2-DatAdvantage Operational Use Training Lab Guide 7.5

Basics of DatAdvantage Operations
Varonis Training Lab
Lab Instructions
DatAdvantage 7.5.8.91
Data Governance Suite

Contents
Lab Overview............................................................................................................................................... 4
Setup Environment ...................................................................................................................................... 7
Section 1: Using the Work Area to Determine Potential Access ..................................................................... 9
Lab 1: Who can access a folder? ............................................................................................................................ 10
Lab 2: Who are the members of a group? .............................................................................................................. 13
Lab 3: Which folders does a user have permission to access? ................................................................................. 14
Lab 4: Which groups does a user belong to? ........................................................................................................... 15
Lab 5: Which folder does a Global Group have access to? ....................................................................................... 17
Section 2: DatAdvantage for Exchange ...................................................................................................... 18
Lab 1: Who has access to a specific mailbox? ......................................................................................................... 19
Lab 2: Which mailboxes can a specific user access? ................................................................................................ 21
Lab 3: Who has access to a given Public Folder/Which Public Folders can a user access? ......................................... 23
Section 3: DatAdvantage for SharePoint .................................................................................................... 24
Lab 1: Who can access a SharePoint Site? .............................................................................................................. 25
Lab 2: Who are the members of a SharePoint group? ............................................................................................. 26
Lab 3: What are the permissions contained within a SharePoint Permission level? ................................................. 27
Lab 4: What are the effective permissions for a SharePoint Group on a SharePoint Site? ........................................ 28
Section 4: DatAdvantage for Unix .............................................................................................................. 30
Lab 1: Determine where POSIX ACLs exist. ............................................................................................................. 31
Section 5: The New Dashboard Overview ................................................................................................... 33
Lab 1: Dashboard Overview ................................................................................................................................... 34
Lab 2: Find the files that a user accessed ................................................................................................................ 42
Lab 3: Find all the files accessed within a folder. .................................................................................................... 44
Lab 4: Find all the Text files accessed on a specific day. .......................................................................................... 46
Lab 5: Determine who deleted a specific file .......................................................................................................... 48
Section 6: The Statistics View ..................................................................................................................... 50
Lab 1: Find the most active user on the “CORPFS02” server .................................................................................... 51
Lab 2: Determine and assign a Data Owner. ........................................................................................................... 53
Lab 3: Determine the directories that a user has accessed. ..................................................................................... 55
Section 7: Recommendations, Modeling and Committing Changes ............................................................. 57

Lab 1: What are the DA recommendations for a specific group? ............................................................................. 58
Lab 2: What would be the impact of removing a person from a group based on a DA recommendation? ................. 60
Lab 3: How do we “model” a permission change using DatAdvantage? ................................................................... 61
Section 8: Data Transport Engine (DTE) for DatAdvantage ......................................................................... 67
Lab 1: How can I create a DTE rule in order to migrate data? .................................................................................. 68
Lab 2: How can I tell what data has been moved by DTE recently? .......................................................................... 75
Section 9: The DatAdvantage Data Classification ENGINE (DCE) ................................................................. 76
Lab 1: Who has access to the sensitive files within an important directory? ............................................................ 77
Lab 2: How can I find the users that have been accessing files which contain sensitive data, (i.e. credit card
numbers)? ............................................................................................................................................................ 80
Lab 3: How do I configure the DatAdvantage DCE to scan for the word “Confidential”? .......................................... 82
Section 10: DatAdvantage For Directory Services ....................................................................................... 84
Lab 1: What are the different domain objects in AD? ............................................................................................. 85
Lab 2: How can I see changes made within Directory Services? ............................................................................... 87
Section 11: DatAlert for DatAdvantage ...................................................................................................... 89
Lab 1: How can I enable pre-built threat model to send real time alerts to the event log? ....................................... 90
Lab 2: Investigating an alert within the dashboard ................................................................................................. 95
Section 12: Reporting................................................................................................................................. 99
Lab 1: Schedule a user access log report. ............................................................................................................. 100
Lab 2: Create a group membership report ............................................................................................................ 103
Lab 3: Determine the permissions for a user or group by running the effective permissions report. ...................... 105
Section 13: Administering DatAdvantage ..................................................................................................108
Lab 1: Determine how to add authorized administrators to DA. ........................................................................... 109
Lab 2: Determine how to configure the ADWalk, Filewalk and Pullwalk job schedules. ......................................... 111
Lab 3: Adding a user to the filtered user list. ........................................................................................................ 113
Lab 4: Adding a global group to the Global Group list. .......................................................................................... 114
Section 14: DatAdvantage Troubleshooting ..............................................................................................115
Lab 1: Review the event viewer to determine if any issues exist with DA. ............................................................. 116
Lab 2: Check the status of the SQL and Varonis services to ensure they are operating properly. ............................ 117

LAB OVERVIEW
ACCESSING THE VIRTUAL TRAINING ENVIRONMENT
1. Navigate to https://certification-labs.varonis.com
*Note: Varonis employees cannot use this link to access the virtual training environment.
Varonis Sales Engineers should use https://se-labs.varonis.com/ to access the labs while PS
engineers should use https://ps-labs.varonis.com/.
2. Sign in using your partner login credentials. These credentials are the same credentials you used to login to
https://partneredu.varonis.com
3. On the left-hand side, select “New Environment”

4. Choose a name for your environment. In this case, I have named it “Operational Use Training”
a. Select a template that you want to deploy. The template name is identical to the course that you
signed up for. In this case, I am deploying the “DatAdvantage Operational Use Training”
template.
b. Select a region that you would like to deploy the template in. Please select the region that is closest to
your location. I am in the United States, so I will be deploying the template in “East US 2”.
c. Choose a window that the lab will be available for. Make sure that you select the appropriate
time zone for your location. I would like my lab to be available from 9 AM – 5 PM EST.
d. Click “Create” once you have filled all the sections out.
5. Click the check button to confirm your selection.
6. A request will be sent to the Varonis Partner team that will need to be approved before your
environment is deployed. You will receive an email once the request has been approved and your
environment has been deployed.
7. Once your environment has been deployed, you will see the environment if you click on “Environments” on the
left-hand side. The status of the environment will say “Up” if it is ready to be used.

8. Click on the environment that you just deployed. A panel will appear on the right-hand side. For this specific
template, there is one machine that will be used.
9. Each machine has three action buttons. Connect, stop and restart.
a. Connect – Opens a new tab in your browser and opens a RDP connection to the selected server.
b. Stop – Turns off the virtual machine
c. Restart – Restarts the virtual machine
*Note: The connect button functions differently for Varonis employees. Clicking “Connect” will
download a link to an RDP session for the machine you selected. You will then have to enter the
username/password for the machine to connect. The username for all machines is
“corp.local\administrator” and the password is “password2”.
10. If you do not finish the lab in the time period that you selected when deploying the environment, the
environment will shut down. You have the option to restart the lab the next day and pick up from the previous
spot you stopped at by selecting the “Start” option.

SETUP ENVIRONMENT
1. Before starting the lab, due to the nature of the environment we are running all the Varonis services must be
restarted. On the desktop there is a script called “restartservices.ps1”. Right click on this script and select
“Run with Powershell”. When prompted to change the execution policy, press “y” and hit enter.
2. A script will run that automatically starts Varonis services. Once it’s complete, the window will automatically
close and you can start the lab. Note: Ignore any red text that may appear during this process.

3. The last thing we need to do is set the time of the VM back to a certain period when all the data for the lab
was collected. On the desktop there is a script called “FixDate.ps1”. Right click on this script and select “Run
with Powershell.”
4. The script will run to automatically reset the clock. The window will automatically close and you can proceed
with starting the lab.
Note: If you plan on running the environment for multiple days/sessions, it’s recommended to re-run both
scripts at the start of each new day. Every time the environment shuts down for the day, these scripts will
need to be re-run in order to function correctly.

SECTION 1: USING THE WORK AREA TO DETERMINE POTENTIAL
ACCESS
Section Overview:
This section provides visibility into the permissions that users and groups have to data using bi-directional mapping
Labs:
i) Lab 1: Who can access a folder?
ii) Lab 2: Who are the members of a group?
iii) Lab 3: Which folders does a user have permission to access?
iv) Lab 4: Which groups does a user belong to?
v) Lab 5: Which folders does a global group have access to?
Functionality:
• The Work Area displays the Active Directory/NIS/LDAP users and groups, as well as all local accounts, which
may have permission to access unstructured data on monitored file servers, Exchange Servers, SharePoint
Servers, NAS devices, and data on Office 365.
• The Work Area provides a multi-dimensional view and allows the DatAdvantage operator to see the following:
• User permissions – To the folders the user can access
• Group permissions – To the folders the group can access
• Folder permissions – To the users, groups and nested groups that have access to the folder
• This multi-dimensional view makes an entitlement review a simple task
• Assign and manipulate data owners

LAB 1: WHO CAN ACCESS A FOLDER?
Task:
In this lab you will determine who can access the Finance folder
Context:
For any folder, DatAdvantage makes it easy to view the NTFS and Share permissions that exist for that folder. DA
provides the ability to determine, not only the groups that have access to the folder but the individual users that each
group contains. Existing Microsoft functionality does not provide this capability.
Use Cases:
A business data owner wants to know who can access their data.
Procedure:
1) Open the DatAdvantage GUI from the desktop.
2) Click the ribbon on the left side to expand out “Existing Users and Groups”.

3) Expand the server “CORPFS02” (CORPFS02 > C: > Share) and double click on the “Finance” directory.
4) In the left pane, “Existing Users and Groups”, you will notice that the information has changed. It now shows
all groups that have access to the “Finance” directory and what level of permissions they have.

