standards.

Data Owner

A Data Owner is an individual within your organisation who is responsible for specific types of sensitive data. When DISCOVER detects data assigned to a particular owner during a scan, that person automatically receives an email alert notifying them of the discovery.

Why Assign Data Owners?

Data ownership ensures accountability by designating who is responsible for monitoring and protecting specific types of sensitive information and enables immediate notification so the right people are alerted when their data is found in unexpected locations.

Important distinction: the Data Owner is not necessarily the same as the file owner or device owner. For example, the HR Director might be the Data Owner for "Employee Social Security Numbers," even though various HR staff members might own the files containing this data on different devices.

Add Data Owner

Before you can assign data owners to data types, you must first create their profiles in DISCOVER.

Open image-20260107-051502.png

To Add a Data Owner:

1. Navigate to DATA GOVERNANCE > Data Owner and click +Create Data Owner.

2. In the Email field, enter the data owner's email address. This is where DISCOVER will send alerts when sensitive data is discovered. Ensure this email address is actively monitored.

3. In the Name field, enter the data owner's full name as it should appear in reports and notifications.

4. In the Description field (optional), add context about this person's role or responsibilities. For example: "HR Director - responsible for all employee personal information and payroll data."

5. In the Contact field (optional), enter a phone number where the data owner can be reached if needed.

Open image-20260107-051704.png

1. After entering the basic information, click +Assign Data Types.

2. A list of all available data types will appear. Select the data types this person should be responsible for by checking the boxes next to each one. You can assign multiple data types to a single data owner. You can also use the search box at the top of the list to quickly find specific data types if you wish.

Open image-20260107-051846.png

1. Click Save to assign the data types to the owner. The data owner is now active and will receive email notifications whenever their assigned data types are detected during scans.

If the datatype you are looking for is not in the list, you will need to create a custom data type and assign it to the related owner.

Managing Existing Data Owners

After creating data owners, you can modify their information, change their assigned data types, or remove them from the system.

Edit Data Owner:

1. Navigate to DATA GOVERNANCE > Data Owner. Locate the data owner you want to modify and click the Edit (🖉) icon.

2. Update any of the following fields as needed: Email address, Name, Description, or Contact Number.

3. To change which data types are assigned to this owner, click +Assign Data Type, select to assign or deselect to unassign data types from the list, and click Save.

4. Back on the data owner details page, click Save to apply all changes.

Assign Data Types:

1. Navigate to DATA GOVERNANCE > Data Owner. Locate the data owner and click the Assign (⊕︀**) icon**.

2. In the data types list, check the boxes next to additional data types you want to assign, or uncheck boxes to remove existing assignments.

3. Use the search box to quickly locate specific data types in long lists.

4. Click Save to apply the changes.

Reassign Data Types to a Different Owner:

Open image-20251031-093014.png

1. Navigate to DATA GOVERNANCE > Data Owner. Locate the data owner whose data types you want to reassign and click the Reassign (⇄) icon.

2. In the pop-up window, select the specific data types you want to move to a different owner by checking their boxes. You can also use the search box to quickly find specific data types if needed.

3. From the Select New Owner drop-down menu, choose the data owner who should take responsibility for the selected data types.

4. Click Save to complete the reassignment.

The selected data types are immediately moved to the new owner, and future alerts for those data types will go to the new owner's email address.

Delete Data Owner:

1. Navigate to DATA GOVERNANCE > Data Owner. Locate the data owner you want to remove and click the Trash (🗑) icon.

2. A confirmation prompt will appear. Click Delete to confirm.

Open image-20251031-091823.png

Before deleting a data owner, ensure all data types linked to this user are either unassigned or reassigned to a new owner. If you delete a data owner without reassigning their data types, those data types will have no owner and no one will receive notifications when they're discovered.

To check which data types are assigned to a data owner before deletion, click the Edit (🖉) icon and review the assigned data types list.

Data Type

Data Types define the specific kinds of sensitive information that DISCOVER searches for during scans. They are the core detection rules that determine what content is flagged as sensitive in your environment.

Understanding Data Types:

DISCOVER includes a built-in library of predefined data types covering common sensitive information categories such as Payment Card Industry (PCI) data (credit card numbers, CVV codes, cardholder names, transaction data) and Personally Identifiable Information (PII) (social security numbers, driver's licence numbers, passport numbers, names, email addresses, phone numbers, residential addresses).

You can use these predefined data types as-is, or create custom data types for information specific to your organisation, such as employee ID number formats, internal project code patterns, proprietary document naming conventions, or confidential business terminology.

Data Type Components:

Each data type consists of a Name and Description that identify what it detects, a Data Identifier that defines how DISCOVER recognises this type of content (sensitive words, regular expressions, or filename patterns), Context Parameters that control how much surrounding text is captured and how many matches to show, a Classification that determines the sensitivity level, assigned Data Owners who receive alerts, and optional Subtypes that refine the detection to reduce false positives.

Open image-20251121-073259.png

Add Data Type

If the predefined data types in DISCOVER's library don't cover the sensitive information unique to your organisation, you can create custom data types.

1. To create a custom data type, navigate to DATA GOVERNANCE > Data Type and click +Data Type.

2. In the Data Type Name field, enter a clear, descriptive name for this data type. For example: "Employee ID Numbers", "Project Code", "Confidential Contract Terms".

Open image-20260107-070338.png

1. In the Description field (optional), add details about what this data type represents and why it's sensitive. This helps other administrators understand the purpose of this data type.

2. The Data Identifier determines how DISCOVER recognises this type of sensitive content. Choose one of three methods from the drop-down menu:

Option 1: Sensitive Words

Use this method when sensitive content can be identified by the presence of specific words or phrases. This is useful for detecting proprietary terminology, confidential project names, or classification markings.

Configuration Options:

DISCOVER offers three conditions for how sensitive words must appear:

All Phrases Condition: Select this when ALL specified phrases must appear together in a document for it to be flagged as sensitive.

Open image-20251031-093933.png

Type each phrase in the input field and press Enter to add it to the list. Repeat for each phrase that must be present.

Example: A document is only considered sensitive if it contains ALL of these phrases: "Project Alpha", "Q4 2025", "Confidential Revenue".

At Least (n) Phrases Condition: Select this when a minimum number of phrases must be present for the content to be flagged.

Open image-20251031-093953.png

Enter each phrase and press Enter to add it. After adding all phrases, specify the minimum number that must appear. Example: Flag documents containing at least 3 of these 5 terms: "merger", "acquisition", "due diligence", "confidential", "NDA".

None of the Phrases Condition: Select this to specify phrases that must NOT appear. If any of these phrases are found, the content will NOT be considered sensitive (even if other conditions are met).

Open image-20251031-095012.png

Enter each exclusionary phrase and press Enter. Example: Don't flag documents as sensitive if they contain "public announcement" or "press release", even if they contain other sensitive terms.

Context Parameters for Sensitive Words:

Context Length: Defines how many words before and after the detected sensitive word should be captured in the results. This helps you review the surrounding text to determine if the detection is genuinely sensitive or a false positive.

