Netskope Help

Setting up Policies to scan S3 Buckets

Using Netskope's policies you can perform retro scans and ongoing scans on your S3 buckets. The Retro Scan job performs scans on existing storage buckets at the time that you setup an AWS instance in your Netskope tenant. Netskope continues to perform ongoing scans on the buckets when a change is detected.

Creating a new policy in the UI

To scan existing data and real-time data in your S3 buckets, create an API Data Protection policy with the desired options and actions.

  1. In your Netskope tenant, navigate to Policies > API Data Protection and click on the Cloud Infrastructure tab.

  2. Click on New Policy > Amazon Web Services.

  3. Follow the policy creation process in the New API-enabled Protection Policy window. Under Instance, select an AWS instance.

  4. Under Object Container, select all the S3 buckets you want to scan.

  5. Under Object, specify the different file types to be scanned.

  6. Under Profile & Action, select a DLP profile that defines the type of content you want to scan. By default, an email alert is sent when the policy is triggered.

  7. Under Policy Name, provide a name for the policy along with a description. Then click on Email Notification. In the Email Notification pop-up window, you can specify the notification frequency and the person to be notified.

    Click Done.

  8. Under Status, click on the toggle switch to enable the policy. Click Save and then click Apply Changes.

Creating a new granular policy using APIs

Netskope provides you APIs to set up granular policies. You can find detailed information about Storage Scan APIs in Manage Storage Scan Policies topic.

You can reference sample policies in Sample Granular Policies topic to create your own granular policies.