Configuring a Network Share

Procedure

1. Go to Virtual Analyzer → Network Shares.
2. Do one of the following:
   • Click Add to configure a new network share.
   • Click a network share name to change the settings.
3. Click the Status toggle to enable or disable the network share configuration.
4. Type a descriptive name for the network share.
5. Type additional information for the network share.
6. Select a storage service and configure the required settings.
   • NFS or CIFS storage service

     Field	Description
     Server address	Type the IP address or fully qualified domain name (FQDN) of the network share server. Note Make sure the network share server uses UTF-8 encoding to allow Deep Discovery Analyzer to perform sample analysis and display the server address properly.
     Path	Type the network share path (for example, /Users/Shares/Website).
     User name	Type the user name to access the network share. For domain users, type the user name in the format domain_name\user_name.
     Password	Type the password to access the network share.

   • AWS S3 storage service

     Note Enabling network share scanning for AWS S3 may incur additional data transfer cost. Configure the required permissions for Deep Discovery Analyzer to access the AWS S3 storage service for network share scanning.

     Field	Description
     Server address	This field displays the server address for the storage service.
     Path	Type the bucket name or bucket folder path (for example, my_bucket or my_bucket/my_folder/../). Note You must specify at least the bucket name in the path.
     Access key ID	Type the access key ID that Deep Discovery Analyzer uses to access AWS S3.
     Secret access key	Type the secret access key that Deep Discovery Analyzer uses to access AWS S3.
     Proxy setting	If a proxy server is required for Deep Discovery Analyzer to connect to AWS S3, select Connect using system proxy server or Connect using custom proxy setting and configure the required settings.

   • Azure Blob storage service

     Note Enabling network share scanning for Azure Blob may incur additional data transfer cost. Configure the required permissions for Deep Discovery Analyzer to access the Azure Blob storage service for network share scanning.

     Field	Description
     Server address	This field displays the server address for the storage service.
     Path	Type the container name or the container folder path (for example, my_container or my_container/my_folder/../). Note You must specify at least the container name in the path.
     Account name	Type the account name that Deep Discovery Analyzer uses to access Azure Storage.
     Access key	Type the access key that Deep Discovery Analyzer uses to access Azure Storage.
     Proxy setting	If a proxy server is required for Deep Discovery Analyzer to connect to Azure Blob, select Connect using system proxy server or Connect using custom proxy setting and configure the required settings.

7. For file matching, configure file name patterns that Deep Discovery Analyzer uses to filter files for scanning. Do the following:
   1. Select to match files based on the inclusion or exclusion list.

      Note If you select to use both lists for file name matching, the exclusion list has a higher priority.

   2. Type one or more file name pattern for the selected list.

      Note File name patterns are not case sensitive. Deep Discovery Analyzer supports the following wildcards in file name patterns: *: Matches all ?: Matches any single character [seq]: Matches any character in seq [!seq]: Matches any character not in seq You can configure up to 10 file name patterns in a list. The same file name pattern cannot exist in both inclusion and exclusion lists. Deep Discovery Analyzer scans files that match the selected file name pattern list.

8. Specify the scan action.

   Action	Description
   Do not move files after scanning	Select this option to keep the files in the original folder after scanning. This is the default setting. Note To have Deep Discovery Analyzer automatically create the output_ddan output folder, select the Copy analysis report to output folder option.
   Move files	Select this option to move files to the specified output location after scanning. Select one of the following options: Destination path: Select this option to move a detected file to a sub-folder in the destination path you specify. The system automatically creates the sub-folder for each risk level in the destination path. Destination path by risk level: Select this option and specify the destination path for each risk level to move detected files. To access the output path using the same access credentials as the network share, select Inherit credentials from network share; otherwise, specify the access credentials for the output path. Note The output path and the network share path cannot be the same. Make sure read-write permissions are set on the output location. Files in the output path are excluded from scanning.
   Delete files with the selected risk level(s) after scanning	Select this option to delete files with the selected risk levels after scanning. Note To have Deep Discovery Analyzer automatically create the output_ddan output folder, select the Copy analysis report to output folder option.

   Deep Discovery Analyzer stores the following generated files in the output folder (which is excluded from scanning):

   • Report files (with the file naming convention id_filename_report.zip)
   • Report metadata files (with the file naming convention id_filename.meta) that contain the original file path information for scanned files.
9. Select a scan method.

   Note This setting is not applicable if you select the option to move files after scanning.

   • Quick scan: Select this option to only scan files that are modified since the last scan. This is the default setting.
   • Full scan: Select this option scan all files.

   Note For the first quick scan, Deep Discovery Analyzer performs a full scan and scans only modified files in subsequent quick scans. If you switch from Full scan to Quick scan, Deep Discovery Analyzer scans only modified files after the previous full scan is completed.

10. Specify other scan settings.
    • Rename detected files: Select this option to rename detected files to prevent accidental execution of malicious files.
      Deep Discovery Analyzer renames detected files in the format id_<original filename>.vir.
      For example, if the original file name is test, the renamed file becomes 56_test.vir.
    • Copy analysis report to output folder: Select this option to create a copy of the analysis report to the output folder.

    Note If you enable a scan setting, make sure read-write permissions are set on the output location.

11. Configure scheduled scan settings. Do the following:
    1. Click the toggle button to enable or disable scheduled scan.
    2. Select a schedule option and configure the required settings.

       Note If you select Full scan, you can only configure a weekly or monthly schedule.

12. (Optional) Click Test Connection to test the connection to the network share.
13. Click Save.

    Tip After you add a network share, you can access the Submitters screen to view the associated sample submissions and adjust the weight value (the default is 4) for Virtual Analyzer resource allocation.