Open image-20251031-095205.png

Select a number between 1 and 20 from the drop-down (typically, 3-6 words provide good context). Example: If Context Length is set to 3 and the sensitive phrase is "Employee ID 12345", the result might show: ... is assigned to Employee ID 12345 for the upcoming...

Number of Hits: Specifies how many occurrences of the sensitive word must be present before the document is flagged in results. This reduces noise from documents that only mention sensitive terms once in passing.

Open image-20251031-095803.png

Enter the number of times the sensitive content must appear (between 1 and 100). Example: If set to 5, clicking View Result will only show instances where the sensitive data appears 5 or more times in the document.

Option 2: Regular Expressions

Use this method for sensitive data that follows specific patterns or formats. Regular expressions (regex) are pattern-matching rules ideal for detecting structured data like ID numbers, licence plates, custom codes, or any formatted text.

When to Use Regular Expressions:

Use regex when sensitive data follows a consistent format, such as employee IDs (e.g., EMP-2024-0001), product codes (e.g., PROD-ABC-12345), custom reference numbers, or any structured identifier unique to your organisation.

Creating a Regular Expression:

In the Regular Expression field, enter your pattern using standard regex syntax.

Open image-20251031-104830.png

Common Regex Patterns:

Employee ID (EMP followed by year and number): EMP-\d{4}-\d{4} This matches: EMP-2024-0001, EMP-2025-0234, etc. Australian Business Number (ABN, 11 digits): \d{2}\s\d{3}\s\d{3}\s\d{3} This matches: 51 824 753 556. Product Code (PROD-3 letters-5 digits): PROD-[A-Z]{3}-\d{5} This matches: PROD-ABC-12345, PROD-XYZ-99999.

In the Test Text field, enter sample text that should match your pattern. Always test your regex with multiple examples to ensure it captures what you intend without generating false positives.

Click +Validate to check if your regex correctly identifies the pattern. DISCOVER will notify you of matches, confirming your pattern works as intended.

Open image-20251031-104853.png

Additional Options:

Space Before/After: Enable these options if you want DISCOVER to only match the pattern when it has a space before and/or after it. This reduces false positives by ensuring the match is a complete word or code and not part of a larger string.

Example: If searching for "EMP-1234", enabling "space required" prevents matching within "TEMP-1234-SAMPLE".

Checksum (Luhn): Enable this for patterns like credit card numbers that use the Luhn algorithm for validation. When enabled, DISCOVER verifies that detected numbers pass the Luhn checksum test, reducing false positives.

Open image-20251031-104945.png

Context Parameters for Regular Expressions:

Masking: Determines how much of the detected sensitive data is concealed in reports and dashboards. This protects the actual sensitive content while still showing that it was found.

Select from the drop-down:

• None: Complete data is visible (use with caution)

• 1/4 Mask (Quarter Masking): 25% of the data is hidden. Example: "EMP-2024-0001" becomes "EMP-2024-00**"

• 1/2 Mask (Half Masking): 50% of the data is hidden. Example: "EMP-2024-0001" becomes "EMP-20**-****"

• 3/4 Mask (Three-Quarter Masking): 75% of the data is hidden. Example: "EMP-2024-0001" becomes "EMP-****-****"

Option 3: Filename Expressions

Use this method to identify sensitive data based on file naming patterns rather than file contents. This is useful when your organisation uses specific naming conventions for confidential documents.

Use filename expressions when sensitive files follow naming conventions, such as files starting with "Confidential_", "HR_", or "Financial_Report", files in specific directories with standard names, or document types where the filename itself indicates sensitivity.

1. In the Add Expression field, type or select a filename pattern using wildcards. Click the (+) button to add it to the list. You can add multiple patterns.

Open image-20251031-105306.png

Common Filename Patterns:

Wildcard Reference:

* (asterisk): Matches any number of any characters

? (question mark): Matches exactly one character. Examples: Report_202?.docx matches Report_2024.docx, Report_2025.docx, but not Report_2026.docx if the pattern is specifically looking for a single digit. HR_????.xlsx matches HR_2024.xlsx, HR_ABCD.xlsx (any 4 characters after HR_).

Completing the Data Type Configuration

After selecting and configuring your Data Identifier (Sensitive Words, Regular Expressions, or Filename Expressions), you must complete the data type setup:

1. From the Classification drop-down, select which sensitivity level this data type belongs to (e.g., Public, Internal, Confidential, Secret). This determines how DISCOVER prioritises and handles files containing this data type.

2. From the Data Owner(s) drop-down, select one or more people who should be notified when this data type is discovered. You can assign multiple data owners to a single data type—all will receive alerts.

If you don't see the data owner you need, you must first create them in the Data Owner section.

Include Subtypes (Optional):

Subtypes allow you to refine the data type with additional criteria, reducing false positives by ensuring more specific conditions are met.

DISCOVER offers two subtype conditions:

• Sub-Type If Present: Select or type existing data subtypes from the drop-down and press Enter to add each one. When using this condition, reports will ONLY be generated if ALL selected subtypes are found in the file. This creates a very strict detection rule.

Example use case: Only flag a document if it contains "Credit Card" and "Expiry Date", and "CVV" data subtypes.

• If One or More Subtype: Select or type existing data subtypes and press Enter to add each one. Reports will be generated if ANY ONE of the selected subtypes is found in the file. This is a more permissive rule.

Example: Flag a document if it contains EITHER "Visa Card" OR "MasterCard" OR "American Express" data subtypes.

If the subtype you need doesn't exist yet, you must create it first in the Data Subtype section before you can assign it here.

1. Click Save to create the data type. The data type is now active and will be used in future scans.

Data Subtype

Data Subtypes are more specific detection rules that refine parent data types. They help narrow scan results and minimise false positives by adding another layer to data type detection.

Why Use Data Subtypes?

Without subtypes, a data type like "Credit Card" might match any 16-digit number, leading to false positives. With subtypes like "Visa Card Australia" or "MasterCard Global," you can ensure DISCOVER only flags numbers that match the specific card formats used in your region, dramatically improving accuracy.

Understanding the Subtype Hierarchy:

Data Subtypes must be logically related to their parent data type. Incorrect configuration can cause inaccurate results. As a rule of thumb, each data subtype should be a more specific version of its parent data type, not a different type altogether.

Correct Configuration Example:

• Data Type: Credit Card Number

  • Subtype: Visa Card Australia (Very Narrow)

  • Subtype: Visa Card Global (Narrow)

  • Subtype: MasterCard Australia (Very Narrow)

  • Subtype: MasterCard Global (Narrow)

Incorrect Configuration Example:

• Data Type: Visa Card

  • Subtype: MasterCard—this will cause false matches.

Add Data Subtype

If the built-in data subtypes don't cover the specific patterns or variations you need, you can create custom subtypes.

For example, within the "Phone Number" data type, create subtypes for mobile numbers, landline numbers, or specific area codes. Within the "Employee ID" data type, create subtypes for different departments or office locations. Within geographical data types, create subtypes for specific regions, states, or countries.

