Understanding scan targets:

A scan target in PII Scanner consists of:

• A file system path — the directory, network share, or drive to be scanned
• A client agent — the agent that will execute the scan against that path
• File type filters — optional limits on which file extensions are included in the scan
• PII classes — the sensitive data patterns to look for during the scan

Scan targets are not configured as standalone objects in the PII Scanner administrative interface — they are defined as part of each individual scan job. Planning your targets in advance makes job creation faster and more consistent.

Planning your scan targets:

Before creating scan jobs, work through the following planning steps with your administrator:

1. Identify which file systems contain sensitive data:

Common locations that typically require scanning:

2. Identify which agent has access to each path:

Each scan job is executed by a single client agent. The selected agent must have:

• Network access to the target path
• Read permissions on the target directory and all subdirectories
• Sufficient resources (CPU, memory, disk I/O) to perform the scan without impacting other workloads

3. Determine which file types to include:

Scanning all file types provides the most complete coverage but increases scan time and resource usage. Consider filtering by extension for initial scans:

4. Confirm the LT Auditor ^MP target host:

All scan results are forwarded to LT Auditor ^MP via syslog. Confirm the LT Auditor ^MP target host is configured in the PII Scanner Server before creating scan jobs. See the Managing Target Hosts section below.

Configuring target hosts in the PII Scanner Server:

Before running any scans, configure where scan results will be sent — your LT Auditor ^MP syslog receiver.

Log in to the PII Scanner Server web UI at:
https://<PII_Scanner_Server_IP>:52766

2. Navigate to Admin → Target Hosts
3. Click Add Target
4. Configure the target host details:
   • Name — a friendly identifier (e.g., Production LT Auditor ^MP)
   • Target Server — the hostname or IP address of your LT Auditor ^MP server
   • Port — the syslog port configured in LT Auditor ^MP (default: 514)
   • Protocol — select UDP, TCP, or TLS

Protocol options:

Additional TLS configuration (if TLS is selected):

Example production target configuration:

• Name: Production LT Auditor ^MP
• Host: ltauditor.yourcompany.com
• Port: 6514
• Protocol: TLS
• Server Name: ltauditor.yourcompany.com
• Verify Certificate: Yes

5. Click Save

Configuring PII detection patterns:

PII Scanner uses regex-based patterns to identify sensitive data. Before running scans, review the available PII classes and confirm the right ones are enabled for your environment.

1. In the PII Scanner Server web UI, navigate to Admin → PII Patterns
2. Review the available PII classes:

3. Enable or disable individual PII classes using the Enabled toggle
4. Click the Edit icon to modify an existing pattern if needed
5. To add a custom pattern for organization-specific sensitive data:
   • Click Add Pattern
   • Enter a descriptive name
   • Enter the regex pattern
   • Set the severity level
   • Click Save

[Your administrator should review the default PII patterns and add any custom patterns required for your organization’s specific data types before running the first scan.]

Managing client agents:

Before assigning agents to scan jobs, confirm all agents are online and healthy.

1. Navigate to Admin → Clients in the PII Scanner Server web UI
2. Review the client list:

3. 
   Review each agent’s details:
   
   • Name — the machine hostname
   • IP Address — the last known IP address
   • Last Seen — the timestamp of the last check-in
4. If an agent shows as offline, check:
   
   • The LTA-Scanner service is running on that machine
   • The agent’s config.json points to the correct server IP and port
   • No firewall is blocking port 52766 between the agent and the server
5. To remove a decommissioned agent, click the Delete button next to it
   
   
   A deleted agent will automatically re-register on its next poll cycle if it is still active.
   
   

Best practices:

• Start with targeted, focused scans of your highest-risk directories before expanding to broader file system coverage
• Assign scan jobs to the agent closest to the target path to minimize network traffic during scanning
• Use file extension filters for initial scans to reduce scan time and focus on the most likely file types to contain PII
• Avoid scheduling broad scans during peak business hours — large scans can generate significant disk I/O on the scanned machine
• Confirm read permissions for the agent service account on all target paths before creating scan jobs to avoid permission errors mid-scan
• Review and update PII detection patterns regularly to ensure they reflect current data types in use in your organization
• Document your planned scan target inventory so the team has a clear picture of what is and is not in scope

[Your administrator should maintain a record of all configured target hosts and PII patterns, and review them whenever compliance requirements or the monitored environment changes.]