5) Expand the “Group_Finance” group to determine the individual users that have access to the finance folder.
Note: DatAdvantage provides an easy way to determine all the individual users that have access to a folder
via the NTFS permissions. Share level permissions are available within the properties tab. The Work area GUI
will display the effective permissions by default. However, Microsoft best practices states to configure the
Share permissions so that they are available to everyone, Full Control.

LAB 2: WHO ARE THE MEMBERS OF A GROUP?
Task:
In this lab you will list the members of the Legal group.
Context:
DatAdvantage makes it easy to determine all the members of groups and nested groups. Daily, DA will update group
membership information by polling Active Directory (or any other user repository) for user and group information. DA
makes it easy to determine AD group membership with a simple click.
Use Cases:
The Legal department needs to know the members of the legal group.
Procedure:
1) In the left pane, “Existing Users and Groups”, within the “Look For” box, type the name “Legal” and click the
plus sign on the left of Legal (corp.local) to expand out the children of that group. This view will show all users
in the Legal group.
Note: It is very easy to determine all the members of any group with DA.

LAB 3: WHICH FOLDERS DOES A USER HAVE PERMISSION
TO ACCESS?
Task:
In this lab you will determine which folders are accessible by Marc Farhat.
Context:
DatAdvantage makes it easy to see which folders any individual user has access to. By providing this information DA
will show the operator the potential access each user has.
Use Cases:
Marc Farhat is moving from Legal to Finance and IT Operations needs to audit his permissions
Procedure:
1) In the “Existing Users and Groups” pane, type “Marc Farhat” in the “Look For” field and press enter.
Double click on Marc’s name to see where Marc has permissions on directories.
2) Folders that are now green are folders that Marc can access. Listed next to each parent directory is a list of
permissions that Marc has to that directory and all its sub-directories. If those permissions are inherited, then
the permission line will be blank and you would look at the permissions of the parent folder. Notice that the
folder HR is yellow which means that Marc does NOT have access to that folder. These permissions include the
NTFS permissions, FMRWXL, respectively Full, Modify, Read, Write, eXecute and List. Share permissions are
not included in the GUI by default, but they can be selected under the view menu. In the “Explanations”
column you will see from which groups Marc inherits these permissions. This means that Marc is a member of
the listed groups.

LAB 4: WHICH GROUPS DOES A USER BELONG TO?
Task:
In this lab you will determine the groups that Marc Farhat is a member of.
Context:
DatAdvantage makes it easy to see all the individual groups that any users are members of.
Use Cases:
The Information Technology Department needs to identify all the groups Marc Farhat is a member of, as part of a
server consolidation project.
Procedure:
1) At the top of the “Existing Users and Groups” pane, choose “View” and then choose “Children”.

2) Use the “+” sign next to “Marc Farhat” to expand out and show the Groups in which Marc is a member.
3) As you can see, Marc Farhat is a member of many groups, including the BCP-Mobile_Division group and many
others. DA makes it easy to determine all the groups that a person is a member of, including security groups,
nested groups, and distribution groups.

LAB 5: WHICH FOLDER DOES A GLOBAL GROUP HAVE
ACCESS TO?
Task:
In this lab you will determine the folders which are accessible to the “Everyone” group.
Context:
One of the primary benefits of DA is that it allows customers to reduce the over-permissive nature of global groups
such as the Everyone group, domain users, users, etc. DatAdvantage makes it easy to determine which folders are
accessible by global groups. With DA, Administrators can begin to clean up these permissions to ensure proper access
to the data is being followed.
Use Cases:
The IT Operations department needs to identify exactly where the “Everyone” group has access to critical folders.
Procedure:
1) Find the “Everyone” group by typing in the first few letters of the group name in the “Look for:” field at the
top of the “Existing Users and Groups” pane, and then press enter.
2) Double click on the “Everyone (Abstract)” group to see where it has access. Note that the “Everyone Group”
has access to any folder that turned green.

SECTION 2: DATADVANTAGE FOR EXCHANGE
Section Overview:
DatAdvantage, as we’ve seen, works across many different platforms to help IT keep tabs on their permissions and
investigate who has been accessing pertinent data on file servers. The DatAdvantage for Exchange module provides
increased visibility into permissions on Mailboxes and Public Folders within Exchange, as well as providing a full-
fledged audit trail with event types specific to Exchange.
In the following labs, we will see how the Exchange portion of DA is both similar to and different from the Windows
portion.
Labs:
1) Lab 1: Who has access to a specific mailbox?
2) Lab 2: Which mailboxes can a specific user access?
3) Lab 3: Who has access to a given Public Folder/ Which Public Folders can a user access?
Functionality:
• Complete, bi-directional view into the permissions of Exchange
• Complete Audit Trail
• Recommendations and Modeling
• Data Ownership Identification
• Extensible Framework

LAB 1: WHO HAS ACCESS TO A SPECIFIC MAILBOX?
Task: In this lab you will view who has access to Amy Bolton’s mailbox.
Context: The work area within DA for Exchange provides a bidirectional view of permissions on mailboxes within
Exchange, allowing the user to see who has access to a given mailbox as well as seeing which mailboxes a specific
user has access to.
Use Case: The Exchange Admin needs to know who has access to the CEO’s mailbox to ensure that only people who
need access for their job function can do so.
Procedure:
1) Click on the Work Area in DA. Open the Existing Users and Groups pane by clicking on the curtain bar.
Select the “EXCHANGE” server from the resources drop down list. Collapse the CORPFS02 server and
expand the EXCHANGE server and the Mailbox Store. You will see the Mailboxes grouped alphabetically.
Varonis groups the mailboxes this way so the screen doesn't get cluttered with mailboxes in large
environments.

2) Expand the AaronCalhoun - BarbaraBrady grouping. Scroll down until you find AmyBolton@corp.local and
double click on it. The Users and Groups who have access to this mailbox will be listed in the Existing User
and Groups pane.
3) DA makes it easy to determine the users that have access to a specific mailbox.

LAB 2: WHICH MAILBOXES CAN A SPECIFIC USER
ACCESS?
Task: In this lab you will view which mailboxes Allen Carey has access to.
Context: The work area within DA for Exchange provides a bidirectional view of permissions on mailboxes within
Exchange, allowing the user to see who has access to a given mailbox as well as seeing which mailboxes a specific
user has access to.
Use Case: The Exchange Admin wants to make sure that a given user cannot access mailboxes other than their own.
Procedure:
1) Click Reload in the Directories Pane, then type ‘allen’ into the Look For box within the Existing Users and
Groups Pane.
2) Double click on Allen Carey. It can be difficult to view all of the mailboxes a given user or group has
access to when using Alphabetical Grouping for the Mailbox Store. Dynamic Grouping allows a user to
group by Changed, Not Permitted, or Permitted, making it a more user-friendly view. To group
dynamically, go to View in the Directories pane, and choose Exchange Grouping → Dynamic Grouping.

3) Expand the Mailbox Store, and then expand the Permitted folder. You will see Allen Carey has access to
several other mailboxes besides his own, including Amy Bolton’s.

LAB 3: WHO HAS ACCESS TO A GIVEN PUBLIC
FOLDER/WHICH PUBLIC FOLDERS CAN A USER ACCESS?
Task: In this lab you will view which Public Folders Allen Carey has access to, as well as who as access to the Finance
shared folder
Context: The work area within DA for Exchange provides a bidirectional view of permissions on Public Folders within
Exchange. These folders often become repositories for critical information and managing access on these folders is
integral to maintaining the security of an organization.
Use Case: The Exchange Admin wants to know who has access to a Public Folder that they know contains sensitive
information related to HR (payroll, termination notices, etc)
Procedure:
1) Close the Mailbox Store. Expand the Public Folders to see where Allen Carey has access. As you can see, he
has Author permissions on a few folders, Editor on the Finance folder, etc…
2) You can also get the same bidirectional view we saw with the Mailboxes while looking at Public Folders.
Double-click on the Finance public folder to see which users and groups are able to access it.

SECTION 3: DATADVANTAGE FOR SHAREPOINT
Section Overview:
In addition to providing the ability to monitor Unix and Windows File Servers, DatAdvantage can also be used to
monitor SharePoint servers. DatAdvantage provides the same capabilities with SharePoint servers as it does with
Windows Servers. DA for SharePoint provides the ability to determine who has access to a SharePoint site and
resource, it provides the ability to see an audit trail of all data accessed on any SharePoint site, and it provides the
ability to model and remove unnecessary permissions. DA also provides the ability to determine data ownership within
a SharePoint site or resource. DatAdvantage also provides the ability to show the permission changes made within
SharePoint, so that permission changes can be properly tracked.
New in Version 7.x: We now can provide permissions visibility and event collection into SharePoint Online and
OneDrive. SharePoint Online is represented in our demo as https://varonistest91.sharepoint.com and OneDrive is
https://varonistest91.my.sharepoint.com. These sites can be navigated the same way as SharePoint on-prem.
Labs:
i) Lab 1: Who can access a SharePoint site?
ii) Lab 2: Who are the members of a SharePoint group?
iii) Lab 3: What are the permissions contained within a SharePoint permission level?
iv) Lab 4: What are the effective permissions for a SharePoint group on a SharePoint site?
Functionality:
• Shows SharePoint permissions
• Explains the permissions that exist in each permission level
• Provides the ability to see all files accessed by any user who has access to a SharePoint site
• Enumerates the recommended permissions on SharePoint sites and resources
• Provides the ability to see changes to SharePoint permissions
• Provides the ability to commit permission changes to SharePoint resources
• Provides the ability to see permissions on SharePoint documents
• Provides the ability to model permission changes to SharePoint resources
• Provides an overview of the members of both SharePoint and AD groups that have access to SharePoint
resources

LAB 1: WHO CAN ACCESS A SHAREPOINT SITE?
Task: In this lab, you will review the permissions on the Finance site contained within a SharePoint server
Context: SharePoint is a self-service application which allows any site or resource owner, including non-technical
people, to assign or make permission changes to a SharePoint resource. SharePoint administrators will periodically
need to determine the permissions that a user or group has on a SharePoint resource, including sites and document
libraries. DA for SharePoint provides a clear understanding of the permissions that exist for any SharePoint resource.
Use Case: The audit committee indicates that SharePoint is growing exponentially over time and they need to audit
the permissions for various important SharePoint resources.
Procedure:
1) Collapse the “Linux” server and go through the same process as previously mentioned to add the SharePoint
server to the work area. It’s named http://sharepoint2. Expand the “http://sharepoint2” server and then the
“/”. Double click on the “finance” SharePoint site. To the right you will see a list of the users and groups that
have access to the “finance” SharePoint site.
2) As you can see, DA for SharePoint provides an understanding of each of the SharePoint and Domain (AD)
groups that have access to the Finance site. In addition, DA provides the permission levels that each group
has on this folder. As an example, the “Finance Contributors” have “Contribute” permissions on the “Finance”
site. Located in parenthesis next to the Group name is the domain or user repository that the group belongs
to. Note that both AD and SharePoint Groups have access to the “Finance” site.

LAB 2: WHO ARE THE MEMBERS OF A SHAREPOINT
GROUP?
Task: In this lab you will review the members of the “Finance Members” group and the nested group it contains,
“Group Finance”, which is an AD group
Context: SharePoint provides the ability to assign groups and users access to SharePoint resources. Both SharePoint
and Active Directory groups can be assigned to have access to these resources. SharePoint also provides the ability
for a SharePoint group to contain an AD group. This can be confusing, when trying to determine which people have
access to a SharePoint resource.
Use Case: A business owner needs to understand all of the people that can access a SharePoint site. Including the
members of both SharePoint and AD groups. They also need to see those users nested within the SharePoint groups.
Procedure:
1) On the right side expand out the group “Finance Contributors” and then “Group Finance”. This view displays
all users that currently have access via “Group Finance” to the “finance” SharePoint site.
2) As you can see, DatAdvantage makes it easy to see which users, groups and nested groups have access to
SharePoint resources.

LAB 3: WHAT ARE THE PERMISSIONS CONTAINED WITHIN
A SHAREPOINT PERMISSION LEVEL?
Task: In this lab you will review the details of a SharePoint custom permission level so that you can understand the
permissions that a resource may contain.
Context: SharePoint permissions are complex. When an administrator assigns a permission to a SharePoint resource,
they assign a “Permission Level”. 8 Permission Levels exist by default and custom Permission Levels can be created.
Permission levels contain a set of any possible number of 33 Permissions. DA provides an easy way to understand the
actual permissions granted by a permission level.
Use Case: A data owner wants to review the permissions assigned via a custom permission level to verify that it is
not overly permissive
Procedure:
1) In order to see the permission set of “Finance Contributors” click on the permission level link on the right
called “Contribute”. This link will bring up the permissions which are assigned using this Permission Level.
These are the permissions granted to “Finance Members” on the “finance” SharePoint site.
2) As you can see, DA provides an easy way to determine the permissions that each user and group have on a
SharePoint resource.
3) Close the Effective Permissions Levels window and return to the Work Area.

LAB 4: WHAT ARE THE EFFECTIVE PERMISSIONS FOR A
SHAREPOINT GROUP ON A SHAREPOINT SITE?
Task: In this lab you will review the permissions of the group “Miscellaneous People” on the finance site.
Context: SharePoint provides the ability to assign multiple Permission Levels to the same SharePoint resource or site.
In the event multiple Permission Levels are assigned, it’s difficult for an administrator to determine the effective
permissions for that SharePoint resource. DA provides an easy way to understand the actual permissions granted for a
SharePoint group regardless of the number of Permission Levels assigned.
Use Case: Site owners may have inadvertently created and assigned multiple permission levels to a resource and the
IT administrator needs to understand the effective permissions for that resource.
Procedure:
1) The permissions for the “finance” SharePoint site are currently being displayed. Notice that the group
“Miscellaneous People” has two Permission Levels next to its name, “Design”, and “Limited Permissions”.

2) Click on the “Design” Permission Level and then click on “Aggregated Permission Level”.
3) DatAdvantage combines the individual permissions from each Permission Level into an “Aggregated” view to
make it easy to determine the effective permissions that a group has on a specified SharePoint resource.
4) Close the Effective Permission Levels window.

SECTION 4: DATADVANTAGE FOR UNIX
Section Overview:
DatAdvantage provides the ability to monitor Windows as well as specific versions of Unix and Linux Servers. In many
cases, customers that want to monitor their Unix environment are doing so because they have NFS shares from which
users can access data. DatAdvantage can monitor Unix and Linux file servers and NFS shares. It also provides the
ability to monitor POSIX ACLs and in a pending release will support the ability to monitor SAMBA as well.
Labs:
i) Lab 1: Determine where POSIX ACLs exist
Functionality:
DatAdvantage provides the following functionality when monitoring Unix and Linux Servers:
• The ability to monitor permissions

• The ability to change permissions
• The ability to provide an audit trail of the data accessed on a Unix system
• The ability to model changes to Unix permissions
• The ability to commit changes to a Unix system
• The ability to correlate both Active Directory (SAMBA), LDAP, NIS and local accounts (i.e. /etc/passwd) users
to their permissions, and the data that they access

LAB 1: DETERMINE WHERE POSIX ACLS EXIST.
Task: In this lab you will determine where POSIX ACLs exist within a Unix file system.
Context: Unix file systems do not provide the ability to apply more than one group to a folder. POSIX ACLs expand
this capability to allow more than one group to be assigned to a Unix folder. DatAdvantage provides the ability to see
where this POSIX ACLS exist and determine which groups have access to a Unix folder.
Use Case: A data owner would like to understand the permissions that a user has on their data when POSIX ACLS are
used to grant permission.
Procedure:
1) Open the DatAdvantage GUI from the Desktop
2) Select “Resources” at the top and select “Linux”. Click “OK” when you are warned about adding more than 3
resources to the view.
3) Expand Linux then expand the “share” folder and then double-click on the Legal folder.

4) Direct your attention to the “Recommended Users and Groups” pane. As you can see, POSIX ACLs have been
assigned to the legal folder for 3 users. DatAdvantage provides an easy way to determine the groups and
users that have access to a Unix folder.
5) Right-click on the “legal” folder within the “Linux” server. Select “Edit Permissions”.
As you can see from the above screen, DA provides the ability to edit Unix permissions, using the standard
RWX permissions.

SECTION 5: THE NEW DASHBOARD OVERVIEW
Section Overview:
The new web interface contains multiple new dashboards which show where you're at risk and track your progress as
you lock things down. Quickly pinpoint exposed folders, stale data, or inactive accounts that are still enabled. With
Data Classification Engine, which looks inside files, you'll also see where you have regulated and sensitive data that's
at risk. The alerts dashboard shows an overview of all alerted activity in the environment with the ability to perform
in-depth investigations into any alerted event.
The Analytics window provides a detailed overview of the files created, accessed, modified, moved, deleted and
permissions changes on any Windows, Unix, or Linux fileserver, Exchange, SharePoint server and NAS devices, such
as EMC Celera, NetApp, and Isilon. SharePoint Online, Exchange Online, OneDrive and Box are also supported in the
latest version of DatAdvantage.
Labs:
i) Lab 1: Dashboard Overview
ii) Lab 2: Find the files that a user accessed
iii) Lab 3: Find all the files accessed within a folder, i.e. the finance folder
iv) Lab 4: Find all the Excel spreadsheets accessed on a specific day
v) Lab 5: Determine who deleted a specific file
Functionality:
The new web dashboard provides the following functionality:
• The ability to quickly identify top alerted users, top alerted devices, top alerted assets and top alerted threat
models.
• Assess risk and track progress across all platforms added to DatAdvantage
• The Analytics view displays detailed information for all the events captured by DatAdvantage, including both
file system access events and permissions and/or group membership information.
• Events are displayed for entire resources (one or many), specific directories, and/or users/groups.

LAB 1: DASHBOARD OVERVIEW
Task: In this lab you will learn how to navigate within the new web dashboard.
Context: An admin can quickly identify top alerted users, top alerted devices, top alerted assets and top alerted
threat models. An admin can investigate these alerts further within the dashboard to get better context around the
alerts that have been triggered. They can also get important key performance indicators for each file server that is
added to DatAdvantage.
Procedure:
1) From the Tools menu, select Varonis Web Interface…
2) Google Chrome will open and you will be presented with the DatAlert Dashboard. On the left-hand side, you
will see the different dashboards that are offered such as Alerts, File Servers, Directory Services, Exchange
SharePoint, Exchange Online, SharePoint Online, OneDrive and GDPR. We will explore all these dashboards
throughout this lab.

3) Within the Alerts dashboard, you will first see the Alerts Over Time for the last 7 days based on the severity of
the alert.
4) Top Alerted Assets shows what monitored assets have had the most alerts triggered on them. In our
dashboard, we can see that the asset “corp.local (DirectoryServices)” has had 2 alerts triggered on it. If you
want more context around these alerts, you can click the three dots on the right to view the alerts in more
detail.
5) The next panel you are presented with is Top Alerted Users. This panel will show you the users in your
organization who have triggered the most alerts. In our dashboard, we can see that BackupService has
triggered 5 alerts within the past 7 days. If you want more context around these alerts or the user, you can
click the three dots on the right to view the alerts in more detail or view the user’s context card.

6) Top Alerted Watch List Users shows any alerts that have been triggered by users that have been put on a
watch list. In our environment, no users on the watch list have triggered any alerts.
7) Top Alerted Devices will show what devices have triggered the most alerts. The same options to view the
alerts in more context or the device in more context are available here as well.

8) Top Alerted Threat Models will show what threat models have triggered the most. The same option to view the
alerts in more context are available here as well.
9) Varonis now also provides a map of alerts with geolocation information to help you easily understand where
new unusual activity is coming from across the world.
10) Click on “File Servers” on the left-hand side. You will see the Key Performance Indicator (KPI) dashboard
populate for all file servers being monitored. The KPI dashboard shows a number of different widgets that give
an organization a better picture of what their current risk profile looks like. For example, we can see that
there are 25% of all folders with sensitive data are openly accessible to anybody in the organization.

11) Click on “Directory Services” on the left-hand side. You will see the KPI dashboard for Directory Services. In
version 7, these widgets have been expanded to show a more complete picture of risk in Directory Services.
12) Click on “Exchange” on the left-hand side. You will see the KPI dashboard for Exchange.
13) Click on “SharePoint” on the left-hand side. You will see the KPI dashboard for SharePoint.

14) Click on “Exchange Online”. You will see the KPI dashboard for Exchange Online mailboxes and folders.
15) Click on “SharePoint Online”. You’ll see widgets specifically related to key visibility problems organizations
have into SharePoint Online such as publicly shared information. Varonis also correlates shared information
with classification information to let organizations know if any of their sensitive information being stored in
SharePoint Online is being shared.
16) Click on “OneDrive”. The same widgets are available for content stored in OneDrive to give organizations a
complete picture of their risk profile when it comes to Office 365.

17) Click on “GDPR”. An organization can easily see how much GDPR data they have and their current exposure.
18) Return to the File Servers dashboard. There are additional options for each widget that can give you greater
insight into the statistics that are being reported. Click on the ellipse’s next to “Folders with Open Access”.
Click the middle button that looks like a graph.
19) A timeline will appear which can be useful for organizations to see how the number of folders with open access
is either increasing or decreasing over a period of time. This can be helpful during remediation projects. Click
the “X’ at the top.

20) Click the ellipse’s again but this time select the folder option.
21) The list of folders that have open access will appear. This may take a few minutes to load. In production, the
search shouldn’t take as long to load the list. Varonis makes it easy to not only get high level statistics about
the risk profile of the environment, but to also get the actual list of data that makes up the statistic.

LAB 2: FIND THE FILES THAT A USER ACCESSED
Task:
In this lab, you will determine which files the user “Allen Carey” accessed in a specified date range.
Context:
Determining which files have been accessed by a user has never been easy. All Operating Systems including Unix,
Linux, Windows, etc. provide limited capabilities to allow administrators to see which files have been accessed,
moved, modified or deleted. DatAdvantage makes it very easy to determine which files have been accessed by any
user or group.
Use Cases:
The finance director wants to know which files were accessed by “Allen Carey”.
Procedure:
1) Open Chrome from the taskbar.
2) Click “Analytics”.
3) Click in the search box and go to “Event by user”. Type “Allen” and select “Allen Carey (corp.local)”. Change
the date filter to “Last 7 Days”.

4) The data displayed includes all logs created by “Allen Carey” from the last 7 days on every platform that is
monitored by DatAdvantage. Drag the column “File Server/domain” into the top header to group by activity
generated on each platform.
5) As you can see, DA provides a quick and easy way to see the actions performed on any file regardless of what
platform the activity occurred on. In the below example, we can see that Allen Carey deleted the “Extra”
folder on 8/11/2019 at 1:36PM.

LAB 3: FIND ALL THE FILES ACCESSED WITHIN A FOLDER.
Task:
In this lab you will determine which files were accessed in the “legal” folder
Context:
DatAdvantage makes it easy to determine which files were accessed within any monitored resource. In many cases,
files get deleted or modified and data owners need to know what happened to the data within their folder.
Use Cases:
The finance director wants to know which files were accessed on the “finance” folder within a specified date range.
Procedure:
1) Click on the “x” button next to “Allen Carey” to remove him from the search.
2) Click in the search box and select “Event on resource”. Click the “+” button next to “Select Folders”.
3) Type “Finance” and hit enter. Select the “finance” folder and click “Apply”.

4) Click “Search”
5) To determine each user that has accessed the finance folder, drag the “User Name (Event By)” column header
to the area indicated by the phrase “Drag columns to group”.
6) As you can see, multiple users have accessed the Finance folder.

LAB 4: FIND ALL THE TEXT FILES ACCESSED ON A
SPECIFIC DAY.
Task:
In this lab you will determine who has accessed any text files within the finance folder for a specified date range.
Context:
Inherent to DatAdvantage is a database which captures and stores all access activity. This functionality provides the
ability for operators of DA to perform complex queries, without the need to understand SQL or SOLR. DatAdvantage
makes it easy to determine all types of access activity and to drill down, making it easy to find files or file types that
were accessed, modified or deleted on a specific day or week.
Use Cases:
A company must display all log events for text files (.txt) from the “finance” folder in a specified date range to comply
with a regulation like SOX.
Procedure:
1) Click in the search box to add another filter. Select “Event on resource” and scroll down until you see “File
Type”. Enter “txt” into the search box and click “Search”.
2) Remove the grouping for “User Name (Event By)” by hovering over the text and click “x”.

3) The data that is displayed will be all events acting upon Text (txt) files within the “finance” directory from the
last 7 days. You can even export these results directly from the web interface if they are needed in an audit by
clicking “export.”

LAB 5: DETERMINE WHO DELETED A SPECIFIC FILE
Task:
In this lab you will determine who deleted a file using multiple search criteria.
Context:
Many different types of complex queries can be used to determine what happened to a file. DatAdvantage make it
possible for a user to find out what happened to his data and specifically a file that was deleted.
Use Case:
The Help Desk received a call from a user who indicated that their data has “disappeared”
Procedure:
1) Clear the search by clicking both “x” buttons next to the current search.
2) Click in the search box and go to “Event details”. Type “File Deleted” and then select “File deleted”.

3) Add another filter under “Event on resource”. Scroll down to find “File Name” and type “Welcome to box.pdf”
into the box. Click “Search”.
4) The data shown will display any file delete operation that occurred on the specific file name that was searched.
As you can see, Alicia Rodriguez deleted the “Welcome to Box.pdf” file from her Archive folder on Box.

SECTION 6: THE STATISTICS VIEW
Section Overview:
The Statistics Section provides a high-level view of audit data for use by data owners, data users, and forensics. The
statistics section can be used to determine which data is inactive, which users are inactive, to identify data owners,
and to identify the largest users of data for a given server or NAS.
Labs:
i) Lab 1: Find the most active user.
ii) Lab 2: Determine and assign a data owner
iii) Lab 3: Determine the directories that a user accessed
Functionality:
The Statistics view allows you to review the cumulative data collected by the DatAdvantage probe.
At the end of each day, DatAdvantage generates the information required to view statistics. The data is available for
viewing the day after the events were recorded and collected. Data is available for direct access until it is archived.
The Statistics view is comprised of the following panes:

• Directories
• Users and Groups
• Search
• Graphs

LAB 1: FIND THE MOST ACTIVE USER ON THE “CORPFS02”
SERVER
Task:
In this lab you will determine the most active user on the “CORPFS02” server.
Context:
For any server, DatAdvantage makes it easy to view the most active user. This is useful in isolating anomalous
behavior. Typically, the largest user of data is not doing something that is appropriate for their job function.
Use Case:
The Help Desk wants to know which user has the most activity on a specific server.
Procedure:
1) Click on the “Statistics” button at the top of the GUI. Change the date range to 8/7/2019 and 8/13/2019 and
then double click on the CORPFS02 server in the Directories pane.
2) Click on “User Utilization”.

3) Notice that “Ann Schoenberger” has the most events on that server during the time range and, as a result,
she is the largest user of data on the “CORPFS02” server. Notice that in the parenthesis the number of log
events for Ann during that date range is displayed.

LAB 2: DETERMINE AND ASSIGN A DATA OWNER.
Task:
In this lab you will determine the data owner for the HR folder
Context:
DatAdvantage makes it easy to find out who owns data in a certain directory. This is useful in many projects, such as
data archival, data retention, date consolidation, etc.
Use Case:
The Help Desk wants to assign an owner to the HR folder by viewing the user activity on that folder.
Procedure:
1) Double click on the “HR” directory in the Directories pane.
2) Click on the “User Access” link at the top of the “Statistics” pane.

3) Notice “Don Penisson” has performed 45.56% of the events on the “HR” directory in the specified timeframe.
Generally, this means that either Don is the owner of the directory, or that he works directly under the
directory owner. For purposes of this lab, Don is the data owner. Right click on Don’s part of the pie chart and
choose “Set Ownership” and confirm the operation by selecting “Yes”.
4) This operation has just set “Don Penisson” as the owner of the “HR” directory. You can now see that
ownership has been set by looking at the HR directory. Now, displayed next to the HR directory icon, is the
ownership icon stating that an owner has been set for this directory.