Open image-20251124-073050.png

To Create a Custom Data Subtype:

1. Navigate to DATA GOVERNANCE > Data Type and click the Data Subtype button.

2. Click +Data Subtype.

3. Enter an appropriate Data Subtype Name and give a short Description (optional).

4. Select one Data Subtype Identifier by clicking the drop-down(Sensitive Words, Regular Expressions, or Filename Expressions).

5. Set a Context Parameter (Sensitive Words and Regular Expressions), and click Save.

Assign Classification

The Assign Classification feature allows you to link one or more existing data types to a classification. This is useful when you've created multiple data types and want to bulk-assign them to the same sensitivity level.

1. Navigate to DATA GOVERNANCE > Data Type.

2. In the data types list, check the boxes next to one or more data types that should belong to the same classification.

   
3. Click Assign Data Classification.

4. From the drop-down menu, select the classification you want to assign to all selected data types and click Assign.

DISCOVER

The DISCOVER section is where you perform the core operations of the system: identifying target devices and services, configuring and running scans, reviewing scan results, investigating sensitive files, and taking remediation actions. This is the operational centre of DISCOVER, where you actively search for and manage sensitive data across your environment.

What You Can Do in This Section

View Dashboard Summary: Get an at-a-glance overview of all scanning, investigation, and remediation activity across your environment. The dashboard highlights overall system activity and remediation outcomes.

Discover Targets: Identify devices and cloud services available for scanning within your network and connected cloud environments. DISCOVER finds targets using network protocols and cloud API connections, making them available for future scans.

Configure and Run Scans: Set up one-time or ongoing scans to search for sensitive data across selected devices, file servers, and cloud services. Define what to scan, where to scan, and when to scan.

Review Scan Results: Examine detailed findings from completed scans, including which sensitive data was found, where it's located, and who owns it. Results are organised by device, SharePoint, and email for easy navigation.

Investigate Files: Download and inspect specific files containing sensitive data for closer examination.

Remediate Sensitive Data: Take action on discovered sensitive files by moving them to secure locations, deleting them from unauthorised locations, encrypting them for protection, or notifying relevant personnel via email.

Dashboard

The Dashboard provides a comprehensive summary of all scanning, investigation, and remediation activity across your DISCOVER environment. It serves as your starting point for understanding the current state of sensitive data exposure in your organisation.

The Dashboard is divided into two main sections:

• Dashboard is best for monitoring, reporting, and identifying trends and high-level risk areas.

• Summary Report is best for detailed investigation of specific scans, understanding exactly where sensitive data is located, and planning targeted remediation actions.

Accessing the Dashboard

Open image-20260109-051250.png

Navigate to DISCOVER > Dashboard in the left-hand menu. The Dashboard loads automatically and displays the most current data across all completed scans.

Filter and Search

At the top of the Dashboard, you'll find filter and search controls that allow you to narrow the displayed data to specific scan jobs or date ranges.

1. To filter Dashboard data, use the scan job selector to choose a specific scan from the drop-down menu and click Filter.

2. When you select a particular scan, the Dashboard updates to show only data from that scan job.

The Dashboard updates automatically when new scans complete or remediation actions are performed. To manually refresh the Dashboard with the latest information, reload the page in your browser.

Dashboard View

The Dashboard view provides high-level metrics and visualisations summarising your entire DISCOVER environment's activity. This is the default view when you navigate to the Dashboard.

The Dashboard displays the following key performance indicators:

Number of Targets: Total count of all discovered targets (devices, Exchange mailboxes, SharePoint sites) available for scanning in your environment. Example: 180 indicates that 180 targets have been discovered and are available for scanning.

Total Files Scanned To Date: Cumulative count of all files that DISCOVER has examined across all scans since deployment. Example: 36,379 indicates that DISCOVER has scanned over thirty-six thousand files across your environment.

Potential Sensitive Data: Total number of files containing at least one instance of sensitive data (matching any configured data type). Example: 1,727 indicates that 1,727 files contain potentially sensitive information that requires attention.

Total Sent For Investigation: Count of files that have been flagged for closer inspection and downloaded through the Investigate function. Example: 79 indicates that 79 files have been investigated by administrators for detailed review.

Total Remediation: Count of files on which remediation actions (move, copy, delete, notify) have been performed. Example: 27 indicates that 27 files have had remediation actions applied to secure or remove sensitive data.

Potential Data By Target

This visualisation (pie-chart) shows the distribution of files containing sensitive data across your scanned targets. It helps you quickly identify which devices, mailboxes, or SharePoint sites have the highest concentration of sensitive information.

Open image-20260112-061940.png

Top 5 Targets With Large Number Of Data

This section lists the five targets (devices, mailboxes, or SharePoint sites) with the highest number of files containing sensitive data.

Open image-20260109-055134.png

What This Tells You:

personal/john_r_organisation_com_au: A OneDrive for Business or personal SharePoint location for the user John R, containing 82 files with sensitive data. This is the highest concentration in your environment and should be prioritised for review.

John Smith: This device or mailbox belonging to John Smith contains 41 files with sensitive data.

Jane Smith: This device or mailbox contains 29 files with sensitive data.

ORG-JOHN-NB: This device (a laptop or workstation with the hostname ORG-JOHN-NB) contains 29 files with sensitive data.

personal/alex_k_organisation_com_us: This is another OneDrive for Business or personal SharePoint location, containing 19 files with sensitive data.

Focus remediation efforts on these top targets first, as they represent the highest risk areas.

Remediation Action

This section shows a breakdown of remediation actions that have been performed across all scans.

Open image-20260109-082850.png

What Each Action Means:

Email Sent To User (2): Notification emails were sent to 2 end users (the people who own the devices or files) informing them that sensitive data was found on their device or in their storage location.

Email Sent To Owner (0): No notification emails have been sent to data owners (the people assigned responsibility for specific data types in the Data Owner section).

Moved (19): 19 files containing sensitive data were moved to a secure location (defined in ORGANISATION > Set Up Secure Location). This is a common remediation action to relocate sensitive files from insecure or unauthorised locations to a controlled, protected environment.

Copied (1): 1 file was copied to a secure location while leaving the original in place. This might be done when you need to preserve the file in its original location for operational reasons while also securing a copy for investigation or archival purposes.

Deleted (5): 5 files containing sensitive data were permanently deleted. This action is typically used when sensitive files should not exist in a particular location and pose a security risk (e.g., credit card data on a user's personal device).

Discovered Data Vs Investigated Data Vs Remediation Data

This visualisation (graph) shows the relationship between three key stages of the data security workflow. The comparison (updated monthly) reveals how effectively your team is responding to discovered sensitive data.

Open image-20260112-062601.png

Discovered Data: Files containing sensitive data that have been found during scans (1,727 in the example).

Investigated Data: Files that have been downloaded and examined more closely through the Investigate function (79 in the example).

Remediation Data: Files on which remediation actions have been performed (27 in the example).

A significant gap between discovered and investigated data suggests that many files containing sensitive information have not yet been thoroughly examined. This might indicate insufficient resources for investigation, low-priority findings that don't warrant investigation, or a backlog requiring attention.

