Configure a Windows Directory Search control to find files and directories that match certain parameters (i.e. name, permissions, etc). You'll tell us where to search and what you're looking for, and we'll return a list of matches.
The statement you provide is like the control name that describes what it is and how it should be implemented in the environment. You'll also need to decide which category the control belongs to. This is important because users can search and filter controls by category, they can also search by keywords in the statement.
These are the search parameters you want to use. You'll tell us where to start our search (the base directory) and what you want to match. You can search for files and/or directories.
You'll also want to set search limits - the max search time and the max number of results to return. We'll stop the search as soon as we hit one of these limits.
The base directory is the directory you want to search. Be as specific as you can to reduce the search time (there is a time limit). Then make additional settings that tell us how many levels we should search within the directory.
Use these fields to find files and directories based on the name. You'll notice that * is used by default for the File Name Include and Directory Name Include, meaning that all files will be a match.
Note - When entering a file name, be sure to include only the file name, not the path to the file. When entering a directory name, only include the directory, not a file name.
Select each file system object type to include in the search: file and/or directory.
The actual value returned for this control is a String List, meaning we'll return a list of matches in the scan results. A control description is also required.
You can search for files/directories based on user access to the files. For example, maybe you want to find all folders that well-known groups can access, or perhaps you want to find files readable by a user that has left the company.
Create a list of principals (groups/users) in the Users section and then select permissions in the Permissions section.
Your list may include a mix of well-known users/groups and specific users. To add well-known users/groups, simply start typing in the Search field and then add the matches that we find. To add specific users, enter the user in the Search field and click Enter. Use any of these formats: user, domain\user, user@FQDN, SID user (S-1-x-x-x-x-x-x...).
After selecting permissions, choose "All" to only return files that match all of the permissions. Choose Any to return files that match at least one of the permissions.
Your control may apply to many technologies. Select each technology you're interested in and provide a rationale statement and expected value.
Time Saving Tip: If you plan to enter the same settings for each technology you only need to do it once. Make your selections in the "Default Values" section first and then select the check box for each technology you want. You'll see that the settings get copied automatically to each technology that you select.
Make these settings:
Rationale - Enter a rationale statement describing how the control should be implemented for each technology.
Cardinality - Select a cardinality for the control. Tell me about these cardinalities
A list of strings in the scan results (X) is compared to a list of strings defined for the control (Y). The control values include the default value (a string) and a cardinality. The possible cardinalities are described below.
Operator - The operator can be a "regular expression list" or a "string list". We'll use the operator to compare the scan results to the default value.
Default Value. Enter the expected value for each technology as a list of regular expressions or strings. The list of strings returned in the scan results will be compared to the list of strings defined for the control. Learn more
You can lock the Cardinality, Operator or Default Value if you don't want users to be able to change these values in the Policy Editor.
Add up to 10 references for the control. These may be references to internal policies, documents and web sites. For each reference, enter a description, a URL or both. When providing a URL, you must start the URL with http://, https:// or ftp://. For example, enter http://www.qualys.com to link to the Qualys web site. Once added users have the option to include references in policy reports.
Ready to scan?
You must select these settings in the option profile you apply to your scan: Enable Dissolvable Agent and Enable Windows Directory Search. When editing your profile, you'll see these settings under Dissolvable Agent (in the Scans section).