Standalone Scanner

Docker instance scanning

Standalone Scanner is used for scanning all the data stores which cannot connect directly from DSPM either due to blocked public access (VPC based instance / public access disabled, etc) or not having public hosts exposed (Redis / Memcache / DocDB,etc).

Standalone scanner can be used for data stores that have public access as well, and can be reached from DSPM.

The standalone scanner is a docker instance that will be used to connect to the data stores for data crawling and risk finding tasks. Most of the parameters that are required to run the standalone scanner are generated from the DSPM platform itself like the hostname, resource ID, API Key, etc. The only set of details that need to be passed to the command which are not available from the platform are the data stores’ username and password to establish a connection to the instance.

Data Scanner task needs at least 4 GB memory to run hence the host (either local instance or cloud instances) should be selected which satisfy this key requirement. If the memory constraint is hit, then the scanner operation will be terminated.

Example for standalone scanner command is as given below:

docker run -e STANDALONE="1" -e NZ_URL="https://api3.normalyze.io" -e DATASTORE_TYPE="RDS-INSTANCE" -e X_ACCOUNT_ID="111111111" -e DB_ID="arn:aws:rds:ap-south-1:111111111:db:demodata" -e DB_ENGINE="ORACLEDB" -e DB_HOST="demodata.cdefxyzvmbux.ap-south-1.lmn.amazonaws.com" -e DB_PORT="1521" -e DB_UNAME="demuser" -e DB_PASSWORD="<Value>" -e NZ_APIKEY="<dummy-data>" -e NZ_APISECRET="<Secret valu>" -e SNIPPET_OPTION="ENABLED" -e SCANNER_TIMEOUT="3600" -it normalyze/data-scanner:latest

Steps for running the standalone scanner are as follows:

1. Search for the data store against which the standalone scanner should be run. In this example, EC2DB-INSTANCE is selected.

2. Select the data store and then navigate to Connect -> Connection Type -> select Standalone Scanner. This will show the steps that need to be followed including commands. Copy the Docker run command from step 3 to a text editor for updating the DB specific details.

3. Copy the DSPM API KEY and SECRET from the platform by navigating to DSPM UI -> Settings -> API Keys -> Regenerate API Key and Secret. This will show the value for both, copy them.

4. Use the values copied from steps 3 and the DB login credentials for the following parameters :

   DB_UNAME - Username for the database to login.
   DB_PASSWORD - Corresponding password for the user.
   NZ_APIKEY - API Key copied in step 3.
   NZ_APISECRET - Corresponding secret copied in step 3.

   In addition, the option to set Snippets on or not can be done by setting the value against SNIPPET_OPTION parameter. The supported values for it are:

   DISABLED - No snippet will be generated.
   FULL - Snippets will be generated.
   MASK - Snippets will be generated but masked for security.

5. The entire command can be executed after running the docker login command and docker image pull stages are completed. This can be run from either local instance for data stores where connections are allowed from outside the VPC or from the instances (EC2 in this example) in the same VPC for data stores like REDIS, DOCDB, MEMCACHE, etc.

6. Once the scanning operation is completed, the details are reflected on the UI after a short period - this is the time taken for the operation to send the response back to DSPM.

These same set of steps are be applicable for setting up the standalone scanner for any structured data stores.