Storage Configuration
Using this feature, you can choose the storage destination for all the content captured by the Endpoint Sensor after inspection. If you have enabled features such as content attributes and record screenshots, then Cyberhaven creates a copy of the content and captures screenshots. The content is stored in a repository that you own and control.
Cyberhaven does not retain any copies of the data. Instead, you can access the captured content for each event from the Risks Overview page. The event details provide links to the captured content in the destination repository.
On this page, you can configure the storage bucket where the content will be stored.
1. Click on New bucket, select the Bucket type, and follow the configuration process for the selected bucket type. See the Related articles at the bottom of this article.
2. Select Enabled to enable the configuration. You can configure multiple buckets from multiple cloud service providers. Although at a time only one bucket can be used as the storage destination. When you enable one bucket, Cyberhaven disables all the other buckets.
3. Select Can read to provide Cyberhaven read access to the bucket. When enabled, Cyberhaven provides the content report in the event details of the Risks Overview page. This option is only applicable if you've provided Cyberhaven read permissions in your cloud service provider's console.
4. Verify the configuration by clicking Test Connection. If the configuration is valid, then Cyberhaven creates a test file inside the destination repository and provides you with a link to the test file.
5. Click Finish Setup to complete the setup.
When you disable a bucket and enable a new bucket, the content files stored in the previous bucket will not be copied to the new bucket. However, the "Content" and "Content report" links in the event details will continue to work and point to the previous bucket.
The following table uses various scenarios to explain the behavior of the Can read option.
| Scenario | Can read is ON | Can read is OFF |
|---|---|---|
| Content Attributes scenarios | ||
| Content attributes feature is enabled on the tenant. | On the Risks Overview page, the event details include the Show Values tab. | The Show Values tab is hidden in the event details. |
| Content attributes feature is disabled on the tenant. | The Show Values tab is hidden in the event details. | The Show Values tab is hidden in the event details. |
| Content attributes feature is enabled on the tenant. Behavior of the Show Values tab for files uploaded to the enabled bucket. | The event details include the Show Values tab. When you click on the tab, the content report is displayed. | The event details include the Show Values tab but when you click on the tab, a broken UI is displayed instead of the content report. |
| Content attributes feature is enabled on the tenant. Behavior of the Show Values tab for files uploaded to a bucket that was previously enabled. | The event details include the Show Values tab but when you click on the tab, a broken UI is displayed instead of the content report. | The event details include the Show Values tab but when you click on the tab, a broken UI is displayed instead of the content report. |
| Content attributes feature is enabled on the tenant. If the enabled bucket is deleted from the storage provider's portal, then Cyberhaven can no longer upload files to the bucket. | The event details include the Show Values tab but when you click on the tab, a broken UI is displayed instead of the content report. | The event details include the Show Values tab but when you click on the tab, a broken UI is displayed instead of the content report. |
| Content Links scenarios | ||
| Download links for "Content" and "Content report" in the event details when the files are uploaded to the enabled bucket. | When you click on the download links, the page is redirected to the external storage location where the files are stored. | When you click on the download links, the page is redirected to the external storage location where the files are stored. |
| Download links for "Content" and "Content report" in the event details when the files were uploaded to a bucket that was previously enabled. | When you click on the download links, the page is redirected to the previous bucket where the files are stored. | When you click on the download links, the page is redirected to the previous bucket where the files are stored. |
|---|---|---|
| If the enabled bucket is deleted from the storage provider's portal, then only the previous content links are available. Cyberhaven does not perform DLP scans. The Endpoint Sensor scans the tags. | When you click on the download links, the page is redirected to the deleted bucket where the files were stored. | When you click on the download links, the page is redirected to the deleted bucket where the files were stored. |
| Record Screenshots scenarios | ||
| Record screenshots feature is enabled on the tenant. | On the Incidents page, when you expand an incident View User's Screen Snapshots button is shown. | The View User's Screen Snapshots button is shown. |
| Record screenshots feature is disabled on the tenant. | The View User's Screen Snapshots button is hidden. | The View User's Screen Snapshots button is hidden. |
| Record screenshots feature is enabled on the tenant. Behavior of the View User's Screen Snapshots button for files uploaded to the enabled bucket. | When you click the button, screenshots are displayed. | When you click the button, empty tiles are displayed instead of screenshots. |
| Record screenshots feature is enabled on the tenant. Behavior of the View User's Screen Snapshots button for files uploaded to a bucket that was previously enabled. | When you click the View User's Screen Snapshots button, empty tiles are displayed instead of screenshots. | When you click the View User's Screen Snapshots button, empty tiles are displayed instead of screenshots. |
| Record screenshots feature is enabled on the tenant. If the enabled bucket is deleted from the storage provider's portal, then Cyberhaven can no longer upload files to the bucket. | When you click the View User's Screen Snapshots button, empty tiles are displayed instead of screenshots. | When you click the View User's Screen Snapshots button, empty tiles are displayed instead of screenshots. |
|---|