Netskope Help

Creating API Data Protection Policies to scan S3 Buckets

Using Netskope's policies you can perform retro scans and ongoing scans on your S3 buckets. The Retro Scan job performs scans on existing storage buckets at the time that you set up an AWS instance in your Netskope tenant. Netskope continues to perform ongoing scans on the buckets when a change is detected.

Creating a new granular policy in the UI

To scan existing data and real-time data in your S3 buckets, create an API Data Protection policy with the desired options and actions.

  1. In your Netskope tenant, navigate to Policies > API Data Protection and click on the IaaS tab.

  2. Click on New Policy > Amazon Web Services.

  3. Follow the policy creation process in the New API-enabled Protection Policy window. Under Instance, select an AWS instance.

  4. Under Object Container, select all the S3 buckets you want to scan. You can specify additional match criteria to narrow your results based on public or private buckets, or objects in a bucket that are public. You can also match based on buckets in specific regions, or by encryption types of AES and KMS.

  5. Under Object, specify the different file types to be scanned. You can specify additional criteria such as extensions and storage class with match condition. Additionally, you can choose the scan frequency for the specified objects by selecting the maximum scan frequency.

    To learn more about supported file types for DLP: Supported File Categories and File Types.

  6. Under Profile & Action, select the DLP and Threat Protection profiles that define the type of content you want to scan. You can select multiple DLP profiles for a single policy. By default, an email alert is sent when the policy is triggered.

  7. Under Policy Name, provide a name for the policy along with a description. Then click on Email Notification. In the Email Notification pop-up window, you can specify the notification frequency and the person to be notified.

    Click Done.

  8. Under Status, click on the toggle switch to enable the policy. Click Save and then click Apply Changes.

Creating a new granular policy using APIs

Netskope provides you with APIs to set up granular policies. You can find detailed information about Storage Scan APIs in Manage Storage Scan Policies topic.

You can reference sample policies in Sample Granular Policies topic to create your own granular policies.