4.0

MS365 Teams Chat Files

Details

Summary

Version 4.0 introduced the ability to scan and report on Microsoft 365 storage repositories. These include SharePoint document libraries, OneDrive for Business drives, and Team drives.

This report focuses on files that are located in Team chat file locations.

MS365 Permissions by Site

Details

Summary

New with version 4.0 is ability to scan and report on permissions and sharing within Microsoft 365. Know how the permissions are set and how files are sharing can make a large impact on how well a company’s data is protected.

This report comes in a couple of formats. First a custom paginated format and secondly a CSV based format.

NOTE: Due to schema changes in 4.1, be sure to download the appropriate version for your installation.

MS365 Filename Extension

Details

Summary

New with version 4.0 is the ability scan your Microsoft 365 tenent.  The filename extension report helps you see what applications are being used, by way of the filename extensions used.

This report includes both the summary and detail sections you maybe used to from the built-in reports. The query can be filtered by drive_categories by modifying line 53.

 

MS365 Duplicate Files

Details

Summary

New with version 4.0 is the ability to scan for truely duplicated files in Microsoft 365. Version 4.0 collects the content hash from the files in Microsoft 365 so that the duplicates can be found and remediated.

 

Details

Duplicated files can be simply redundant taking up extra space or they can be a security risk. Files get downloaded from SharePoint where the security is more regulated to someones OneDrive or MySite and then shared. This could potentially be a big problem.

MS365 DateAge LastModified

Details

Summary

New with version 4.0, comes the ability to scan your Microsoft 365 tenant and create reports from the data found in the Document Libraries and One Drive File Systems.

This report focuses on the when the files in the desired drive_categores were last modified by year.  The report layout includes both Summary and the Detailed Reports.

 

Sharing Links by User Drive

Details

Summary

This report capitalizes on the ability of version 4.0 to scan your OneDrive for Business storage. Individuals within your company may be sharing out your companies IP with little regard for security.  This report is limited to the list of all sharing links located with discovered User OneDrive for Business drives, and does not include Direct Access permissions.

 

File Extensions by Category

Details

Summary 

This report combines file extensions in to categories. The report uses the srs.current_fs_scandata database view which limits the scope to current scans only. This recipes comes in two styles, either Detailed or Summary. Each version of the report comes with a report layout.

Version 3.6 - 4.0

The report is further limited by the sd.fullpath LIKE portion of the sql where clause. If you remove it, the report will run across all current scan_data.

Duplicate file across the tenant

Summary

This report utilizes the new added Microsoft 365 scanning features of version 4.0.  The 4.0 tenant scan prompts the new Agent365 to collect a hash of the file content and store the hash in the database where it can be use to compare against other files that match in content.

This query is designed to show show the different joins work together to get the desired data.

 

Content Hash Duplicate File Report

Summary

This report utilizes the new added file content hash feature of version 4.0.  The 4.0 scan policy definition gives a new option to Generate file content hashes for All Files or Files uploaded since the last scan.  This option prompts the AgentFS to generate a SHA256 hash of the file content and store the hash in the database where it can be compared against other files that match in content.

New with version 4.1 is the ability to manage the report paths outside of the query via the Report Designer. 

Current NTFS ACEs Without Inheritance

Summary

How when using the srs.current_ntfs_aces view can I report on the ACEs without inheritance?

Explaination

The srs.current_ntfs_aces view includes a field called ace_flags which is a value mask.

If the bit flag with a value of 16 is present, then the ACE is inherited. Filtering out inherited ACEs is a simple matter of checking that this flag is off.

Pages