KB Article | Forcepoint Support

Problem Description

How do I automate and schedule periodic Cloud Discovery Scans in Windows?

 

Resolution

In many enterprises, running Cloud Discovery scans needs to be scripted and automated to be run periodically to generate Cloud Discovery reports. This can be done by running the Cloud Discovery Tool on the command line and writing a small wrapper around it. Please note that the option of running the Cloud Discovery Tool using the command line is available only in the licensed version of the Cloud Discovery Tool.

There are three steps to automate and schedule periodic Cloud Discovery Scans:

  1. Schedule the logs export from the proxy/firewalls/SIEM
  2. Configure the tool to run using the command line
  3. Schedule to run the Cloud Discovery CLI tool using the Task Scheduler in Windows

1. Schedule the logs export from the proxy/firewalls/SIEM

Please contact your system/network administrator to export logs periodically and store the logs on a Windows server or storage location accessible to the Cloud Discovery Tool.

The Cloud Discovery Tool can read from a single file, multiple files or all files within a folder in one scan, so it is easy to push all logs from the proxy, firewalls, or SIEM to a folder, or in a single rotating file or one file a day stored in a folder.

2. Configure the tool to run using the command line

Create and configure a scan definition file. A .scan XML file is used by the Cloud Discovery Tool to determine the type of log and its location on the hard drive.

The XML should be in the following format:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<scan>
    <lastOutputPathname> </lastOutputPathname>
    <name>MyScanResult</name>
    <task>
       <logFormatName>product name</logFormatName>
       <pathname>C:\MyPath\MyLog.csv</pathname>
    </task>
</scan>

lastOutputPathname: Specifies the path of the tool’s last run. Should remain empty when using the CLI.
name: Specify the name of your scan.
logFormatName: Specify the type of log to be scanned. Note: The name should correspond with one of the 
available log types as they appear in the Cloud Discovery Tool UI.
pathname: Specify the path to the file or directory in which the log files reside.
NOTE:  Make sure there are no spaces between the xml tags, e.g., 
<pathname> C:\MyPath\MyLog.csv </pathname> should be 
<pathname>C:\MyPath\MyLog.csv</pathname>
 

You can also use a scan file created by running the Cloud Discovery Tool interactively through the GUI. By default, .scan files are stored under the user's My Documents folder (e.g., "C:\Users\username\Documents").

3. Schedule to run the Cloud Discovery CLI tool using the Task Scheduler in Windows

  1. Create a small batch file named run.bat with content similar to the sample content shown below, and then save the file.
The run.bat batch file runs the cloudDiscoveryCLI.bat batch file with the following command arguments:
-s <scan file> -d <scan results output>

Sample run.bat batch file contents:
cd c:\Program Files (x86)\CloudDiscovery
cloudDiscoveryCLI.bat -s "C:\Users\<username>\Documents\websense.scan" -d "C:\Users\<username>\Documents\CloudDiscovery\results"
  1. Run the run.bat batch file from the command line to make sure it runs and creates the results.
Sample output:
C:\Scripts>run.bat
C:\Program Files (x86)\CloudDiscovery>"C:\Program Files (x86)\Java\jre7\bin\java" -cp * 
-Dlog4j.configuration=log4j.cli.properties
 -Xverify:none com.skyfence.skyware.CloudDiscoveryToolCLI 
-s "C:\Users\nattu\Documents\websense.scan" 
-d "C:\Users\nattu\Documents\CloudDiscovery\results"
Scan started
[100%] 0 records analyzed
Scan done
Time: 37ms.
Sending scan results to your Skyfence Cloud Gateway
Uploading...
.......Upload done
Cloud Discovery tool finished analyzing your scan, websense
The reports can be found under: C:\Users\nattu\Documents\CloudDiscovery\results\
2014-09-13 websense (15)
Analysis summary
Total number of services found: 1
Total number of users: 1
Total number activities analyzed: 1
C:\Program Files (x86)\CloudDiscovery>
 
  1. Create a scheduled task using the Windows Task Scheduler to run it with a desired schedule.
A scheduled task can be created and modified from the command line (using the schtasks command) or the Windows UI.

Using the schtasks command:
The syntax of the schtasks command is:
schtasks /create /tn TaskName /tr TaskRun /sc schedule [/mo modifier]
[/d day] [/m month[,month...] [/i IdleTime] [/st StartTime] [/sd StartDate] 
[/ed EndDate] [/s computer [/u [domain\]user /p password]] 
[/ru {[Domain\]User | "System"} [/rp Password]] /? 

For more information about each option, see the schtasks Microsoft TechNet article.

For example, to run it every day at 10:35 AM, run as:
C:\Program Files (x86)\CloudDiscovery>schtasks /create /tn CASB-CloudDiscovery /sc DAILY /st 10:35:00 /tr "C:\Scripts\run.bat"


Using the Windows Task Scheduler UI:
Make sure the user configured for this task has administrative permissions.

  1. Go to Control Panel -> Administrative Tools -> Task Scheduler.
  2. Double-click the desired Task from the Task Scheduler Library, or create a new one.
User-added image
  1. Edit the job as below to run it with the current user.
  2. Choose Configure for Windows Vista, Windows Server 2008.
  3. Click OK.
User-added image

Article Feedback



Thank you for the feedback and comments.