Summary Report

The Summary Report provides detailed data for specific scan jobs. While the Dashboard shows aggregated metrics across all scans, the Summary Report focuses on the specifics of individual scans or filtered scan data.

Open image-20260109-101335.png

To Access Summary Report:

1. Navigate to DISCOVER > Summary Report. Select a specific scan job from the drop-down at the top and click Filter. The report summary begins with metadata about the selected scan:

• Reports Generated On: The date and time when you're viewing the report.

• Scan From: The start date and time of the scan period being reported.

• Scan To: The end date and time of the scan period being reported.

Number of Targets by Data Type

This section shows how many unique targets (devices, mailboxes, or SharePoint sites) contain each specific data type.

Open image-20260109-110804.png

What This Tells You:

MasterCard | Global: 11 different targets (devices, mailboxes, or sites) contain files with MasterCard credit card numbers, totalling 1,464 files. This indicates widespread exposure of MasterCard data across your environment.

American Express | Global: 11 targets contain American Express card data across 1,455 files. etc

You can click on the results to get detailed information sorted neatly based on scan location. (Device, SharePoint, and Email).

Number of Files by Data Type

Here you can also see a breakdown of files by "context" ranges, showing how many instances of sensitive data appear in each file. "Context" refers to the number of times the sensitive data pattern appears in a single file. The context ranges show how concentrated the sensitive data is:

• 0 to 5 Context: Files containing 1-5 instances of the sensitive data type

• 5 to 10 Context: Files containing 6-10 instances

• 10 to 20 Context: Files containing 11-20 instances

• 20 to 50 Context: Files containing 21-50 instances

• 50+ Context: Files containing more than 50 instances

What This Example Tells You:

All files across all data types fall into the "0 to 5 Context" range. This means that every file containing sensitive data has between 1 and 5 instances of that data type. No files contain large concentrations of sensitive data (e.g., databases or spreadsheets with hundreds of credit card numbers).

Target Discovery

Target Discovery is the process of identifying devices and services within your environment that DISCOVER can scan for sensitive data. Before you can run scans, you must first discover the targets (endpoints, file servers, or cloud services) where sensitive data might exist.

DISCOVER finds targets using two primary methods:

Network-Based Discovery: DISCOVER Agents search for devices within specified IP address ranges using network protocols such as WinRM (Windows Remote Management), SSH (Secure Shell), and SMB/File Server protocols.

Cloud Service Discovery: DISCOVER connects to cloud services using authenticated API connections, specifically Microsoft Graph API for Exchange Online and SharePoint Online services.

Understanding Discovery Jobs

A Discovery Job is a configured task that tells a DISCOVER Agent where to look for targets and how to connect to them. Once a discovery job completes, the found devices and services appear in the "Devices/Services Found" section, where you can then select them for scanning.

Open image-20260112-104417.png

View/Add Devices

Devices are physical or virtual endpoints that DISCOVER scans for sensitive data. This includes workstations, laptops, and file servers. DISCOVER connects to these devices either locally (if the Agent is installed on the device itself) or remotely using SSH or WinRM protocols.

Open image-20260112-112147.png

1. Navigate to DISCOVER > Target Discovery > Devices and click +New Target Discovery.

2. Enter a descriptive name for the discovery task in Discovery Job Name (e.g., "Finance Department Workstations", "Sydney Office Network Scan", "Head Office File Servers"). This helps you identify the purpose of the discovery job later.

3. In Target IP Range, define the IP address segment where DISCOVER should search for devices. Enter the range in standard notation, such as: 192.168.1.100

The DISCOVER Agent and target systems must be within the same IP address segment (subnet) to enable direct communication for scanning. For example, if target devices are in the IP segment 192.168.1.x, the Agent should also be in the 192.168.1.x range with the same subnet mask, such as 255.255.255.0.

If the Agent and targets are on different subnets, your network must be configured with appropriate routing, firewall rules, and port accessibility to allow the Agent to reach and scan the target systems.

1. Set the Location filter to narrow the list of available Agents by their assigned location. This is useful when you have Agents deployed across multiple sites or business units. Select the location that corresponds to where the Agent you want to use is deployed (e.g., "Sydney Office", "Melbourne Data Centre").

Open image-20250917-110806.png

1. Select the connection protocol DISCOVER will use to communicate with target devices from the drop-down menu. Your options are:

2. WinRM (Windows Remote Management): Use this for Windows devices (workstations, servers). WinRM is Microsoft's protocol for remote management of Windows systems.

3. SSH (Secure Shell): Use this for other devices besides devices that have Windows installed. SSH provides secure remote access to Unix-based systems. Requires SSH to be running on target devices.

4. File Server (SMB): Use this for network file shares and storage devices accessible via Server Message Block (SMB) protocol. This is commonly used for Windows file shares and NAS devices.

5. Depending on the protocol you selected, you'll need to provide credentials that have permission to access the target devices:

6. For WinRM and SSH Protocols: Enter the Username and Password in the appropriate fields. The account type determines the format: 1. Local Accounts: Use the local username only (e.g., administrator, admin, localuser). Local accounts are created directly on the target device and are not part of a domain. 2. Azure AD (Entra ID) Accounts: Use the full email address (e.g., [email protected]). These are cloud-based accounts managed through Microsoft Azure Active Directory. 3. Domain Accounts: Use the format DOMAIN\username (e.g., YOURCOMPANY\admin, CONTOSO\scanuser). These are accounts managed through an on-premises Active Directory domain.

7. For File Server Protocol, enter the Username and Password of an account with access to the target share. Use the DOMAIN\username format for domain accounts where required.

8. In the SMB Location field, enter the server name and path to the share or folder. (e.g,\\fileserver01\share, \\fileserver01\share\folder, \\192.168.1.50\documents)

9. Set the Connection Retry Frequency to specify how often DISCOVER will attempt to reconnect to a target if the initial connection fails. Options typically range from every hour to 30 hours. Shorter intervals result in faster retry attempts but increased network traffic; longer intervals reduce network load but slow down discovery.

10. Set the Connection Timeout After to specify the maximum duration DISCOVER will continue attempting to connect before abandoning the target. Options range from just once to a month (30 days). If a device doesn't respond within this timeframe, DISCOVER marks it as unreachable and moves on.

11. Click Save to apply the changes.

DISCOVER will begin attempting to connect to devices within the specified IP range using the configured protocol and credentials. The discovery job appears in the Target Discovery list.

View/Add Services

Services represent cloud-based endpoints that DISCOVER can access and scan for sensitive data. Unlike devices (which are physical or virtual machines), services are cloud applications accessed through APIs. These include Microsoft 365 services such as Exchange Online and SharePoint Online. DISCOVER accesses these services using Microsoft’s Graph API using OAuth 2.0 authentication.

Open image-20260113-054846.png

1. Navigate to DISCOVER > Target Discovery > Services and click +Discover New Target.

2. Enter a descriptive Discovery Job name for the cloud service discovery task (e.g., "Exchange Online - Finance Department", "SharePoint - HR Site Collection", "Microsoft 365 - All Services").

