How To Specify More Than One Table for a SQL Scan

book

Article ID: 159862

calendar_today

Updated On:

Products

Data Loss Prevention Network Discover

Issue/Introduction

How can specific tables be setup for scanning via the SQL crawler?

Resolution

The setting that specifically holds the table query is driver_table_query.<vendor-name>.   This setting would need to be modified so that the response reflects the tables to be scanned.  Setup instructions are outlined in the Symantec DLP Admin Guide beginning on page 108, with custom configuration options beginning on page 110.

Here's an excerpt from the Admin Guide:

driver_table_query.<vendor-name>

Specifies the query to execute to return a list of tables to scan. Typically, the query should
return all user tables in the database. Note that the database account issuing this query needs
appropriate rights granted to it by the database administrator.

Example:

driver_table_query.sqlserver = SELECT table_schema + '.' + table_name FROM information_schema.tables

In addition to the setting, you can also set include and exclude filters via the UI. This is set under the SQL Scan Target -> Scanned Content.
Please note that these include and exclude filters operate on top of the previously mentioned driver_table_query setting, so they have to be a subset.

INCLUDE FILTERS
Use the Include Filters field to specify SQL databases and tables that Symantec DLP should process.

If you leave the Include Filters field empty, Symantec DLP performs matching on all tables in the database servers. If you enter any values in the field, Symantec DLP scans only those tables that match your filter.

The syntax for the filters is:

* (asterisk) represents any number of characters
? (question mark) represents one character
, (comma) and newline represent a logical OR
| (vertical bar) separates the database vendor pattern from the table pattern. Database vendor names are oracle, sqlserver, or db2.
Because table names are case-insensitive for many databases, the table name in the pattern is converted to upper case before matching.
The following example would match the employee table in all databases.
*|employee
The following example would match all tables in all Oracle databases.
oracle:*|*

All white space at the beginning and end of the pattern is ignored.
The matching process does not support escape characters, so there is no way to match on a question mark, a comma, or an asterisk explicitly.

EXCLUDE FILTERS
Use the Exclude Filters field to specify SQL databases and tables that Symantec DLP should skip.

If you leave the Exclude Filters field empty, Symantec DLP performs matching on all databases and tables in the Database Servers list, or in the Include Filters. If you enter any values in the field, Symantec DLP scans only those databases or tables that do not match your filter.

The syntax for the Exclude filters is the same as that for the Include filters.