11 Mar 2016

11 Mar 2016

Seeker User Guide

By:

 

Welcome to Seeker’s help documentation. Seeker’s purpose is to assist administrators in finding files that may contain sensitive or confidential information such as credit card data or social security numbers, so that unwanted or inadvertent storage can be dealt with before data is stolen.

Seeker was developed to fill the void between the excessively feature-packed enterprise DLP software available today at exorbitant prices and free offerings which are not adequate to the task of quickly and centrally providing concise reports on a company’s distributed resources.

Getting Started

To Run Seeker:

Depending on the operating system, go to the Apps Screen and choose Seeker, or go to the Start Menu and chose the Seeker group, then choose Seeker. You should now see the Seeker console window.

How to Search for Data

Seeker is designed to make the process of scanning a typical company’s Windows environment easy. Therefore, options are provided for enumerating targets using Active Directory. Seeker also lets an administrator browse for a root folder (local drive or network path), manually add computer names or IP addresses, or provide a CSV file containing target names.

Selecting Scan Targets

mainscreenshot

To Select Targets by Active Directory OU and/or Computer Account:

  • On the Targets tab of the Seeker console, click the “Browse Active Directory to Select OUs and/or Machines” button.
  • Use the tree view to navigate through your domain’s structure and select any OU and/or computer objects you would like to have included in the scan. Multiple selections are possible using the control (non-consecutive items) and shift (consecutive items) keys.
  • Returned results can be filtered by prefix or substring. For example, if you only want the computers beginning with “finance-“, then enter “finance-” into the text box next to “Return Only Machine Names Beginning With:”.
  • Press the “Return Machine List” button and you will be returned to the Targets Tab of the Seeker console, with all the selected matching objects populating the “Potential Scan Targets” list.
  • Select all of the potential targets that you confirm as desired objects to scan from that list (they are all selected by default after being returned from Active Directory) and press the “Add” button to add them to the “Confirmed Scan Targets” list.

To Select Targets by Membership of an Active Directory Group:

  • On the Targets tab of the Seeker console, click the “Select Active Directory Group with Targets” button.
  • Type in the group name, and press the “Validate Group Name” button to verify it exists. If it does, you will see a “Validated” message.
  • Press “Add” and you will be returned to the Targets Tab of the Seeker console, with any computer accounts in the group you specified populating the “Potential Scan Targets” list.
  • Select all of the potential targets that you confirm as desired objects to scan from that list (they are all selected by default after being returned from Active Directory) and press the “Add” button to add them to the “Confirmed Scan Targets” list.

To Browse for a Network or Local File System Folder to Scan:

  • On the Targets tab of the Seeker console, click the “Browse for a Root Folder to Scan” button.
  • In the file browsing window, navigate to the path you would like to scan. You can also type it in the address bar at the top.
  • Press “Select Folder” and you will be returned to the Targets Tab of the Seeker console, with your path in the “Potential Scan Targets” list.
  • If your path looks correct, press the “Add” button to add it to the “Confirmed Scan Targets” list.

To manually enter a UNC Path, Machine Name or IP Address:

  • On the Targets tab of the Seeker console, click the “Add Single UNC Path, Machine Name or IP Address” button.
  • Enter your desired path, computer name, or IP address in the text box and press the “Submit” button.
  • Press the “Add” button to add it to the “Confirmed Scan Targets” list.

To Use Targets from a CSV File Generated By Another Program:

  • On the Targets tab of the Seeker console, click the “Browse for File Containing UNC Paths/Machine Names/IPs to Scan” button. Potentials Targets in the file will be added to the “Potential Scan Targets” list in the Targets tab of the Seeker console.
  • If the potential targets look correct, press the “Add” button to add them to the “Confirmed Scan Targets” list.

Choose Scan Type:

Select a target type from the radio button list at the top right under “Target Type”.  Based on the target type, a subset of options will be available under “Scan Subtype”.  No options will be available under subtype of “Websites” is chosen for scan type.

Defining Search Patterns:

To define the patterns for which you wish to search, select the “Search Patterns” tab in the Seeker console. You will see the default list of Patterns included with Seeker on the list. Each will have a Name, Regular Expression (“Regex”) and, where applicable, a validator. Validators included with Seeker can be used for SSNs and credit card numbers.

Basic Scan Settings:

Your scan type, filters, and alerts, as well as the file extensions you would like to scan, can be set on the Basic Scan Settings tab. Logging settings can also be set on this tab.

Select File Extensions to Scan:

Under “File Extensions to Scan”, extensions can be added and deleted.  All selected extensions will be removed when the delete button is used to eliminate file types.

Set Name/Path Filters:

Any strings added to this list will not be scanned when encountered.

Set Name/Path Alerts:

Any strings added to this list will generate an alert in the report when encountered.

Log Alert based on a file’s Permissions:

If a file’s NTFS permissions include an entry for a group in this list (such as “Everyone”), an alert will appear in the report.  Groups/users can be added as desired.

Set Logging options for Report:

“Data to Log for Report” allows you to specify whether to show multiple matches or a single match within a file with more than one match for a given pattern.  It also allows you to specify whether you’d like to display only the last four digits in the case that you’re using a SSN or CCN validator for the pattern.

Set Scanning Options for Access Databases:

“MS Access Databases” options allow you to limit scanned rows per table for performance reasons.  Also, you may specify a maximum number of errors in a DB to tolerate before ending the scan of the file.

Saving, Loading and Deleting Target Lists

Select File from the menu bar in Seeker. Scan target lists can be saved, loaded, or deleted using the “Save Scan Targets”, “Load Scan Targets”, and “Delete Scan Targets” items, respectively. Saving a target list can be useful if you are scanning a set of computers not easily delineated by Active Directory OU or group, and you wish to avoid the time investment of re-compiling the list each scan.

Note that you also can separately use text files you have created elsewhere with the “Browse for File Containing UNC Paths/Machine Names/IPs to Scan” button on the Targets tab in Seeker. These files must have a single target per line.

Saving, Exporting, and Importing Scan Configuration

To Save Your current Scan Configuration

Select “File” from the menu bar and click “Save Config”. The next time you open Seeker, your current configuration settings should be in place.

To Export Your Current Scan Configuration

  1. Select “File” from the menu bar and click “Export Config”.
  2. Browse to the path where you wish to export your configuration settings.
  3. Enter a name for the file in the text box at the bottom of the window.
  4. Press the “Save” button.

Your configuration settings have now been exported into an XML file that can be used by other accounts or machines running the Seeker console.

To Import Scan Configuration Settings from a File

  1. Select “File” from the menu bar and click “Import Config”.
  2. Browse to the path with a Seeker-generated configuration XML file from which you wish to import your configuration settings.
  3. Press the “Open” button.

Your configurations settings in Seeker should now be in line with those from the XML file you selected.

Restoring Default Configuration Settings

To Restore the Default Installation Scan Configuration:

Select “File” from the menu bar and click “Restore Default Config”. Your settings should now be restored to the installation defaults.

Saving and Loading Scan Results

Scan results are automatically saved to Seeker’s database and can be loaded at any time using the File menu / Load Saved Scanned Results.

reporting