Create a Storage Scan Policy

Use this endpoint to create a storage scan policy. After creating a policy, use the Apply Changes endpoint to update your tenant.

Request Endpoint

https://<tenant-URL>/api/v1/storage_scan_policies/?token=<token>&op=create

Valid parameters include:

Key	Type	Value	Description
`op`	string	`create`	Required. Operation performed.
`policy_name`	string	Ex: `LQ_storage`	Required. Must be the name of an existing storage scan policy.
`cloud_provider`	string	`aws \| googlecloud`	Required. The storage platform provider.
`instanceConditional`	JSON array of object	AWS `accountID`: AWS account ID. GCP `projectID`: GCP Project ID. `folderID`: GCP Folder ID. `organisationID`: GCP Organisation ID.	Optional. If explicit instances are used, and if DLP profiles are used in the policy, all the instances must have DLP service checked in the Instance setup. If explicit instances are used, and if Threat Protection profiles are used in the policy, all the instances must have Threat Protection service checked in the Instance setup. If blocklist is true => won’t scan, return here; if allowlist is true => go to next conditional.
`objectContainerConditional`	JSON array of object	AWS `name`: Name of the bucket.`region`: Region where the bucket is available.`access`: “private”, “public”. Objects can be public.GCP`name`: Name of the GCP Bucket.`region`: Region where the GCP bucket is available.`labels`: Labels as key value pair used with GCP Buckets.`storageClass`: Valid Storage Class for GCP are: “STANDARD”, “NEARLINE”, “COLDLINE”, and “ARCHIVE”`access`: “private”, “public”	Optional. If explicit, this will be used to narrow down a scan to file events that match the conditional for object store attributes. The attributes listed here pertain to the container/store of objects. For example, for AWS it would be buckets, for Azure it would be StorageAccount etc. If blocklist is true => won’t scan, return here; if allowlist is true => go to next conditional.
`objectConditional`	JSON array of object	AWS `name`: Name of the object.`key`: Path to the object, including the Object name.`owner`: Owner name of the AWS object.`contentType`: The mimeType as determined by AWS.`storageClass`: Valid storage class for AWS are “STANDARD”, “REDUCED_REDUNDANCY”, “STANDARD_IA”, “ONEZONE_IA”, “INTELLIGENT_TIERING”, “GLACIER”, “DEEP_ARCHIVE”, “OUTPOSTS”`serverSideEncryption`: Server side encryption available in AWS, has to be one of “AES256”, “aws:kms”.`extension`: FileExtension of the object.`access`: “private”, “public”GCP:`name`: Name of the object.`key`: Path to the object including the Object name.`owner`: Owner name of the GCP object.`contentType`: The mimeType as determined by GCP.`extension`: FileExtension of the object.`access`: “private”, “public”	Optional. If explicit, it will be used to narrow down a scan to file events that match the conditionals for object attributes. The attributes that are listed here correspond to objects or files. If blocklist is true => won’t scan, return here; if allowlist is true => send for scan.
`dlp.profileNames`	string	Array of strings	Optional. Must be an existing DLP profile name. `iaas_storage_dlp_enabled` must be enabled. Can be an empty array. Cannot be used with `tss.profileNames`.
`tts.profileNames`	string	Array of strings	Required if `dlp.profileNames` is not provided. Must be an existing Threat Protection profile name. `iaas_storage_dlp_enabled` must be enabled. Can be an empty array. Cannot be used with `dlp.profileNames`.
`enabled`	boolean	`true \| false`	Required. Use `true` to enable the policy. User `false` to disable the policy.
`maxScanFrequency`	string	`3h \| 6h \| 12h \| 24h \| 7d \|30d`	Optional. Determines how frequent to re-scan any resource (e.g. object), which can be used to manage scan costs.
`notify`	object	`interval`: Time interval between notifications. `to_users`: Groups of users who will get notified. `emails`: Email addresses of additional users to notify. `from_user`: Email address from which the email will be sent.	Details for email notification.

Example Create Policy Request

POST 'https://<tenant-URL>/api/v1/storage_scan_policies?token=<token>op=create' 
--header 'Content-Type: application/json' 
--data-raw '{
    "name": "policyName",
    "cloud_provider": "aws",
    "instanceConditional": {
      ...
    },
    "objectContainerConditional": {
      ...
    },
    "objectConditional": {
      ...
    },
    "dlp": {
        "profileNames": [
            "DLP Profile 1",
            "DLP Profile 2"
        ]
    },
    "maxScanFrequency": "3h",
    "action": "Alert",
    "enabled": true,
    "notify": {
      "interval": "30",
      "to_users": [
        "admin"
      ],
      "emails": [
        "abc@netskope.com"
      ],
      "from_user": "abc@netskope.com"
    }
}'

Create a Storage Scan Policy

Create a Storage Scan Policy

Request Endpoint

Example Create Policy Request

Create a Storage Scan Policy

In this topic ...