3. Select the type of cloud service you want to discover from the Cloud Connector drop-down menu

4. Microsoft Exchange: For scanning Exchange Online mailboxes and email data

5. SharePoint: For scanning SharePoint Online document libraries and OneDrive for Business

Depending on which cloud connector you selected, you'll need to provide specific authentication information. DISCOVER uses OAuth 2.0 authentication to securely connect to Microsoft 365 services through Microsoft's Graph API.

For Exchange:

Exchange Tenant ID: Enter your organisation's Azure AD Tenant ID. This is a unique identifier (GUID format) for your Microsoft Entra ID instance. To find your Tenant ID, go to the Azure portal (Microsoft Azure) > Microsoft Entra ID > Overview and look for Tenant ID. It looks like: 1234a5b6-1a23-a234-12y3-123456789abc

Open image-20260113-060229.png

Exchange Client ID: Enter the Application (Client) ID from your registered Exchange application in Azure AD. This is created when you register an application in Azure AD to allow DISCOVER to access Exchange. To find your Client ID, go to the Azure portal > Microsoft Entra ID > Manage > App registrations, select your DISCOVER Exchange application, and copy the Application (client) ID. It looks like: abcdef12-3456-7890-abcd-ef1234567890

Open image-20260113-060810.png

For SharePoint:

SharePoint Organisation: Enter your organisation's name as it appears in SharePoint Online. This is typically the first part of your SharePoint URL. For example, if your SharePoint URL is https://organisation.sharepoint.com, enter contoso.

SharePoint Tenant ID: Enter your organisation's Azure AD Tenant ID (same as for Exchange). You can find this in the Azure portal > Microsoft Entra ID > Overview.

SharePoint Client ID: Enter the Application (Client) ID from your registered SharePoint application in Azure AD. Find this in Azure portal > Microsoft Entra ID > App registrations > [Your SharePoint App] > Application (client) ID.

1. Set the Location to filter the list of agents by their assigned location, similar to device discovery.

2. Choose how DISCOVER will authenticate to the cloud service. You have two methods available:

3. Client Secret: Use a secret key (password) generated for the registered application in Azure AD. When you select this option, enter the Client Secret value that was generated when you created the application registration in Azure AD. Open image-20260113-093420.png

4. Client Certificate (Recommended for Security): Use a certificate file for authentication instead of a text-based secret. Certificates are more secure than client secrets because they cannot be easily copied or intercepted, have defined expiration dates for better credential management, and can be revoked immediately if compromised.

Client secrets expire and must be renewed periodically. Keep track of the expiration date and update the secret in DISCOVER before it expires.

When you select this option, you'll need to upload the certificate file (.pfx or .cer format) that you've already registered with your Azure AD application.

1. Set the Connection Retry Frequency to specify how often DISCOVER will attempt to reconnect to a target if the initial connection fails. Options typically range from every hour to 30 hours. Shorter intervals result in faster retry attempts but increased network traffic; longer intervals reduce network load but slow down discovery.

2. Set the Connection Timeout After to specify the maximum duration DISCOVER will continue attempting to connect before abandoning the target. Options range from just once to a month (30 days). If a device doesn't respond within this timeframe, DISCOVER marks it as unreachable and moves on.

3. Click Save to apply the changes.

DISCOVER will attempt to connect to the specified cloud service using the provided authentication details. The discovery job appears in the Target Discovery list with a status indicator.

Once connected, DISCOVER retrieves a list of accessible mailboxes (for Exchange) or site collections and document libraries (for SharePoint). These appear in the DISCOVER > Target Discovery > Devices/Services Found section, where you can select them for scanning.

Additional Target Discovery Functions

After initiating discovery jobs, you have access to the following management features in the Target Discovery page:

Open image-20260113-100305.png

Edit Target Discovery:

1. Navigate to DISCOVER > Target Discovery (either Devices or Services). Locate the discovery job you want to modify and click the Edit (🖉) icon.

2. Make the necessary changes to any of the fields (IP range, credentials, cloud connector settings, etc.) following the same guidelines as when you created the discovery job.

3. Click Save to apply the changes.

Re-Discover Targets:

1. Navigate to DISCOVER > Target Discovery. Locate the discovery job and click the Re-discover (⭮) icon.

2. The discovery operation will reinitiate using the current configuration. This is useful when devices or services have been added to your environment since the last discovery, or when you want to refresh the list of available targets to ensure accuracy.

3. The re-discovery process follows the same steps as the original discovery, and any new targets found will be added to the Devices/Services Found list.

Devices/Services Found

The Devices/Services Found section displays all endpoints and services that DISCOVER Agents have successfully identified during discovery jobs. This is your inventory of available scan targets.

The page displays discovered targets in a searchable, filterable list showing the Host Name (device hostname, computer name, or service name), Scan Name (target discovery job name), Scanning Agent (the agent assigned to the particular device), Category (type of device), Last Activity (last known action performed on the host device), and Status (status of the target discovery scan).

Filtering and Searching:

Use the filter options at the top of the page to narrow the list by Host Name (show only a specific found device), Scan Name (show devices only of a particular scan job), Agent Name (show devices under a specific agent only), or Category (show only one, Endpoint, Exchange mailbox, or SharePoint, device at a time).

Optionally, you can use the search box to quickly find specific targets by their identifiers.

Open image-20260113-101245.png

Reassign Agent

The Reassign Agent feature allows administrators to change the agent responsible for managing or scanning a specific target device or service.

Reassign an Agent when the original Agent is overloaded, and you want to balance the workload across multiple Agents, a target device has moved to a different network segment closer to another Agent, the original Agent has connectivity issues or is being decommissioned, or you're reorganising your scanning architecture for better performance.

Open image-20260113-102556.png

To Reassign an Agent:

1. Navigate to DISCOVER > Devices/Services Found.

2. In the target list, check the boxes next to one or more devices or services you want to reassign to a different Agent. You can select multiple targets simultaneously, even if they're currently assigned to different Agents.

3. Click +Re-assign Agent.

4. In the pop-up window, select the new Agent and click Save.

5. Click Assign to apply the reassignment.

Open image-20260113-105338.png

Ensure that the devices being reassigned are not already assigned to the selected agent. Multiple devices from multiple agents can be reassigned at once; any device already assigned to the chosen agent, when reassigning agent, will be skipped.

After reassignment, the new Agent will be responsible for scanning these targets in future scan jobs.

Scans

The Scans feature is where you configure and execute the core function of DISCOVER: examining target devices, servers, and cloud storage to identify sensitive data.

Understanding Scan Types:

DISCOVER offers two scan types based on how often they run:

• One-Time Scan: Executes a single, non-recurring scan on selected targets and data types. Useful for focused investigations, testing new data type configurations, or scanning specific areas without committing to ongoing monitoring.

• Ongoing Scan: Runs repeatedly on a defined schedule (daily, weekly, monthly) across selected targets. Useful for continuous monitoring of your environment, compliance requirements that mandate regular scanning, and tracking changes in sensitive data exposure over time.

