Skip to main content

Netskope Help

Security Posture Policy

Warning

SaaS Security Posture Management (SSPMv1) will be made EOL (end of life) soon. Customers who are on the SSPMv1 platform should migrate to Next Generation SSPM platform. In addition, the SSPMv1 documentation will be deprecated by June '23. Additional documentation links:

A security posture policy is a set of custom or predefined profile(s). You can create a security posture policy for a SaaS app or public cloud service. An administrator can create a security posture policy to access and analyze the posture of the SaaS and IaaS resources with industry benchmarks and best practices. An administrator can create a security posture policy on a profile. A profile is a set of rules which is predefined. A profile can be customized or predefined such as the CIS Benchmark standard. A rule is a code snippet with associated metadata, such as severity, that is used to identify a specific violation of a SaaS or IaaS resource.

You can create a security posture policy for a SaaS app. To access the security posture policy page:

  1. Log in to the Netskope tenant UI.

  2. Navigate to Policies > Security Posture.

    The Security Posture page opens.

  3. The Security Posture page displays a list of policies configured for the SaaS apps and IaaS infrastructure. The fields are:

    • Policy Name: Name of the policy.

    • Instance: Name of the instance for which the policy is defined.

    • Profile: List of profiles associated with the policy.

    • Last Edit: Time stamp of the last edited policy.

You can edit, revert, disable, clone, and delete a policy. Click the More Options icon (...) to the right of the policy entry and select one of the following options:

  • Edit: On selecting this option, you can edit the policy.

  • Revert: On selecting this option, Netskope reverts the policy to its last applied change.

    Note

    This option is available only for a policy with pending changes.

  • Disable: On selecting this option, Netskope disables the policy and stops the scan for the policy.

  • Clone: On selecting the option, Netskope creates a duplicate copy of the policy.

  • Delete: On selecting this option, Netskope deletes the policy.

    Note

    If you delete a policy, scanning stops at the next scan interval. The existing scan continues to run till it finishes.

In the polices table, you can select multiple policies and perform the following tasks:

  • Disable: On selecting this option, Netskope disables the policy and stops the scan for the policy.

  • Revert: On selecting this option, Netskope reverts the policy to its last applied change.

    Note

    This option is available only for a policy with pending changes.

  • Delete: On selecting this option, Netskope deletes the policy.

    Note

    If you delete a policy, scanning stops at the next scan interval. The existing scan continues to run till it finishes.

Also, you can perform the following tasks:

  • Search a policy from the Policy Name ~ search field.

  • Click + Add Filter to filter the policies based on Cloud Provider, Instances, Profile, and Rule Name.

In this section: