Scan targets define the file system paths that PII Scanner client agents will scan when a scan job is executed. Before creating your first scan job, it is important to plan which paths you want to scan, which agent has access to those paths, and which file types are in scope. This article covers how to configure scan targets and prepare them for use in scan jobs.
Understanding scan targets:
A scan target in PII Scanner consists of:
- A file system path โ the directory, network share, or drive to be scanned
- A client agent โ the agent that will execute the scan against that path
- File type filters โ optional limits on which file extensions are included in the scan
- PII classes โ the sensitive data patterns to look for during the scan
Scan targets are not configured as standalone objects in the PII Scanner administrative interface โ they are defined as part of each individual scan job. Planning your targets in advance makes job creation faster and more consistent.
Planning your scan targets:
Before creating scan jobs, work through the following planning steps with your administrator:
1. Identify which file systems contain sensitive data:
Common locations that typically require scanning:
| Location Type | Examples |
| File servers and network shares | \\fileserver01\shares\HR, \\fileserver01\shares\Finance |
| Local drives on servers | C:\Data, D:\Projects |
| Linux mount points | /mnt/shares/documents, /home/shared/data |
| Department-specific shares | Legal, Finance, HR, Executive directories |
| Archive or backup locations | Older data stores that may contain historical PII |
2. Identify which agent has access to each path:
Each scan job is executed by a single client agent. The selected agent must have:
- Network access to the target path
- Read permissions on the target directory and all subdirectories
- Sufficient resources (CPU, memory, disk I/O) to perform the scan without impacting other workloads
3. Determine which file types to include:
Scanning all file types provides the most complete coverage but increases scan time and resource usage. Consider filtering by extension for initial scans:
| Use Case | Recommended Extensions |
| Office documents | *.docx, *.xlsx, *.pptx, *.pdf |
| Legacy Office formats | *.doc, *.xls, *.ppt |
| Text and data files | *.txt, *.csv, *.log |
| All common document types | *.docx, *.xlsx, *.pdf, *.txt, *.csv |
| Full scan (all types) | Leave the extension filter blank |
4. Confirm the LT Auditor MP target host:
All scan results are forwarded to LT Auditor MP via syslog. Confirm the LT Auditor MP target host is configured in the PII Scanner Server before creating scan jobs. See the Managing Target Hosts section below.
Configuring target hosts in the PII Scanner Server:
Before running any scans, configure where scan results will be sent โ your LT Auditor MP syslog receiver.
Log in to the PII Scanner Server web UI at:
https://<PII_Scanner_Server_IP>:52766
- Navigate to Admin โ Target Hosts
- Click Add Target
- Configure the target host details:
- Name โ a friendly identifier (e.g., Production LT Auditor MP)
- Target Server โ the hostname or IP address of your LT Auditor MP server
- Port โ the syslog port configured in LT Auditor MP (default: 514)
- Protocol โ select UDP, TCP, or TLS
Protocol options:
| Protocol | Description | Recommended Use |
| UDP | Fast, no delivery guarantee | High-volume, low-criticality environments |
| TCP | Reliable delivery, guaranteed | Production environments โ recommended |
| TLS | Encrypted, secure transport | Production environments with strict security requirements |
Additional TLS configuration (if TLS is selected):
| Setting | Description |
| Server Name | SNI hostname for certificate validation |
| Verify Certificate | Enable for production deployments |
| TLS Certificate Path | Optional CA bundle for server verification |
| Client TLS | Enable if mutual TLS is required |
| Client Certificate Path / Password | Required for mutual TLS authentication |
Example production target configuration:
- Name: Production LT Auditor MP
- Host: ltauditor.yourcompany.com
- Port: 6514
- Protocol: TLS
- Server Name: ltauditor.yourcompany.com
- Verify Certificate: Yes
- Click Save
Configuring PII detection patterns:
PII Scanner uses regex-based patterns to identify sensitive data. Before running scans, review the available PII classes and confirm the right ones are enabled for your environment.
- In the PII Scanner Server web UI, navigate to Admin โ PII Patterns
- Review the available PII classes:
| PII Class | Examples Detected |
| Social Security Numbers | 123-45-6789, 123456789 |
| Credit Card Numbers | Visa, Mastercard, Amex, Discover formats |
| Email Addresses | user@domain.com |
| Phone Numbers | US and international formats |
| Dates of Birth | Common date formats |
| Medical Record Numbers | Common MRN formats |
- Enable or disable individual PII classes using the Enabled toggle
- Click the Edit icon to modify an existing pattern if needed
- To add a custom pattern for organization-specific sensitive data:
- Click Add Pattern
- Enter a descriptive name
- Enter the regex pattern
- Set the severity level
- Click Save
[Your administrator should review the default PII patterns and add any custom patterns required for your organization’s specific data types before running the first scan.]
Managing client agents:
Before assigning agents to scan jobs, confirm all agents are online and healthy.
- Navigate to Admin โ Clients in the PII Scanner Server web UI
- Review the client list:
| Indicator | Meaning |
| โ Online (Green) | Agent checked in within the last 5 minutes |
| โ Offline (Red) | No communication in the last 5 minutes |
Review each agent’s details:
- Name โ the machine hostname
- IP Address โ the last known IP address
- Last Seen โ the timestamp of the last check-in
- If an agent shows as offline, check:
- The LTA-Scanner service is running on that machine
- The agent’s config.json points to the correct server IP and port
- No firewall is blocking port 52766 between the agent and the server
- To remove a decommissioned agent, click the Delete button next to it
A deleted agent will automatically re-register on its next poll cycle if it is still active.
Best practices:
- Start with targeted, focused scans of your highest-risk directories before expanding to broader file system coverage
- Assign scan jobs to the agent closest to the target path to minimize network traffic during scanning
- Use file extension filters for initial scans to reduce scan time and focus on the most likely file types to contain PII
- Avoid scheduling broad scans during peak business hours โ large scans can generate significant disk I/O on the scanned machine
- Confirm read permissions for the agent service account on all target paths before creating scan jobs to avoid permission errors mid-scan
- Review and update PII detection patterns regularly to ensure they reflect current data types in use in your organization
- Document your planned scan target inventory so the team has a clear picture of what is and is not in scope
[Your administrator should maintain a record of all configured target hosts and PII patterns, and review them whenever compliance requirements or the monitored environment changes.]