How to automate and schedule periodic Cloud Discovery Scans in Windows
- Article Number: 000013511
- Products: Forcepoint CASB
- Version: All versions
- Last Published Date: February 12, 2018
Problem Description
How do I automate and schedule periodic Cloud Discovery Scans in Windows? |
Resolution
In many enterprises, running Cloud Discovery scans needs to be scripted and automated to be run periodically to generate Cloud Discovery reports. This can be done by running the Cloud Discovery Tool on the command line and writing a small wrapper around it. Please note that the option of running the Cloud Discovery Tool using the command line is available only in the licensed version of the Cloud Discovery Tool. There are three steps to automate and schedule periodic Cloud Discovery Scans:
1. Schedule the logs export from the proxy/firewalls/SIEMPlease contact your system/network administrator to export logs periodically and store the logs on a Windows server or storage location accessible to the Cloud Discovery Tool. The Cloud Discovery Tool can read from a single file, multiple files or all files within a folder in one scan, so it is easy to push all logs from the proxy, firewalls, or SIEM to a folder, or in a single rotating file or one file a day stored in a folder. 2. Configure the tool to run using the command lineCreate and configure a scan definition file. A .scan XML file is used by the Cloud Discovery Tool to determine the type of log and its location on the hard drive.The XML should be in the following format:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<scan>
<lastOutputPathname> </lastOutputPathname>
<name>MyScanResult</name>
<task>
<logFormatName>product name</logFormatName>
<pathname>C:\MyPath\MyLog.csv</pathname>
</task>
</scan>
lastOutputPathname: Specifies the path of the tool’s last run. Should remain empty when using the CLI.
name: Specify the name of your scan.
logFormatName: Specify the type of log to be scanned. Note: The name should correspond with one of the
available log types as they appear in the Cloud Discovery Tool UI.
pathname: Specify the path to the file or directory in which the log files reside.
NOTE: Make sure there are no spaces between the xml tags, e.g.,
<pathname> C:\MyPath\MyLog.csv </pathname> should be
<pathname>C:\MyPath\MyLog.csv</pathname>
You can also use a scan file created by running the Cloud Discovery Tool interactively through the GUI. By default, .scan files are stored under the user's My Documents folder (e.g., "C:\Users\username\Documents"). 3. Schedule to run the Cloud Discovery CLI tool using the Task Scheduler in Windows
The run.bat batch file runs the cloudDiscoveryCLI.bat batch file with the following command arguments:
-s <scan file> -d <scan results output> Sample run.bat batch file contents:
cd c:\Program Files (x86)\CloudDiscovery cloudDiscoveryCLI.bat -s "C:\Users\<username>\Documents\websense.scan" -d "C:\Users\<username>\Documents\CloudDiscovery\results"
Sample output:
C:\Scripts>run.bat C:\Program Files (x86)\CloudDiscovery>"C:\Program Files (x86)\Java\jre7\bin\java" -cp * -Dlog4j.configuration=log4j.cli.properties -Xverify:none com.skyfence.skyware.CloudDiscoveryToolCLI -s "C:\Users\nattu\Documents\websense.scan" -d "C:\Users\nattu\Documents\CloudDiscovery\results" Scan started [100%] 0 records analyzed Scan done Time: 37ms. Sending scan results to your Skyfence Cloud Gateway Uploading... .......Upload done Cloud Discovery tool finished analyzing your scan, websense The reports can be found under: C:\Users\nattu\Documents\CloudDiscovery\results\ 2014-09-13 websense (15) Analysis summary Total number of services found: 1 Total number of users: 1 Total number activities analyzed: 1 C:\Program Files (x86)\CloudDiscovery>
A scheduled task can be created and modified from the command line (using the schtasks command) or the Windows UI.
Using the schtasks command: The syntax of the schtasks command is:
schtasks /create /tn TaskName /tr TaskRun /sc schedule [/mo modifier] [/d day] [/m month[,month...] [/i IdleTime] [/st StartTime] [/sd StartDate] [/ed EndDate] [/s computer [/u [domain\]user /p password]] [/ru {[Domain\]User | "System"} [/rp Password]] /? For more information about each option, see the schtasks Microsoft TechNet article. For example, to run it every day at 10:35 AM, run as: C:\Program Files (x86)\CloudDiscovery>schtasks /create /tn CASB-CloudDiscovery /sc DAILY /st 10:35:00 /tr "C:\Scripts\run.bat"
|
Article Feedback
Tools & Links
Want 24/7 Tech Support?
Learn more