Coverage & integrations

Supporting unstructured data sources

that matter most to enterprises

Get a demo

Zero copy data security platform

Qostodian platform

Qostodian delivers enterprise data security through a hybrid SaaS architecture. Data is analyzed directly at the source by a collector, so it never needs to be copied or moved. Only the findings are securely centralized in the Qostodian platform to provide visibility, reporting, and centralized control.

Air-gapped environments

Qostodian Recon

Recon is built for air-gapped and sovereign environments where internet connectivity is not permitted. Deployed locally on a server or in a container, it scans data sources across the network it can access and analyzes them within the secured environment.

Integrations

Connect, automate & integrate

Qohash’s open API and modular platform let your teams and tools connect seamlessly to the data intelligence you need, when you need it.

MCP server

Bring your own model and connect it to the Qostodian public API to enable your agents

Qostodian API

Build applications and integrations beyond Qostodian’s dashboard to maximize value

Programmatic access at scale

Access event data programmatically to feed BI tools, SIEM platforms, or SOAR

Purview and M365

Integrate with Microsoft for enterprise

Integrate Qostodian with select Microsoft 365 tools to extend sensitive data protection and visibility

Natively apply Purview labels to files

Apple Purview labels within the Qostodian platform to enable your DLP playbook – automate the process via conditional workflows

Automate notifications to Teams

Enable Microsoft Teams notifications for specific events in Qostodian and further automate it via conditional workflows

FAQ

Frequently asked questions

What types of data sources does Qostodian support?

Qostodian supports a wide range of data sources across both on-premises and cloud environments:

On-premises:

  • Windows-based workstations, laptops, and PCs
  • Virtual Machines (VMs)
  • File servers (Windows)

Cloud-based:

    • OneDrive
    • SharePoint
  • Outlook (attachments only)
  • Teams
  • Exchange
  • Google Drive
  • Gmail
  • AWS S3
Learn more, get a demo
What types of data sources does Qostodian Recon support?

Recon finds and scans sensitive data elements within your files, wherever they live. It discovers, scores, and classifies them across:

Servers:

  • Network-attached servers
  • File servers

On-premises:

  • Windows 10 and 11 desktops and workstations
  • Windows Server (2012+)

Cloud-based storage mounted in the OS:

  • OneDrive
  • SharePoint
  • Google Workspace
  • Box
  • AWS S3
  • Azure Blob Storage
  • Azure File Shares
  • Google Cloud Storage
  • OVH Cloud
  • Atlassian Jira
  • Github
  • OpenText GCDocs
  • Databases:
    • MySQL
    • Microsoft SQL
    • SQLite
    • OracleDB
    • PostgresSQL

It is particularly suited for forensic investigations and does not require permanent installation, making it a portable and flexible tool.

How does Qostodian monitor coverage?

Qostodian tracks coverage through a combination of scan types and sensor deployments. 

The platform aims to ensure:

  • Adequate scanning coverage regardless of where employees’ data is stored
  • Coverage across any data store, data type, and classification dictionary
  • No gaps in mainstream data sources that could result in missed sensitive information

Coverage is a core value proposition — the goal is that Qostodian cannot be rejected from a deal because it fails to cover mainstream sources.

How does Qostodian discover data sources?

Qostodian discovers data sources through Inventory Scans, which are performed after sensor installation. 

  • The inventory scan is a one-time, comprehensive task that reports all data containers containing sensitive information within the target paths
  • It creates the initial mapping of local resources to the Qostodian platform
  • At the end of an inventory scan, Qostodian performs a reconciliation, marking any data containers not reported as deleted
How does Qostodian monitor data sources?

Qostodian monitors data sources through real-time monitoring – continuously scanning data containers as they are modified (created, edited, deleted, renamed, etc.).

Key points:

  • Monitoring updates Qostodian in real-time with changes in the data source
  • It runs as long as the data source is operative
  • Note: OS APIs do not guarantee every file modification is reported under low resource availability or OS stress — this is why delta scans are also used as a complement
  • Monitoring is not available for File Server sensors
What is a delta scan?

A delta scan is a one-time incremental scan that only processes data containers that have been modified since the last scan — unchanged files are skipped.

Key points:

  • Comparable to a full scan, but more efficient
  • At the end of a delta scan, the sensor sends a delete event for any files in its local database that were not found during the scan
  • Delta scans run every 24 hours for most clients
  • They help Qostodian stay synchronized in case of monitoring failures or sensor downtime
  • Delta scans can run in parallel with monitoring, but not with inventory scans
  • If the sensor’s local database is corrupted, Qostodian will request a full inventory instead
How often are data sources scanned?
  • Inventory scans: Performed once after installation, and can be requested at any time
  • Delta scans: Run automatically every 24 hours for most clients
  • Monitoring: Runs continuously in real-time as long as the data source is active
Can I prioritize scanning for specific data sources?

Qostodian allows sensor configuration with defined scope (target paths and file types) and scheduling parameters. Sensors can be configured per data source, which provides some level of control over what gets scanned and when. 

How does Qostodian assess data source risk?

Qostodian assesses data source risk by scanning data containers within each source and identifying sensitive information present.

The risk assessment is based on:

  • The volume and type of sensitive information detected
  • The coverage of scans across all relevant data sources
  • Continuous updates through monitoring and delta scans to keep the risk picture current

The goal is to provide an accurate data risk assessment for organizational employees across all data stores.

Ready to see
Qohash in action?

Get your demo