Creating API Data Protection Policies to scan Google Cloud Storage
Creating API Data Protection Policies to scan Google Cloud Storage
Using Netskope’s granular policies you can perform retro scans and ongoing scans on your storage buckets. The Retro Scan job performs scans on existing storage buckets at the time that you set up a GCP instance in your Netskope tenant. Netskope continues to perform ongoing scans on the buckets when a change is detected.
Creating a new granular policy in the UI
To scan existing data and real-time data in your storage buckets, create an API Data Protection policy with the desired options and actions.
- In your Netskope tenant, navigate to Policies > API Data Protection and click on the IaaS tab.
- Click on New Policy > Google Cloud Platform.
- Follow the policy creation process in the New API-enabled Protection Policy window. Under Instance, select the Google project, folder, and organization.
- Under Object Container, select all the storage buckets you want to scan. You can specify additional criteria to narrow your results such as permissions, label, bucket regions, storage class, and encryption type.
- Under Object, specify the match condition for permissions selected in the previous step. You can specify additional criteria such as the file name and extension, and the content type with match condition.
For information on supported file types for DLP, see Supported File Categories and File Types.
- Under Profile & Action, select a DLP profile that defines the type of content you want to scan. By default, an email alert is sent when the policy is triggered.
- Under Policy Name, provide a name for the policy along with a description. Then click on Email Notification. In the Email Notification pop-up window, you can specify the notification frequency and the person to be notified.
Click Done.
- Under Status, click on the toggle switch to enable the policy. Click Save and then click Apply Changes.
Creating a new granular policy using APIs
Netskope provides you with APIs to setup granular policies. You can find detailed information about Storage Scan APIs in Manage Storage Scan Policies topic.
You can reference sample policies in Sample Granular Policies topic to create your own granular policies.