LAB 3: DETERMINE THE DIRECTORIES THAT A USER HAS
ACCESSED.
Task:
In this lab you will determine which directories were accessed by “Allen Carey” during a specific date range.
Context:
DatAdvantage makes it easy to determine the folders a user has accessed before checking in the log area. This
information can be used for several reasons, including determining the data that a person accessed before they
resigned, determine the folders that a person uses to perform their job, etc.
Use Case:
The Help desk wants to know which directories were accessed by “Allen Carey.”
Procedure:
1) Within the Statistics Window, in the left pane choose “Users and Groups” at the bottom and then in the “Look
for” area type “Allen Carey” and double click on his name. Click on “Directory Utilization.”

2) Click on the blue/purple bar below “CORPFS02” to drill down into that specific server.
3) Click on the blue/purple bar again to drill down into the C:\ drive
4) Click on the blue/purple bar again to drill down into the Share.
5) In this next screen you will see all the directories accessed by “Allen Carey” during the specified dates, as well
as how many events were created in each directory. On any of these directories you can click on the
blue/purple bars to drill in deeper into the subdirectories of those folders.
6) From this screen, you can see that Allen did not have any events in the “groups” directory, but he did create 6
events in the sub-directories of the “groups” folder. He also created many events in the “finance” folder and
many more events in the sub-directories of the “finance” folder.

SECTION 7: RECOMMENDATIONS, MODELING AND COMMITTING
CHANGES
Section Overview:
This section will provide an understanding of the access permissions that should be revoked by using the
“sand-box” for modeling permission changes.
Labs:
i) Lab 1: What are the DatAdvantage recommendations for a specific group?
ii) Lab 2: What would be the impact of removing a person from a group based on a DA recommendation?
iii) Lab 3: How do we “model” a permission change using DatAdvantage?
Functionality:
In most organizations, people’s roles change on a regular basis. A person may work in the legal Department for a few
years and then move to the Finance department. In most cases, the IT department does not remove the permissions
from this person for accessing the Legal Department. DA provides the ability for administrators to easily determine
whether permissions are appropriate for any given individual or group, and identify which permissions should be
revoked, all based on product analytics.

LAB 1: WHAT ARE THE DA RECOMMENDATIONS FOR A
SPECIFIC GROUP?
Task:
In this lab you will determine who can safely be removed from the Finance group.
Context:
DA makes recommendations to remove people from groups based on user access activity as compared to other
members within the same group. For any folder or group, DatAdvantage makes it easy to view and remediate
excessive permissions.
Use Cases:
Certain members of the Finance group are no longer in the Finance Department and should no longer have access to
the Finance data.
Procedure:
1) Click on the “Work Area” button up top of the GUI and double click on the “finance” folder.

2) On the right, it will display the groups that currently have access to the folder in the “Recommended Users
and Groups” pane. Expand the “Group_Finance” by clicking on the “+” sign.
3) The users with a red “X” by their names are recommended to be removed from “Group_Finance” because they
are not using their permissions like other members of the group over the last 120 days of monitoring. This
timeframe (120 days) is configurable within the configuration options of the product.
4) Notice the user “Jennifer Harrison”. The icon that looks like a pause button states that we have not seen any
activity from this user for the length of the time we have been monitoring the servers. This is due to the user
being disabled, hence the grayed out “user” icon next to her name. DA provides an easy way to determine
and provide insight into whether a person should continue to have permissions to access a specific folder or
data set.

LAB 2: WHAT WOULD BE THE IMPACT OF REMOVING A
PERSON FROM A GROUP BASED ON A DA
RECOMMENDATION?
Task:
In this lab you will determine the impact of removing “Andrew Weirich” from the Finance group.
Context:
Many administrators want to know the impact of removing permissions from a specific user, prior to doing so in a live
environment. DatAdvantage makes it easy to determine the resources a user will lose access to, if the user is
removed from a specified group.
Use Cases:
IT Operations would like to know the impact of the change they are about to make, before they make it.
Procedure:
1) With “Group_Finance” expanded under “Recommended Users and Groups” double click on “Andrew Weirich”.
Note that certain directories in the “Work Area” turn orange with a red “X” next to the folder. These are the
directories that Andrew will lose access to if he is removed from “Group_Finance” as recommended by
DatAdvantage.
2) This is not the only folder affected for Andrew Weirich - he will also lose access to the Sales-NY folder. DA will
display all folders that a user will be removed from and displays it accordingly.

LAB 3: HOW DO WE “MODEL” A PERMISSION CHANGE
USING DATADVANTAGE?
Task:
In this lab you will determine which users would be affected by modeling the removal of the Everyone Group from the
Legal folder.
Context:
Server administrators are usually hesitant to remove permissions from a group because they don’t know what the
impact of removing those permissions will be. DatAdvantage makes it easy to remediate excessive permissions
granted by global groups through the use of modeling permission changes to determine the impact. This allows
administrators to “test” permission changes prior to committing them in the live environment.
Use Case:
IT Operations needs to remove the “Everyone” Group from having access to the Legal folder.
Procedure:
1) Double-click on the Legal folder and notice in the right pane that Everyone has access to it.
2) Right-click on the “Everyone” group and click on “Remove Permissions”.

3) At the bottom of the window, click on “Calculate Access Errors”. This instructs the DA application to determine
who will be impacted if the Everyone group is removed from having access to the Legal folder.
4) Click “Calculate”. Once Synchronization completes, open the left window by clicking on the curtain bar.

5) Within the left pane click on the “Expected Access Errors” selection at the bottom of the screen. Next, drag the
“User” box within the header pane to be before the “File Server” box per the following screenshot and click
“Reload.”
6) As you can see, if the “Everyone” group is removed from the Legal folder, a total of 6 people will be impacted.
These six people include Alice Tanner and others. DA makes it easy to identify the users that will be impacted
when removing global groups.

7) Since some users will require access to the Legal folder we now need to ensure we add the appropriate group
to this folder. Right click the “Legal” folder and select “Add Permissions…”
8) Type “Legal” into the Search bar and click “Search.” Select legal from the top list and click “Add” Legal will
now appear in the bottom list. Press OK to continue.

9) You will now see Legal listed under “Recommended Users and Groups.” Click “Calculate Access Errors” on the
bottom then click “Calculate.”
10) Click “Reload” on the errors pane on the left and you will now see that only two users will be affected by this
change. These users may need to be added to the legal group because they moved departments and were
never added, or they could have been accessed materials in the legal group unchecked because of the global
access. Further investigation may be necessary.

11) Now that we have finished modeling our changes to the Legal folder, we can commit these permissions
changes to the File system using the DatAdvantage Commit Engine. Right click on the legal folder and select
“Change Management (Commit) > Pending Changes”
12) This will open the Commit Console where you can view the changes that have been modeled so far. Here
administrators can select the changes they would like to commit to production. There is an option to commit
these immediately or on a schedule. The password of an account that has the permissions to make changes to
the file system will be required in order to commit the changes. After reviewing these options close the
Change Management Console.
Note: In the lab, this screen might not show up. Please refer the picture below for what it would
look like.

SECTION 8: DATA TRANSPORT ENGINE (DTE) FOR
DATADVANTAGE
Section Overview:
DatAdvantage provides the ability to migrate data based on file properties and/or file usage activity, while maintaining
the folder structure and current permissions.
Labs:
Lab 1: How can I create a DTE rule in order to migrate data?
Lab 2: How can I tell what data has been moved by DTE recently?
Functionality:
DatAdvantage provides the following functionality when configuring DTE:
• Create various rules to move data based on any number of specific scenarios
• Schedule the data migration for a later date and time

LAB 1: HOW CAN I CREATE A DTE RULE IN ORDER TO
MIGRATE DATA?
Task: In this lab you will learn how to create a Data Transport Engine (DTE) rule in order to move data.
Context: An admin can configure DA so that data is automatically moved from one file server to another while
maintaining the current permissions.
Use Case: A system admin is interested in migrating data from one file server to another.
Procedure:
1) Click on Tools → Data Transport Engine…
NOTE: If prompted with a warning about the amount of data that has been moved, click OK.
2) You will see that there are already some rules that have been created in this lab. Select the Department
Archival rule from the list of existing rules and click on the “Edit Rule” button

3) The Rule configuration window will open. Click on the “Source Folder Scope” button on the left side of the
window
4) As you can see, the rule is configured to move data from the Legal, Finance and HR directories. Click on the
“Source File Scope” button on the left side of the window

5) This rule is configured to move data that hasn’t been touched in 90 days. Click on the “Delete Source Content”
button on the left side of the window.
6) This rule is configured to delete all the content once it’s copied to the destination, however a stub file will be
created for each deleted file on the source. Click “Folder Structure” on the left-hand side.
*Note: Before moving onto the next section, change the password to “password2”.

7) Review the available options on this page. Click on “Destination” on the left side of the window.
8) As you can see, this DTE rule is configured to move all of the selected data to the C:\Share\HRArchive-DTE
folder on corpfs02. Please also review the other available options in this window. Click on “Collision Behavior”
on the left side of the window.

9) In this section, you can configure how DTE will handle collisions when there are multiple files and/or folders
with the same name. Please review the options available in this window. Click on “Sandboxing” on the left side
of the window.
10) It is possible to sandbox a data migration in DatAdvantage before actually performing the migration. In this
section you can chose to copy IDU analytics from the source, as well as the ability to commit these IDU
Analytics to the destination. Click on “Scheduling” on the left side of the window.

11) It is possible to schedule a data migration for a later date and time, as well as setting a recurring schedule. If
no schedule is set, then a rule can be used purely for sandboxing purposes. Click on “Summary” on the left
side of the window.

