Workflows

Each workflow consists of the following configurations:

• Discovery
• Scan configuration
• File tagging
• Deep CDR
• File remediations
• Other remediations

Creating a Workflow

As a first time user, there is a default workflow that is created during the onboarding process. There can be created as many workflows as required for different use-cases.

A workflow can be created by navigating to the Workflows page and clicking the "Create Workflow" button. This will reveal a dialog box where the new workflow name must be set as well as the workflow type.

Workflow Types

MetaDefender Storage Security supports two types of workflows that differ in their scanning behavior:

Standard Scanning

A complete security workflow that discovers, scans, and remediates files on connected storage platforms.Key features:

• Discovers files on storage platforms
• Scans files using MetaDefender Core/Cloud
• Applies configured remediations
• Supports Identity Scanning for periodic rescanning

Requirements:

• Scan Configuration is required
• Active remediation policies

Discovery Only

A lightweight workflow that catalogs files without performing scans.

Key features:

• Discovers files on storage platforms
• Records file metadata (names, sizes, paths)
• No threat scanning performed
• Remediations applied on the discovered files

Requirements:

• No Scan Configuration required

Use case: Suitable for inventory management and compliance reporting where file cataloging is needed without security scanning.

Once a name is given to the new workflow, the system will mark it as a draft. The workflow is saved in the system only after the "Scan Configuration" is properly configured. While in draft mode, all the other configuration nodes are inaccessible until the Scan Configuration is successfully configured.

Once the Scan Configuration is successfully configured, the other configurations can be updated by clicking on each one individually. The workflow is updated instantly once the "Save changes" button is clicked for each of the configuration nodes.

Discovery

File discovery continuously scans your storage to detect files that need processing. This is always enabled to ensure all files are identified for remediation.

Identity scanning uses file metadata to identify files that have already been processed. When enabled, MDSS reuses previous scan results for unchanged files instead of re-scanning them, significantly improving performance for backup datasets and subsequent scans.

Scan Interval (Days) - Set how often identity scanning runs. For example, entering '3' will actually scan the file after 3 days if it is requested without using identity scanning.

Scan Configuration

Each workflow must have a scan configuration set up which specifies the Scan Pool that should be used for scanning. The Scan Configuration is built up by a set of rules for an already configured Scan Pool (MetaDefender Cloud/Core). A Failover Scan Pool can also be set for the new Scan Configuration.

MetaDefender Storage Security employs scan configurations to offer a versatile method for initiating scanning processes using various workflow rules from either MetaDefender Core or MetaDefender Cloud.

Scan configurations are linked with scan pools to ensure uniform configuration across all instances of MetaDefender Core/Cloud.

When creating a new scan configuration, you can select a name, associate it with a scan pool, and optionally designate a secondary scan pool for failover in cases where all scan instances from the primary pool are unavailable or unresponsive.

Technologies

This lists all the available technologies that are available in the MetaDefender Cloud/Core instance that was set previously in the Scan Configuration.

If an update was made in the MetaDefender Cloud/Core instance, the "Refresh technologies" button will sync the technologies with the ones from the instance.

File Tagging

Adds metadata tags to files in S3-like storage units, providing processing information.

For detailed configuration instructions, refer to the Configure File Tagging.

File Definition

What was previously known as Remediation Actions is now called File Definition, which dictates the outcome for each file based on its scan results. Files can be designated as Allowed (approved), Sanitized (cleaned), or Blocked (quarantined).

For detailed configuration instructions, refer to the Configure File Definition.

File Remediations

File remediation actions are automated post-processing tasks performed on files after they have been scanned. The following remediation options are currently available: Keep, Copy, Move, Delete.

For detailed configuration instructions, refer to the Keep, Copy, Move or Delete Files.

Important Considerations

• Make sure that the destination buckets for moved or copied files are properly configured and accessible within your environment (in this case Amazon S3)
• Carefully consider your organization's risk tolerance when configuring deletion actions. Implement safeguards like versioning or backups to prevent accidental data loss.
• Develop a clear tagging strategy to facilitate efficient file management and consistency.
• Regularly review and update your remediation actions and tagging configurations to align with your organizational evolving security needs and policies.

Other Remediations

Delete Empty Folders

Delete a directory if it is empty after remediation (does not delete if the folder was empty to begin with).

For detailed configuration instructions, refer to the Delete Empty Folders.

Scan File Versions

Retrieve & process all past versions of a file. This comes with a performance cost, as all versions will be scanned like normal files.

For more details about this feature, refer to Scan File Versions.

Error Handling

The remediation process includes automatic retry functionality to handle transient failures.

For detailed configuration instructions, refer to the Remediation Process Retries.