Application-Based vs. Agentless Scanning:

Both scan types rely on the DISCOVER Agent application to execute the scanning logic, but they differ in where the scanning occurs. From a user perspective, you simply select targets for scanning, and DISCOVER automatically determines whether to use local or remote scanning based on where the Agent is installed.

• Agent-based(Local Scanning): The DISCOVER Agent is installed directly on the target device and scans its own local files. This is the most efficient method for individual workstations and provides fast performance without network overhead.

• Agentless (Remote Scanning): An Agent on one device connects remotely across the network to other devices or cloud services to scan them. This is necessary for file servers, cloud services, and devices where you cannot install the Agent directly.

Open image-20260113-112451.png

One Time Scan

One-Time Scans enable you to run a single, non-recurring scan on specific data types and selected targets. This provides focused detection of sensitive information in specific areas without scanning the entire environment or committing to an ongoing schedule.

When to Use One-Time Scans:

Use one-time scans when you need to investigate a specific location or device where sensitive data might exist, test new data type configurations to see if they produce accurate results before deploying them in an ongoing scan, perform an ad-hoc compliance check of a particular area, or scan a newly discovered device or service for the first time before adding it to ongoing monitoring.

Open image-20260113-112622.png

To Create and Run a One-Time Scan:

1. Navigate to DISCOVER > Scans and click +New Scan.

2. In the scan type selection screen, choose One Time Scan and click Proceed.

3. Enter the Scan Name that clearly identifies the purpose of this scan (e.g., "Finance SharePoint - Credit Card Check", "HR Laptops - PII Scan").

Open image-20251016-060449.png

1. Add an optional Description to provide context about why this scan is being performed or what you expect to find and click Next.

2. You'll see a list of all available data types (both predefined and custom). Check the boxes next to the data types you want to search for during this scan. For example, if you're scanning for payment card data, select "Credit Card Numbers", "CVV Codes", "Cardholder Names", etc and click Next. You can also use the search box at the top of the list to quickly find specific data types

Open image-20260114-051214.png

1. Select Targets / Services. You'll see three tabs representing different target types:

2. Devices Tab: Displays all discovered devices (workstations, laptops, file servers, network storage). Check the boxes next to the devices you want to include in this scan.

3. Exchange Tab: Displays all discovered Exchange Online mailboxes. Check the boxes next to the mailboxes you want to scan for sensitive email content.

4. SharePoint Tab: Displays all discovered SharePoint Online sites and document libraries. Check the boxes next to the sites you want to scan.

You can select targets across multiple tabs (e.g., scan both devices and SharePoint sites in the same scan job). Click Next after selecting all targets.

Open image-20260114-051533.png

1. File Handling Options control how DISCOVER processes different file types and what content it includes in the scan:

2. Archive File Handling: Enable this to process compressed archive files (ZIP, RAR, 7z, etc.). When enabled, DISCOVER extracts and scans the contents of archive files. When disabled, archive files are skipped. Enable if sensitive data might be compressed.

3. OCR for Images: Enable Optical Character Recognition to extract text from image files (JPG, PNG, GIF, etc.). DISCOVER will analyse the image, identify any text visible in the image, and scan that text for sensitive data. This is useful for detecting screenshots of sensitive documents or photographed data. Enable if you suspect sensitive data might exist in images.

4. OCR for Documents: Enable OCR to extract text from scanned document files (scanned PDFs, TIFF files, etc.). This is similar to image OCR but specifically for document formats that contain scanned images rather than searchable text. Enable for thorough scanning of all document types.

5. Enable New Files Since Last Scan: Enable this to scan only files that have been created or modified since the last time this target was scanned. This significantly speeds up subsequent scans by skipping unchanged files. For a one-time scan, this option is only relevant if you plan to run the same scan configuration again later. Leave disabled for true one-time scans; enable if you might repeat this scan.

6. Select Exchange Date: For Exchange mailbox scans only, specify a start date to scan all emails received from that date forward. Enter the date in the calendar picker. This prevents DISCOVER from scanning years of historical email if you only need recent messages. Recommendation: Set this to a reasonable timeframe (e.g., past 90 days) unless you specifically need to scan all historical email.

Open image-20260114-053331.png

1. Filter Directories and Files Types allows you to include or exclude specific folders and file types from the scan. If you skip this configuration, DISCOVER will scan all directories and file types for sensitive data. You have multiple options for controlling which directories and file types are scanned:

2. Scan Only the Selected Folders and File Types Limit the scan to specific locations and file formats. Only what you explicitly select will be scanned. Use this when you know exactly where sensitive data exists and want to focus only on those locations. Open image-20260114-061400.png 1. Include System Folders (Toggle): Enable to include Windows system directories (C:\Windows, C:\Program Files). Generally not recommended unless you have a specific reason to scan system folders. 2. Selected Folder Paths: Click +Add to add directories to scan. Enter the full path (e.g., C:\Users\Public\Documents, \\fileserver\HR\Payroll). Add multiple paths as needed—only these directories will be scanned. 3. Include All File Types (Toggle): Enable to scan all supported formats (documents, spreadsheets, presentations, images, archives, emails). Disable it to limit scanning to specific extensions only. 4. Include Custom File Types: click +Add to specify extensions to scan uncommon or proprietary file extensions not in DISCOVER's standard list. Only files matching these extensions will be scanned.

3. Scan All Content Except the Selected Folders and File Types Scan comprehensively while excluding specific areas or file types. Everything is scanned except what you explicitly exclude. Use this when you want broad coverage while skipping known irrelevant areas like system folders, logs, or temporary directories. Open image-20260115-061516.png 1. Exclude System Folders (Toggle): Enable to skip all Windows system directories. Recommended for most scans, as system folders rarely contain user-generated sensitive data. 2. Exclude Custom Folder Path: Click +Add to specify directories to exclude. Enter the full path (e.g., C:\Windows\Temp, \\fileserver\Backups, D:\Logs). These directories will be skipped during the scan. 3. Exclude All File Types (Toggle): Enable to skip file content scanning entirely and only examine file metadata (filenames, paths). Rarely used—typically only for filename-based data types. 4. Exclude Custom File Types: Click +Add to specify extensions to exclude uncommon or proprietary extensions you don't want scanned (e.g., .backup, .cache). Click Next to proceed.

4. The Review screen displays a summary of your scan configuration, including the scan name, selected data types, selected targets (devices, Exchange mailboxes, SharePoint sites), file handling options, and any folder or file type filters you configured.

5. Review this information carefully to ensure the scan is configured as intended, and click Save Scan. The scan will initiate automatically.

The scan appears in the DISCOVER > Scans list with a status indicator showing progress. You can monitor the scan's progress and see which targets are currently being scanned, completed successfully, or failed. Once the scan completes, click View Result to see the findings (see the Results section for details).

Ongoing Scan

Ongoing Scans run repeatedly on a defined schedule, continuously monitoring selected targets for sensitive data. This provides long-term visibility into data exposure and helps track changes over time.

When to Use Ongoing Scans:

Use ongoing scans for continuous compliance monitoring required by regulations or policies, establishing a baseline and tracking trends in sensitive data exposure across your environment, automatic monitoring of all devices and services without manual intervention, or regular reporting on data security status.