12) All of the selected options will be listed here so that you can review them and ensure that everything is set
correctly. Click on OK to save the rule.
13) Click on the Close button to return to the DTE Configuration Window and then click on the OK button.

LAB 2: HOW CAN I TELL WHAT DATA HAS BEEN MOVED BY
DTE RECENTLY?
Task: In this lab you will learn how to create a report in DatAdvantage in order to view what data has been recently
touched by the Data Transport Engine.
Context: An admin can run a report in order to find all the data that has been modified by the Data Transport Engine.
Use Case: A system admin needs to know what data has been touched by the Data Transport Engine.
Procedure:
1) Click on the Reports button
2) Expand Category name: 13. Data Transport Engine Reports and then expand Report Name: c. and click on
“01. Folders Transferred by Rule.” As you can see, this report will list all of the files and/or folders that have
been moved by the specified DTE rules during the specified date range.

SECTION 9: THE DATADVANTAGE DATA CLASSIFICATION ENGINE
(DCE)
Section Overview:
DatAdvantage includes the ability to classify and report on unstructured data to assist organizations in protecting and
governing their data. After classifying data, you can use DatAdvantage reports to begin a remediation process, as almost
all the reports can be filtered based on the data classification results. In the following labs, you will use
DatAdvantage to determine where sensitive data is located, who is using the sensitive data, who has access to
the sensitive data and how to configure the DCE components.
Labs:
1) Lab 1: Who has access to the sensitive files within an important directory?
2) Lab 2: How can I find the users that have been accessing files which contain sensitive data, i.e. credit card
numbers?
3) Lab 4: How do I configure the DatAdvantage DCE to scan for the word “Confidential”?
Functionality:
The Varonis DatAdvantage Data Classification Engine is configured using the following process.
1. Data can be classified based on three types of conditions, Strings, Regular Expressions, and Pre-Defined
patterns. Examples of a Pre-Defined pattern would be a Credit Card Number.
2. The scope of each classification rule can be defined based on the following. This means that the
classification process does not have to be applied universally to all servers, etc.:
• Access statistics
• Permissions
• File system metadata properties
• Any other relevant criterion
• Any combination of the above
3. Schedules are then configured so that the Classification process is performed at a designated time and run
on the file servers defined for them.
4. DatAdvantage enables you to prioritize the issues that are most important to you in classifying unstructured
data based on:
• Modification time – Represents the time passed since a folder was last modified
• Access time – Represents the time passed since a folder was last accessed
• Utilization – The amount of activity on a folder
• Recommendations – Represents the number of recommendations made by the IDU
• Density – The number of files contained in a folder
• Size – Represents folder size, compared to the total size of the file server
• Risk factor – Indicates whether a folder has permissions for global access groups
5. After configuring the DCE Rules, Schedule and Priority, run the Data Classification Engine to execute the
rules on the relevant file servers.
6. Use any of DatAdvantage’s interactive views to investigate problems identified by the results of the
classification.

LAB 1: WHO HAS ACCESS TO THE SENSITIVE FILES
WITHIN AN IMPORTANT DIRECTORY?
Task: In this lab you will use DatAdvantage to determine the users that can access sensitive data.
Context: DatAdvantage provides the ability to classify data as sensitive. Customers require the ability to understand
who has access to this sensitive data to understand the risk that it will be available to the wrong people.
Use Case: A business owner needs to understand what type of sensitive data exists within his folder, and who has
access to it.
Procedure:
1) Select the “CORPFS02” server from the resources dropdown. Collapse the “http://sharepoint” server and
expand the “Share” folder in the “CORPFS02” server.

2) Within the center pane of the DA Work Area, note the column called “Total Hit Count.” The “Total Hit Count”
column includes all of the files that contain “Hits” or sensitive information, as defined by the customer. Expand
the “Classification Category” column and the “Classification Rules” column so that the columns contents are
visible. You can close the “Recommended Users and Groups” pane by clicking on curtain bar. The
“Classification Category” column shows what category the classification rules that triggered fall under. The
“Classification Rules” column contains a description of the type of sensitive data included in each folder.
3) Double-click on the Legal Folder. The “Classification Rules” column for the legal folder indicates that the legal
Folder contains 14,549 instances of sensitive data and the sensitive data includes CCPA, GDPR and PCI
information.

4) Next, Open the Existing Users and Groups pane by clicking on the curtain bar. Note that “Everyone” has
access to the Legal Folder. This means that “Everyone” has access to a critical folder and that the critical
folder contains important information. Expand the Legal Folder. When expanding any folder that contains
sensitive information, the Violations for any subdirectory will show the amount and types of sensitive
information in each subfolder.
5) DatAdvantage makes it extremely easy to determine which folders have sensitive information within them and
who has access to this sensitive information.

LAB 2: HOW CAN I FIND THE USERS THAT HAVE BEEN
ACCESSING FILES WHICH CONTAIN SENSITIVE DATA,
(I.E. CREDIT CARD NUMBERS)?
Task: In this lab you will determine the users that have been accessing files that contain sensitive data.
Context: After classifying data as sensitive or important, customers can understand who has been accessing this
sensitive information. This feature gives customers the ability to identify the source of possible leaks or loss of
sensitive data.
Use Case: A Compliance Officer needs to identify all of the users who have accessed files which contains Visa credit
card numbers, in order to pass a PCI compliance audit.
Procedure:
1) Open Chrome from the taskbar.
2) Click “Analytics”.
3) In the search box, select “Event on Resource” and type “Visa” into “Classification Rules” and select
“Classification rules = Visa”.

4) Change the filter to “Last 7 Days” and the search should autorun. You’ll see that a number of people have
been accessing files that contain Visa credit card numbers.
5) DA makes it easy to determine the users that have accessed any type of sensitive data. This means that data
owners can now understand exactly which users have accessed files that contain sensitive information, as
defined by those data owners.

LAB 3: HOW DO I CONFIGURE THE DATADVANTAGE DCE
TO SCAN FOR THE WORD “CONFIDENTIAL”?
Task: In this lab you will configure the Varonis Data Classification Engine to scan for the word “Confidential”
Context: The Data Classification Engine can be used to scan for any text string, regular expression, or predefined
pattern. It is important for the DatAdvantage Operator to understand how to configure DCE to meet the requirements
of their business.
Use Case: The General Counsel within a company is required to do eDiscovery and needs to find all files within a
folder that contain the word “Confidential.”
Procedure:
1) Within the Tools Menu, select DCE and DW→Configuration
Note: This may take a minute to appear
2) Within the Classification window, click on the plus button to create a new rule.

3) Within the “New Rule” window, type “Confidential Files” for the Rule Name. Click on the New Filter button.
Enter the word “Confidential” as the Expression. In this case, we will apply the Rule to all File Servers so we
won’t be configuring the Scope where the rule will be applied. The Rule can be applied to a file server, a
specific folder or path, as well as a variety of other criteria to limit where the Data Classification engine will
scan for the word Confidential. Click “Ok.”
4) Click the save icon to save the new rule. DCE is now configured to scan for the word “Confidential” as well as
the previously configured rules. The results will show up in the GUI once the next DCE scan completes.
5) Click the Close button.

SECTION 10: DATADVANTAGE FOR DIRECTORY SERVICES
Section Overview:
DatAdvantage provides the ability to monitor changes made within Active Directory.
Labs:
Lab 1: What are the different objects in AD?
Lab 2: How can I see changes made within Directory Services?
Functionality:
DatAdvantage provides the following functionality when monitoring Directory Services:
• View domains and domain objects in the DatAdvantage GUI
• Audit Active Directory activity, including changes to users, groups, OU's and group policy
• Simulate changes/perform what-if modeling to AD groups and users

LAB 1: WHAT ARE THE DIFFERENT DOMAIN OBJECTS IN
AD?
Task: In this lab you will see what the different domain objects are within the Directory Services module.
Context: The main benefit of the Work Area for the Directory Services module is the ability to see the entire
hierarchy within one view.
Use Case: A system admin is interested in seeing all of AD in one unified view.
Procedure:
1) Open the Work Area in DA. Open the Existing Users and Groups pane by clicking on the curtain button. Within
the Directories pane, select DirectoryServices from the resources drop down and expand the DirectoryServices
server and expand the corp.local domain. You will see the Active Directory objects appear below.

2) Expand Domain Controllers to see that CORPFS02 is the DC for this domain.
3) Expand Computers to see a list of all computers and NAS devices that belong to the domain.

LAB 2: HOW CAN I SEE CHANGES MADE WITHIN
DIRECTORY SERVICES?
Task: In this lab you will view events that have occurred within the directory services from which Varonis pulls user
and group information.
Context: This is the main benefit of the DA for DS module- knowing who has made permission changes or other
changes within Active Directory can be invaluable in maintaining the security of an organization.
Use Case: A system admin is interested in seeing who has changed permissions in the past week.
Procedure:
1) Return to the Web UI and click “All Servers” in the Analytics section. Deselect all servers except
“DirectoryServices” and then click “Apply”.

2) Drag the “Event Type” column to the top to see the different events that have been captured for Directory
Services.

