GuardWare DISCOVER: Management Console Quick Start Guide

1. Introduction

GuardWare DISCOVER is a cross-platform data discovery and remediation system designed to locate, analyse, and manage sensitive data across target devices, file servers, email systems, and cloud storage. Its primary focus is PCI and PII data discovery with the ability to add other data types as required.

This guide introduces the essential steps for setting up the Management Console and quickly initiating scan jobs. A detailed guide is also available if you wish to understand each feature of the Management Console.

2. Create Data Classifications (Optional)

The Data Classification feature lets you group multiple data types under a single classification and assign a color label for easy visual identification. Classifications are automatically given a sensitivity level based on their creation order, starting from level 0 and increasing for each new entry.

When a document contains multiple classified data types, DISCOVER applies the highest sensitivity level detected, ensuring the file is classified according to its most sensitive content.

1. Log in to the GuardWare DISCOVER Management Console and navigate to DATA GOVERNANCE > Data Classification.

2. Click +Create New Classification.

3. Enter a Classification Name, Description (optional), and select a Color for visual identification.

4. Click Save.

3. Create a Data Owner

A data owner is a person who’s linked to one or more data types. They receive email alerts whenever sensitive data linked to them is discovered, ensuring accountability and timely notifications. The Data Owner does not have to be the same person as the device owner and can be a completely separate individual.

1. Go to DATA GOVERNANCE > Data Owner and click +Create Data Owner.

2. Enter the new data owner’s Email, Name, Phone number, Description (optional), and Contact (optional).

3. Click Save. To assign data types to data owners, see Assign Data Types.

4. Assign or Create Data Types

Data Types in DISCOVER define what kind of information the system looks for during scans. You can either assign predefined data types from the built-in library (PII, PCI DSS) or create and assign custom data types if your data isn’t covered in the predefined data type library.

Start with a few high-priority data types and expand gradually based on your needs.

Assign Data Types

1. Go to DATA GOVERNANCE > Data Owner.

2. Select the data owner you want to assign a data type to and click +Assign Data Types.

3. Use the search box to find the desired data type (e.g., MasterCard), select it, and click Save to assign it to the owner.

Create Data Types (Optional)

In addition to predefined data types, you can also create custom data types for DISCOVER to scan. A data owner must first be created when creating custom data types.

1. Go to DATA GOVERNANCE > Data Types and click +Create Data Type.

2. In General Information, enter the Data Type Name and Description (optional).

3. Select a Data Identifier from the dropdown. You can choose between three data type identifiers:

   • Regular Expressions (Regex): for structured patterns such as credit card numbers, Medicare numbers, and SSNs.

   • Sensitive Words: for keywords or phrases that do not follow regex or filename expression patterns. Example: “salary”, “John”, or “confidential.”

   • Filename Expressions: for matching files by name or extension (e.g., *.pdf).

4. Assign a Data Classification to the data and add Data Owner(s) to the newly created data type.

5. Click Save.

5. Add Devices and Services

Targets are the systems and services DISCOVER scans to detect sensitive data. This includes endpoint devices and file servers, as well as cloud services like Microsoft SharePoint and Exchange. Properly defining targets ensures scans reach the correct data sources.

Add Device Targets

1. Go to DISCOVER > Target Discovery > Devices and click +New Target Discovery.

2. Enter a Job Name to name the scan, and specify the Target IP range to define the network segment in which DISCOVER should search for devices.

3. Set the Location to filter the list of agents by their assigned location.

4. Select the appropriate Protocol (WinRM, SSH, or FILE SERVER) to connect to the devices and provide Authentication credentials.

5. Set the Connection Attempt Interval to define how frequently DISCOVER will try to connect to a target.

6. Set Give-up Trying After to specify the maximum duration DISCOVER will continue attempting the connection before abandoning it.

7. Click Save.

Add Services

1. Go to Target Discovery > Services and click +New Target Discovery.

2. Enter the Discovery Job name, then select the Cloud Connector for the service type (Microsoft Exchange or SharePoint).

3. Specify the Organisation (for SharePoint) and provide the Client ID and Tenant ID for authentication.

4. Set the Location to filter the list of agents by their assigned location.

5. Select either Client Exchange Secret or Certificate as an authentication method.

6. Set the Connection Attempt Interval to define how frequently DISCOVER will try to connect to a target.

7. Set Give-up Trying After to specify the maximum duration DISCOVER will continue attempting the connection before abandoning it.

8. Click Save.

6. Configure and Run Scans

Once classifications, data owners, and data types are configured, DISCOVER is ready to perform scans. During a scan, DISCOVER examines the selected devices and services by checking the specified file paths (or all paths, if configured) and the specified file types (or all types).

It then searches within those files for the selected sensitive data types, identifying and reporting any matches it detects. You can run a One-Time Scan for testing or targeted scans, or an Ongoing Scan for complete routine monitoring.

Configure and Run a One-Time Scan

A One-Time Scan checks new or changed files on the selected targets against your configured data types and classifications. Use it to validate a new rule, perform a targeted check, or test new scan configurations.

1. Navigate to DISCOVER > Scans and click +New Scan.

2. Select One-Time Scan and click Proceed.

3. Enter a Scan Name and give a Description (optional), then click Next.

4. Select the data types you want to search for and click Next.

5. Select the targets and services to scan, then click Next.

6. Configure the File Handling Options, specify the files and folders you want to include or exclude from the scan, and then click Next.

7. Review the scan configurations and click Save Scan. The scan will begin automatically.

Configure and Run an Ongoing Scan

An Ongoing Scan performs a full scan of selected targets and services on a recurring schedule. Use it for routine checks, to validate compliance with data-handling policies, and to maintain continuous visibility into sensitive information across your environment.

Each scan contributes to a historical record that DISCOVER uses to generate trends, allowing you to monitor changes over time, identify emerging risks, and track remediations. Ongoing Scans are resource-intensive, so schedule them during off-peak hours to minimize impact on business operations.

1. Go to DISCOVER > Scans and click +New Scan.

2. Select Ongoing Scan and click Proceed.

3. Select data types you want to search for and click Next.

4. Select the Targets/Services to scan, then click Next.

5. Configure File Handling Options and filters, then click Next.

6. Schedule the scan time and click Next.

7. Review the scan configurations and click Save Scan. The scan will automatically initiate.

7. Next Steps

After configuring scans, use the Investigate section to review flagged results and assess risks, and the Remediate section to act on sensitive files. Continue refining your classifications and data types over time to improve accuracy and reduce false positives.