Open image-20260115-085805.png

To Create and Run an Ongoing Scan:

1. Navigate to DISCOVER > Scans and click +New Scan.

2. In the scan type selection screen, choose Ongoing Scan and click Proceed.

3. You'll see a list of all available data types. Check the boxes next to the data types you want to search for in this ongoing scan and click Next.

Open image-20260115-085913.png

1. Select targets across the three tabs (Exchange, Devices, and SharePoint) following the same process as one-time scans. For ongoing scans, you typically select all devices and services you want to monitor continuously rather than limiting to specific targets. Use the search functionality to locate specific targets quickly. Click Next after selecting targets.

Open image-20260114-051533.png

1. Configure the same file handling options as the One-time scan, with one additional option specific to ongoing scans:

2. Auto Scan Newly Discovered Device (Ongoing Scan Only): Enable this to automatically include newly discovered devices and services in future scan runs without manually editing the scan configuration. When enabled, any devices or services discovered after this scan are automatically added to the target list on the next scheduled run. Open image-20260115-090506.png

3. Filter Directories and Files Types allows you to include or exclude specific folders and file types from the scan. If you skip this configuration, DISCOVER will scan all directories and file types for sensitive data. You have multiple options for controlling which directories and file types are scanned:

4. Scan Only the Selected Folders and File Types Limit the scan to specific locations and file formats. Only what you explicitly select will be scanned. Use this when you know exactly where sensitive data exists and want to focus only on those locations. Open image-20260114-061400.png 1. Include System Folders (Toggle): Enable to include Windows system directories (C:\Windows, C:\Program Files). Generally not recommended unless you have a specific reason to scan system folders. 2. Selected Folder Paths: Click +Add to add directories to scan. Enter the full path (e.g., C:\Users\Public\Documents, \\fileserver\HR\Payroll). Add multiple paths as needed—only these directories will be scanned. 3. Include All File Types (Toggle): Enable to scan all supported formats (documents, spreadsheets, presentations, images, archives, emails). Disable it to limit scanning to specific extensions only. 4. Include Custom File Types: Click +Add to specify file type extensions to scan uncommon, proprietary, or file extensions not in DISCOVER's standard list. Only files matching these extensions will be scanned.

5. Scan All Content Except the Selected Folders and File Types Scan comprehensively while excluding specific areas or file types. Everything is scanned except what you explicitly exclude. Use this when you want broad coverage while skipping known irrelevant areas like system folders, logs, or temporary directories. Open image-20260115-061516.png 1. Exclude System Folders (Toggle): Enable to skip all Windows system directories. Recommended for most scans, as system folders rarely contain user-generated sensitive data. 2. Exclude Custom Folder Path: Click +Add to specify directories to exclude. Enter the full path (e.g., C:\Windows\Temp, \\fileserver\Backups, D:\Logs). These directories will be skipped during the scan. 3. Exclude All File Types (Toggle): Enable to skip file content scanning entirely and only examine file metadata (filenames, paths). Typically only for filename-based data types. 4. Exclude Custom File Types: Click +Add to specify extensions to exclude uncommon or proprietary extensions you don't want scanned (e.g., .backup, .cache). Click Next to proceed.

6. Set a Schedule to define when and how often the scan runs.

7. In the Repeat Schedule Every field, enter how frequently the scan should run. 1. Select an interval: Select the rate at which the scans repeat monthly. 2. Select a time: Select the time at which the scans start. Example: Selecting 2 Months at 10:00 repeats the ongoing scan every 2 months at 10:00 AM.

8. Choose the Scan Start From date 1. Specific Date: Select a calendar date when the first scan should run. The scan will start on this date and then repeat according to the interval you set. 2. Day of the Week: Select a specific day (Monday, Tuesday, etc.) when scans should run. This is useful for scheduling scans during low-activity periods (e.g., every Sunday).

9. Ongoing scans can be resource-intensive (high CPU usage, network traffic, disk I/O); it's best to schedule them during off-hours when they won't impact user productivity. Use the Avoid Scans on option to specify when scans should NOT run, even if they're scheduled. 1. Click +Avoid Time to add a restriction. Select the day(s) of the week when scans should be avoided. Select the time range to avoid (e.g., 8:00 AM to 6:00 PM for business hours). You can add multiple avoid time windows to accommodate different schedules. Click Next to continue.

Open image-20251016-075302.png

1. The Review screen displays a summary of your scan configuration, including the scan name, selected data types, selected targets (devices, Exchange mailboxes, SharePoint sites), file handling options, any folder or file type filters you configured, and scan schedules.

2. Review this information carefully to ensure the scan is configured as intended, and click Save Scan. The scan will initiate automatically.

The scan appears in the DISCOVER > Scans list with a status indicator showing progress. You can monitor the scan's progress and see which targets are currently being scanned, completed successfully, or failed. Once the scan completes, click View Result to see the findings (see the Results section for details).

Scan Management Functions

After creating scans (one-time or ongoing), you can monitor and manage them from the DISCOVER > Scans page.

Open image-20260115-094602.png

• View Result: Navigate to DISCOVER > Scans. Locate the completed scan and click View Result. This opens the Results page filtered to show only findings from this specific scan (see the Results section below for detailed information on reviewing scan findings).

• View Scan Details: Navigate to DISCOVER > Scans. Locate the scan and click the View (👁) icon. This displays the complete scan configuration, including all selected data types, target devices and services, file handling options, folder and file type filters, and schedule settings (for ongoing scans). Use this to verify how a scan is configured without editing it.

• Delete Scan: Navigate to DISCOVER > Scans. Locate the scan you want to remove and click the Trash (🗑) icon. A confirmation prompt will appear. Click OK to confirm deletion. Open image-20260115-095224.png

• Pause Scan: Navigate to DISCOVER > Scans. Locate the running scan and click the Pause (⏸) icon. The scan immediately pauses and stops processing targets. Targets that have already been scanned retain their results. Targets not yet scanned remain in the queue.

• Resume Scan: Navigate to DISCOVER > Scans. Locate the paused scan and click the Play (▷) icon. The scan resumes from where it was paused, continuing to process remaining targets in the queue.

• Terminate Scan: Navigate to DISCOVER > Scans. Locate the running scan and click the Stop (ⓧ) icon. A confirmation prompt will appear. Click Terminate to stop the scan immediately and permanently. Open image-20260115-102819.png

Results

The Results page provides a comprehensive view of sensitive data detected across scanned endpoints, SharePoint sites, and email mailboxes. From this page, you can examine detailed findings, initiate investigations for closer inspection, perform remediation actions, and download reports.

Results are organised into three tabs based on where the sensitive data was found:

• Devices (workstations, laptops, file servers),

• SharePoint, and

• Email (Exchange Online mailboxes).

Navigate to DISCOVER > Results. By default, you'll see results from all completed scans. Use the filter options at the top of the page to narrow results by specific scan jobs, date ranges, data types, classifications, or target names.