SECTION 11: DATALERT FOR DATADVANTAGE
Section Overview:
DatAdvantage utilizes User Behavior Analytics (UBA) in order to detect anomalous behavior within an environment. In
addition it provides the ability to create real time alerts to notify admins when anomalous behavior that may indicate
a virus or a breach is occurring.
Labs:
Lab 1: How can I enable pre-built threat model to send real time alerts to the event log?
Lab 2: Investigating an alert within the dashboard
Functionality:
DatAdvantage provides the following functionality when configuring Real Time Alerts:
• The use of prebuilt threat models to alert admins to behavior indicative of various steps in the Kill Chain or
sequence of events that occur during a breach or a virus.
• Utilizes UBA to learn user behavior and alert when something out of the ordinary occurs.
• Create various rules to alert on any number of specific scenarios
• Uses the same filters that are available in the Data Transport Engine.
• Alerts can be configured to be sent through an SMTP server or written directly to the Event Log.
• Syslog messages, SNMP Traps, and command-line scripts can also be used.

LAB 1: HOW CAN I ENABLE PRE-BUILT THREAT MODEL TO
SEND REAL TIME ALERTS TO THE EVENT LOG?
Task: In this lab you will learn how to send alerts to the event log.
Context: Sending alerts to the event log or other SIEM solutions can help admins bring Varonis alerts into their
existing solutions.
Use Case: A system admin wants to enable an alert to write to the event log.
Procedure:
1) From the Tools menu, select DatAlert.
2) As you can see, a number of Threat Models are present in the menu. Scroll down and click on the “Encryption
of multiple files” rule and then click on Edit Rule.

3) In the General tab, you can enable/disable the rule, change the name and description, and set a severity
level. You will also notice that this rule requires a user meet a threshold of events created in order to trigger.
In this case a user must commit over 100 events in under 1 minute in order for this rule to generate an alert.
You can also suppress the alert if the same acting object triggers multiple alerts. Click on Who (Acting Object)
4) In the Who (Acting Object) tab, you can specify what users or groups the rule should alert you about. Click on
the Where (Affected Object) button on the left side of the window.

5) In the Where (Affected Object) tab, you can specify what objects would be affected by the actions specified in
the next menu. In this case the alert monitors any files not on Exchange or Directory Services Where the file
name contains an extension known to be associated with Ransomware. Click on the What (Event Details)

6) In the What (Event Details) tab, you can specify what kind of events the rule should alert you about. In this
case File modified is the only event selected. Click on the When (Event Time) button on the left side of the
window.
7) In the When (Event Time) tab, you can specify what days of the week as well as what times of the day the
alert should be enabled. In this case, there are no filters as the rule should always be enabled.

8) In the Alert Method tab, you can specify how the alert should be delivered. You can select email or write to
the event log without performing additional configurations. When writing to the event log, there will be a
separate Real Time Alerts container. The use of Syslog messages, SNMP trap messages or Command-line
script integration is also supported. Click OK to return to the DatAlert Window.

LAB 2: INVESTIGATING AN ALERT WITHIN THE DASHBOARD
Task: In this lab you will learn how to investigate alerts within the new DatAlert dashboard.
Context: An admin can quickly investigate alerts within the dashboard without having to open DatAdvantage.
Use Case: An admin receives an alert email from DatAlert that identifies a user has triggered a threat model and the
admin wants to investigate the alert further.
1) Click on “Alerts” on the left-hand side to return to the alerts dashboard. We’re going to investigate the alerts
that Andrew Carlisle has generated over the past 7 days. Click on the three dots next to his name and click
“Open user context card.”
2) This page shows you a general profile of the user with the addition of being able to add them to a watch list.
Click on the “Alert Search Info” tab.

3) This page shows a general overview of the alerts that the account triggered and the different threat models
that each alert was triggered under. Click “Add user to search”.
4) You are brought to the analytics section of the dashboard that will allow you to investigate the alerts further.
You will see a general overview of all the alerts such as the severity, the threat model name, username that
triggered the alert, number of alert events, device name and asset. Click on “Alert Details” next to the first
threat model that was triggered.

5) This page shows an extremely detailed view of all information regarding the specific alert that triggered. This
view will help you get a better picture of why the alerts were triggered. In this example, we can see that this
user logged in from a new geolocation, specifically Germany. A map is shown as well to show the activity.
6) Scroll down and review the different insights into this specific alert on this page.

7) Scroll back up and click “Alerted events”.
8) This page will show you a detailed list of what events triggered the alert. Here you can see the login event on
Exchange Online that came from Germany that triggered the alert.

SECTION 12: REPORTING
Section Overview
In this section you will configure, customize and schedule reports. The Reports view enables you to define reports to
be sent periodically (or only once) by email, or to be stored on a file system share. You can also view reports online,
and store snapshots of important reports.
This view is comprised of the following panes:

▪ Reports List
▪ My Subscriptions
▪ Viewer – Includes the following panes:
▪ Search conditions
▪ Results
Labs:
i) Lab 1: Schedule a user access log report
ii) Lab 2: Create a group membership report
iii) Lab 3: Determine the permissions for a user or group by running the effective permissions report
Functionality:
There are a number of features in the reporting section. Reporting provides the ability to schedule reports of various
types to be sent to various audiences using a number of different report formats. Each report can be scheduled for
regular delivery to meet business requirements.

LAB 1: SCHEDULE A USER ACCESS LOG REPORT.
Task:
In this lab you will create report 1A as a subscription to be emailed to test@varonis.com
Context:
User access log reports are useful to a variety of different people including data owners, data custodians, and
administrators. In order to provide easy access to the reports, DA provides report subscriptions, which allow any
individual to receive a report on a scheduled basis.
Use Case:
A group of data owners require the ability to see who is accessing their data on a regular basis.
Procedure:
1) Click on the “Reports” button at the top of the GUI and click on the “My Subscriptions” tab at the bottom left.
2) Click the “Add” button to create a new subscription.

3) In the “Subscription Form” dialogue fill in the following data:
a. Name: Test Report 1A
b. Description: Test Report 1A
c. To: test@varonis.com
d. Subject: Test Report 1A
e. Format: Choose PDF from the drop-down menu.

4) Click on the “Filter Configuration” tab. Change the date range 8/6/2019 – 8/13/2019. For “File Server” click
the button with the “..” and choose “CORPFS02”. Then press “OK”
5) Press “OK” to create the subscription. (By default, the report will be scheduled for the same day 2 hours from
the current time). As you can see, it is extremely easy to schedule reports to be sent to any audience via
email.
Note: You may get an error upon creating the subscription. This is an issue with the VM. You can ignore this
message and hit “cancel” instead to proceed.

LAB 2: CREATE A GROUP MEMBERSHIP REPORT
Task: In this lab you will create a group membership report.
Context: In order to properly govern access to their data, data owners need to understand the members of their
groups. Report 3a can be created for just such a purpose
Use Case:
Report 3a is especially helpful when conducting entitlement reviews. Data owners can receive a list of groups that
they are responsible for, including the members of the groups that have access to their data.
Procedure:
1) Click on “Reports List” at the bottom left of the GUI and then expand and click on Report 3A.

2) Click on the ellipsis button on the right to add a group. “Search” for Domain Admins and “Add” the “Domain
Admins” group in as a “Selected User or Group”. Press “OK” to confirm. In a production environment, you may
want to include more than one group in the report. In this case, more than one group can be selected within
the “Search” window.
3) Press the “Run” button to view the results. As you can see this report will show the domain that each person is
a part of, the users name, the Logon Name, membership inheritance path, member type and the
recommendations made by DA about whether the person should remain part of the group or should be
removed, which are all based on DA’s IDU analytics engine.

LAB 3: DETERMINE THE PERMISSIONS FOR A USER OR
GROUP BY RUNNING THE EFFECTIVE PERMISSIONS
REPORT.
Task: In this lab you will determine the permissions that a specific user, Allen Carey, has on a specific data set.
Context: In many cases, IT administrators need to understand the permissions that a user has, whether for forensics
reasons or for determining the role a person should have when configuring an Identity and Access Management
product. Report 4A provides them with this capability.
Use case:
This report can be used to determine the permissions for a user or group during an entitlement review.
Procedure:
1) Choose report 4A01 from the left-hand pane.

2) Press the ellipses button to the right of the “File Server” field, choose “CORPFS02B” and press “OK”
3) Press the ellipsis button to the right of the “User/Group” field, search for “Allen Carey” and add him as a
“Selected User or Group” and then press “OK”.

4) Press the Run button. As you can see, this report includes each of the folders, associated permissions and
security groups that allow the individual to get access to the specified folders. This information is extremely
useful when determining the data access rights of any individual.

SECTION 13: ADMINISTERING DATADVANTAGE
Section Overview:
This section will provide an overview of the basic configuration options including authorization, archiving and backup
functions. There are many unique configuration options within DatAdvantage and this section will only provide an
overview of some commonly performed functions.
Labs:
i) Lab 1: Determine how to add authorized administrators to DA
ii) Lab 2: Determine how to configure the ADWalk, Filewalk and Pullwalk job schedules
iii) Lab 3: Adding a user to the filtered user list
iv) Lab 4: Adding a global group to the Global Group list
Functionality:
A number of configuration options are available for DatAdvantage. You can configure:
• General settings
• Commit process
• IDU Analytics
• Email settings
• Alerts
• Security
• Domains
• Extended properties
• Filtered users and groups
• Jobs
• File server settings
• Archive policies
• Special files to be managed in DatAdvantage
• Global access groups
• User interface
• DFS shares and namespaces
• Unmonitored folders
• Unmonitored users

LAB 1: DETERMINE HOW TO ADD AUTHORIZED
ADMINISTRATORS TO DA.
Task:
In this lab you will add an “Administrator” as an “Enterprise Manager” to DA so that they can get access to the DA
GUI, reports, etc.
Context:
The DA Security tab of the Configuration window enables you to add Active Directory users to DatAdvantage roles so
that they can perform functions within the DA GUI. There are currently 4 roles, Enterprise Manager, Power User,
System Admin or User within DA. Each role has different capabilities with the Enterprise Manager having full access to
the application including the configuration options.
Use Case:
Additional people need use the DA GUI. If a user is not in listed on the Security tab, they cannot access DatAdvantage
even if they have the desktop client installed on their computer.
Procedure:
1) Open the Varonis Management Console on the desktop.
2) Click on the Configuration button in the bottom left hand corner of the window and then click on
DatAdvantage Security on the left pane.
3) In order to give a user permission to use the DA GUI, you would choose the “Add” button from the top of the
DatAdvantage Security window, and then search for that user’s name in AD. This process will then add the
user’s AD account to the configuration screen. As you can see from this window, there are already a few
accounts configured with various roles.

