Netskope Help

Start a CSA Scan

This endpoint starts a Cloud Security Assessment (CSA) scan according to a policy. CSA scans IaaS accounts for compliance violations, and then displays the non-compliant rules and resources associated with those accounts. To see the scan results, go to Cloud Infrastructure > Compliance in the Netskope UI.

Also, use the scan_id hash value returned for getting a CSA scan status. Refer to Get a CSA Scan Status.

Request
GET https://<tenant-name>.goskope.com/api/v1/csa_scan?token=<token>&op=start&name=<policy_name>&scan_start_by=<name>

Valid parameters are:

Key

Value

Description

op

start

Starts the scan. 

name

<policy_name> Example: "MYCSA_POLICY"

Required. The Security Assessment policy name in the Netskope UI.

scan_start_by

Name of the user starting the scan.

Required for scan start. Cannot be empty string.

Example Request and Response
curl -X GET https://<tenant-name>.goskope.com/api/v1/csa_scan?token=<token>&op=start&name=<policy_name>&scan_start_by=<name>

{
   "status": "success",    
   "msg": "Policy scan has been submitted",    
   "data  {   
     "scan_id": "2e528976d8c01e115d8943519ab7b0f043ead317",               
   "data": [] 
    }
}
// Success Response
 
{
    "status": "success",
    "msg": "Policy scan has been submitted",
    "data": []
}
 
// Error Response for Invalid Policy Name
{
    "status": "error",
    "errorCode": "General Error",
    "errors": [
        "A deployed policy by this name does not exist."
    ]
}
 
// Error Response for Expired Token
{
    "status": "error",
    "errorCode": "Authorization Error",
    "errors": [
        "Invalid REST API Token. Please contact administrator"
    ]
}
 
// Error Response for invalid operator
{
    "status": "error",
    "errorCode": "General Error",
    "errors": [
        "Invalid op start_end."
    ]
}