Devices

For devices, you can view the scanned file details, including filename, file path, size, creation and modification dates, owner information, and operating system details. Detected data types and the number of hits are shown in a clickable format, allowing you to review sensitive content quickly. The classification of each file is displayed, and any remediation actions, such as move, copy, delete, or notifications, are tracked.

Open image-20251125-055253.png

To view,

1. Navigate to DISCOVER > Results.

2. Click on Devices.

SharePoint

For SharePoint, the Results page shows details of scanned documents, including the document name, library, path, site URL, owner, and size. Detected sensitive data types and the number of hits are clickable, providing additional details. Additionally, the status of any remediation actions performed is recorded.

Open image-20251125-055913.png

To view,

1. Navigate to DISCOVER > Results.

2. Click on SharePoint.

Email

For email results, the page provides metadata for each scanned email, including sender, recipients (To, CC, BCC), subject, sent date, and mailbox folder. Detected sensitive data types, number of hits, and the specific location of the data (body, attachment, or subject) are clickable for detailed review. The classification of the email or its contents is shown, and the status of any remediation actions is tracked.

Open image-20251125-060011.png

To view,

1. Navigate to DISCOVER > Results.

2. Click on Email.

Investigate

The Investigate function allows administrators to retrieve scanned files for further inspection. This is useful for checking whether scan configurations are working as intended or for examining unexpected results after scans, for example, a sensitive file appearing on a device that should not contain it. Select an existing investigation to download the file for analysis.

Open image-20251016-235951.png

1. Navigate to DISCOVER > Results.

2. Select one or more files from the results table by checking the boxes next to them. Click the Investigate button at the top of the results page.

3. In the pop-up window, select an existing investigation from the drop-down menu (you must create investigations beforehand in DISCOVER > Investigation). Add an optional comment to provide context for the investigation.

4. Click Investigate to download the selected files for closer inspection. Files are password-protected and downloaded in a ZIP file.

Remediate

The Remediate function executes remediation actions (move, delete, or encrypt) on files identified during a scan or investigation. Unlike the Remediation section, which provides a status view of remediated files, this function performs the actual operational steps to secure, remove, or notify relevant parties about sensitive files.

Open image-20251031-065703.png

1. Go to DISCOVER > Results > Remediate or DISCOVER > Investigation > Remediate

2. Select one or more files and click Remediate.

3. Choose a remediation action from the drop-down.

1. Add a comment (optional) to provide context or notes for the task.

2. Click Remediate to execute the selected action.

Investigation

The Investigation section allows you to create investigation cases that group files requiring further review. Once files are added to an investigation, you can download them for detailed manual inspection outside of DISCOVER.

Investigations serve several purposes:

• Grouping related files for organised review (e.g., "Finance Department Audit Q4 2024").

• Enabling secure download of sensitive files with password protection for offline analysis.

• Tracking which files have been examined and by whom.

• Maintaining a trail of investigation activity for compliance purposes.

• Tag found sensitive data as Positive or False Positive.

Open 06e904af-c5ad-47a7-a53a-44368977739a.png

Once created, the Investigation page displays detailed information about each file and provides actionable options. You can view device and file details, examine detected sensitive data types, review previous comments, and take actions such as downloading files for manual review or performing remediation steps:

Create New Investigation

Before performing any file-level investigation from the Results section, you must first create an Investigation.

Open image-20251031-063958.png

1. Navigate to DISCOVER > Investigation > +Investigation.

2. Enter a unique Name and add a short Purpose.

3. Click Create.

Remediation

The Remediation section allows you to monitor and track actions applied to sensitive data. This page provides a clear overview of remediation status and history, serving as a trail of how your organisation has responded to discovered sensitive information.

The page displays all files that have undergone remediation actions, along with complete details about the file, the action taken, and the user who performed it.

Open image-20260116-053856.png

To view remediations:

Navigate to DISCOVER > Remediation. The page displays all remediated files across all scans. Use filter options at the top of the page to narrow results by date range, remediation action type, scan name, classification, or data type.

After carrying out remediations, you can see the following information on the Remediation page:

AGENTS

A DISCOVER Agent is an endpoint device that serves as an intermediary between the Management Console and target devices or services. Each Agent has the DISCOVER Agent application installed and connects to local or remote targets to perform tasks dictated by the Management Console.

Agents execute the core operational tasks of DISCOVER, including scanning devices, file servers, and cloud services for sensitive data, discovering new targets within specified network ranges or cloud environments, downloading files for investigations, executing remediation actions (moving, copying, or deleting files), and reporting results and status back to the Management Console.

Open image-20260116-060023.png

Multiple Agents can be deployed across your network, working in parallel to distribute the workload and ensure comprehensive coverage. Each Agent operates independently but is centrally managed through the Management Console. Agents can work locally (scanning the device they're installed on) or remotely (connecting to other devices and services over the network).

What You Can Do in the AGENTS Section

Monitor Agent Status: View all deployed Agents and their current operational status, whether they're online or offline.

Track Resource Usage: Monitor CPU, memory, and disk utilisation for each Agent to ensure they're operating efficiently without impacting system performance.

View Assigned Targets: See which devices and cloud services are assigned to each Agent for scanning and management.

Download Agent Logs: Retrieve detailed operational logs or performance analysis. Logs are available for scans, target discoveries, investigations, remediation actions, and service operations.

Check Log Status: Check the generation status of the requested log file.

Navigate to AGENTS in the left-hand menu. The Agents page displays a list of all deployed DISCOVER Agents in your environment.

Agent Logs

Agent Logs record all activities performed by an Agent. Use logs to troubleshoot issues, audit system activity, provide compliance documentation, and analyse Agent performance.

• Scan Logs: Record scanning activity—which targets were scanned, what data types were searched, files examined, sensitive data detected, and any errors encountered.

• Target Discovery Logs: Record discovery operations—IP ranges or cloud services searched, devices or services found, authentication successes/failures, and connectivity issues.

• Investigation Logs: Record file download activities—which files were requested, download success/failure, duration, and permission errors.

• Remediation Logs: Record remediation actions—which files were moved/copied/deleted, action success/failure, secure location targets, and errors preventing completion.

• Service Logs: Record general Agent operations—service starts/stops, configuration changes, Management Console communication, resource usage, and system errors.

Open image-20260116-082854.png

To Download Agent Logs:

1. Navigate to AGENTS and select the Agent whose logs you need.

2. In the Agent details page, click the Request Log button and enter the following details:

3. Log Type (Required): Select one from the drop-down (Scan, Target Discovery, Investigation, Remediation, or Service).

4. From Date (Required): Select the start date for the log period.

5. To Date (Required): Select the end date for the log period.

6. Click Request Logs. DISCOVER generates the log file (may take seconds to minutes, depending on date range and activity volume).

RESOURCES

The Resources section allows you to download the Agent MSI for installation and configuration on target devices. It also provides access to help guides and documentation for operating the Management Console.

Open image-20251125-040437.png

1. Navigate to RESOURCES > Agent Download.

2. Click Download MSI.

The MSI installer will be saved to the directory specified in your browser’s download settings.