Skip to main content

Netskope Help

Create a Next Generation Security Posture Policy

To create a Next Generation security posture policy:

  1. Log in to the Netskope tenant UI.

  2. Navigate to Policies > Security Posture. Then, click the Next Gen tab.

    The Security Posture page opens.

  3. Click the New Policy drop-down and select the the SaaS app.

    The New Security Posture Policy page opens.

  4. Under Instance, the UI sets the app by default. Under Instance, you can select the following options:

    • You can leave the Instance field empty. On doing so, all instances will be scanned.

    • You can select a subset of instances.

    • Exceptions: You can set an exception list whereby the policy excludes scanning from the selected instances.

  5. Under Rules & Action, select the following options:

    • Rule: You select rules from a set of predefined and custom rules. In addition, you can also select compliance standards from a list of predefined compliance standards.


      If you choose a cross-app-suite rule in a policy, ensure that you leave the Instance field (step 4 above) empty.

      A cross-app suite rule is a type of rule where the rule can apply to multiple SaaS apps.

    • Action: Select the appropriate policy action when a rule match is found.


      Currently, you can select the Alert action only.

    • Show Rules: You can select this checkbox and view the list of rules you have selected for this policy. In addition, you can selectively enable or disable a rule. On disabling a rule, Netskope will not list and evaluate the resources of the SaaS app in relation to the disabled rule.


      When you disable a rule, it gets disabled from the specific policy only. If the same rule exists in a different policy, the rule remains active in that policy.

  6. Under Policy Name, enter the following details:

    • Enter the name of the policy.

    • (Optional) Expand + Policy Description and enter a short description.

    • On expanding + Email Notification, the Email Notification window opens. Enter the following details:

      • Frequency of the notification.

      • You can send the email notification either to the admin or selected user(s).


        The admin user is the same user that was used to create the app instance in Settings > API-enabled Protection > SaaS.

      • Optionally, the sender's email address.

      • Click Done.

  7. Under Status, toggle to enable the policy.

  8. On the top right, click Save to save the policy.

  9. On the Security Posture page, click Apply Changes.

Once you apply changes, Netskope accesses and analyzes the posture of the SaaS appresources, and alerts the administrator for risk and possible remediation.