Typically, only IT administrators have access to the GUI. Normal business owners should be given access to DA
information via the Reporting capabilities within the product. The following chart provides an overview of the DA
security model for roles and their permissions.

LAB 2: DETERMINE HOW TO CONFIGURE THE ADWALK,
FILEWALK AND PULLWALK JOB SCHEDULES.
Task: In this lab you will learn how to run a Filewalk job which gather information from a monitored server.
Context:
In some cases, DA SQL jobs will need to be run manually when troubleshooting or when immediate access to
gathered permission information is required. In this case, the DA configuration allows administrators to run these jobs
manually. Although these jobs can be run from the SQL Enterprise Manager, using the DA configuration is much
easier.
Use Case:
A new file server was just installed and the administrator would like to see the new server, its folders and the
permissions immediately in the DA GUI.
Procedure:
1) Click on the Management button in the bottom left hand corner of the Management Console window and then
click on “Root” in the left pane. You will then see all of the various SQL jobs listed in the right-hand pane of
the console.

2) Select the FileWalk CORPFS02 job. From this screen you can change the timing of the DA SQL jobs,
Enable/Disable the job as well as manually start or run the SQL job to force data collection.
3) DatAdvantage relies on SQL jobs to perform data collection from file servers and directories such as Active
Directory. Administrators may periodically need to run these jobs manually in order to immediately force data
collection from monitored devices. In order to see data from a newly added server, the ADWalk, and Filewalk
jobs must be run in order to collect the data from the server. Once these jobs complete, the Pull Walks ::
Processing job needs to be started, which will in turn also run the Pull Walks :: Publishing job. Once both jobs
complete, the data will be pulled out of the SQL database and put into the GUI.

LAB 3: ADDING A USER TO THE FILTERED USER LIST.
Task:
In this lab you will add the ”Administrator” user as a filtered user so that the data collected for this user is not saved
in the DatAdvantage database.
Context:
The filtered user list provides the ability to filter out specific users where collecting data about these users may not
provide any value. These users are typically service accounts or other accounts where an audit trail is not necessary.
Use Case:
This function is typically used to filter out service accounts that generate a lot of event data and have no real
actionable meaning
Procedure:
1) Click on the Configuration button in the bottom left corner of the management console and then click on
Filtered Users/Groups in the left-hand pane.
2) As you can see from this screen we are currently filtering the user “corp.local\Administrator”. This means that
we will not collect any events created by this user. If the check box in “Allow Event Collection” was checked
for this user, we would collect events for the user but we would not report any of these events in the
“Reports” section of the GUI. You can also add in new users to the list using one of the “Add” buttons at the
top.
You can also purge events already created by a user by selecting that user, and then clicking on the Purge
Existing Data button at the top right of the screen, if the requirement exists to delete the events associated
with this user.

LAB 4: ADDING A GLOBAL GROUP TO THE GLOBAL GROUP
LIST.
Task:
In this lab you will add a global group to the global group list.
Context:
Global access groups are security groups which impact most of the users in the organization.
Such groups include “everyone”, “users”, “domain users”, etc. By adding additional groups to the Global Groups list,
reports which provide the ability to model changes to these groups is provided. This allows administrators to
determine who needs access, when a person has access via a global group.
Use Case:
Define groups that contain a significant number of users in the organization for use in determining actual permission
requirements.
Procedure:
1) Click on “Global Access Groups” in the left pane of the management console.
2) By pressing the “Add” button, , you have the ability to add groups which contain a large
majority of users that access data. In this screen you can see that the “Everyone”, “Users”, and “Domain
Users” are just some of the groups that are included. These are all groups/abstracts in which the majority of
AD users reside. Report 4C, the Global Group Analysis report, refers to these groups when creating the report.

SECTION 14: DATADVANTAGE TROUBLESHOOTING
Section Overview:
Usually, DatAdvantage operates without requiring administrator attention. However, at times the administrator will
need to review the events in the Varonis event log container to ensure that everything is operating properly. The
administrator may also need to review the state of SQL jobs to find and resolve problems. This section is not meant to
be an exhaustive troubleshooting guide. It is purely meant to give the lab participant a basic understanding of the
methods used to troubleshoot basic problems.
Labs:
i) Lab 1: Review the event viewer to determine if any issues exist with DA
ii) Lab 2: Check the status of the SQL and Varonis services to ensure they are operating properly
Functionality:
DatAdvantage creates a Varonis event log container on each of the monitored file servers, on every Probe, and on the
IDU. This event log container will collect all of the events associated with the application.
In addition, the SQL Management application contains a history of the status of each SQL job that runs. This status
can be used to troubleshoot issues that arise with jobs failing, data not being collected properly, etc.. These labs will
not review this functionality, but it is quite helpful when troubleshooting issues with SQL jobs.
Possible problems you may encounter:

1) No events in the Log for ALL servers - Verify the Probe Service is started
2) No events in the Log for 1 File Server - Verify the Filer Logger Service is running on the File Server
3) The Filewalk and ADWalk are not updating – Verify that the SQL Server agent is running
4) Unable to select reports – Verify that the SQL Reporting Service is started

LAB 1: REVIEW THE EVENT VIEWER TO DETERMINE IF
ANY ISSUES EXIST WITH DA.
Task: In this lab you will open the Windows Event Viewer to determine if any problems exist with the application.
Context: DatAdvantage normally operates properly and is very resilient to problems that occur. However, in some
cases, problems will occur and the administrator must understand how to troubleshoot the issues. The Event Viewer
contains categories of entries (Warning, Informational, etc.) similar to normal Event Viewer messages. These
categories can be used to quickly troubleshoot any issues that develop.
Use Case: An administrator needs to troubleshoot DA and must first look through the event log for any obvious
problems.
Procedure:
1) Right click on the Windows logo and select “Event Viewer” from the menu that pops up.
2) The “Event Viewer” pane will open. Click on the plus sign next to “Applications and Services Logs” and select
the “Varonis” container. This will display all log messages from the Varonis system. From this window you will
be able to view any errors and check the status of the Varonis services.
Note: Because this is a lab environment that has been disconnected from the resources it is monitoring there are
significantly more errors in the event viewer than you would see in a functioning production environment.

LAB 2: CHECK THE STATUS OF THE SQL AND VARONIS
SERVICES TO ENSURE THEY ARE OPERATING PROPERLY.
Task: In this lab you will review the state of SQL and Varonis services to provide an understanding of what they do.
Context: The proper operation and state of Varonis and SQL services is critical to the operation of DatAdvantage.
Troubleshooting checklists should ensure that these services are checked first. The administrator should ensure they
are operating properly before proceeding with any other troubleshooting steps.
Use Case: DA does not appear to be operating properly and the administrator needs to determine the state of the
application.
Procedure:
1) Right click on the Windows logo and select “Run”. In the “Run” dialogue type in “services.msc” and press
“OK”.
2) In basic troubleshooting you can use the “Services” screen to check to see if the SQL and Varonis services are
running. In normal situations, the SQL services should all be running, except those that are disabled. The
Varonis services should also be running except for the file walk and file walk monitor services, as these only
run during the FileWalk job.

2-DatAdvantage Operational Use Training Lab Guide 7.5

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

2-DatAdvantage Operational Use Training Lab Guide 7.5

Uploaded by

Copyright:

Available Formats

Basics of DatAdvantage Operations

Varonis Training Lab

Data Governance Suite

Data Governance Suite

Data Governance Suite

3. On the left-hand side, select “New Environment”

Data Governance Suite

5. Click the check button to confirm your selection.

Data Governance Suite

Data Governance Suite

Data Governance Suite

Data Governance Suite

Data Governance Suite

Data Governance Suite

Data Governance Suite

Data Governance Suite

Data Governance Suite

Data Governance Suite

Data Governance Suite

Data Governance Suite

Data Governance Suite

Data Governance Suite

Data Governance Suite

Data Governance Suite

Data Governance Suite

Data Governance Suite

Data Governance Suite

Data Governance Suite

Data Governance Suite

Data Governance Suite

Data Governance Suite

Data Governance Suite

4) Close the Effective Permission Levels window.

Data Governance Suite

• The ability to monitor permissions

Data Governance Suite

Data Governance Suite

Data Governance Suite

Data Governance Suite

Data Governance Suite

Data Governance Suite

Data Governance Suite

Data Governance Suite

Data Governance Suite

Data Governance Suite

Data Governance Suite

Data Governance Suite

Data Governance Suite

Data Governance Suite

Data Governance Suite

Data Governance Suite

Data Governance Suite

Data Governance Suite

Data Governance Suite

Data Governance Suite

The Statistics view is comprised of the following panes:

Data Governance Suite

2) Click on “User Utilization”.

Data Governance Suite

Data Governance Suite

Data Governance Suite

Data Governance Suite

Data Governance Suite