Update a Storage Scan Policy

Use this endpoint to update a storage scan policy. After updating a policy, use the Apply Changes endpoint to update your tenant.

Request Endpoint

https://<tenant-URL>/api/v1/storage_scan_policies/?token=<token>&op=<update>

Valid parameters include:

Key	Type	Value	Description
`op`	string	`create`	Required. Operation performed.
`name`	string	Ex: `LQ_storage`	Required. Must not be the same name as an existing storage scan policy.
`cloud_provider`	string	`aws \| googlecloud`	Required. The storage platform provider.
`instanceConditional`	JSON array of object	AWS `accountID`: AWS account ID. GCP `projectID`: GCP Project ID. `folderID`: GCP Folder ID. `organisationID`: GCP Organisation ID.	Optional. If explicit instances are used, and if DLP profiles are used in the policy, all the instances must have DLP service checked in the Instance setup. If explicit instances are used, and if Threat Protection profiles are used in the policy, all the instances must have Threat Protection service checked in the Instance setup. If blocklist is true => won’t scan, return here; if allowlist is true => go to next conditional.
`objectContainerConditional`	JSON array of object	AWS `name`: Name of the bucket. `region`: Region where the bucket is available. `tags`: Tags associated with the AWS bucket. `access`: “private”, “public”. Objects can be public. GCP `name`: Name of the GCP Bucket. `region`: Region where the GCP bucket is available. `labels`: Labels as key value pair used with GCP Buckets. `storageClass`: Valid Storage Class for GCP are: “STANDARD”, “NEARLINE”, “COLDLINE”, and “ARCHIVE” `access`: “private”, “public”	Optional. If explicit, this will be used to narrow down a scan to file events that match the conditional for object store attributes. The attributes listed here pertain to the container/store of objects. For example, for AWS it would be buckets, for Azure it would be StorageAccount etc. If blocklist is true => won’t scan, return here; if allowlist is true => go to next conditional.
`objectConditional`	JSON array of object	AWS `name`: Name of the object. `key`: Path to the object, including the Object name. `owner`: Owner name of the AWS object. `contentType`: The mimeType as determined by AWS. `storageClass`: Valid storage class for AWS are “STANDARD”, “REDUCED_REDUNDANCY”, “STANDARD_IA”, “ONEZONE_IA”, “INTELLIGENT_TIERING”, “GLACIER”, “DEEP_ARCHIVE”, “OUTPOSTS” `serverSideEncryption`: Server side encryption available in AWS, has to be one of “AES256”, “aws:kms”. `extension`: FileExtension of the object. `tags`: Tags associated with objects. `access`: “private”, “public” GCP: `name`: Name of the object. `key`: Path to the object including the Object name. `owner`: Owner name of the GCP object. `contentType`: The mimeType as determined by GCP. `extension`: FileExtension of the object. `access`: “private”, “public”	Optional. If explicit, it will be used to narrow down a scan to file events that match the conditionals for object attributes. The attributes that are listed here correspond to objects or files. If blocklist is true => won’t scan, return here; if allowlist is true => send for scan.
`dlp.profileNames`	string	Array of strings	Optional. Must be an existing DLP profile name. `iaas_storage_dlp_enabled` must be enabled. Can be an empty array. Cannot be used with `tss.profileNames`.
`tts.profileNames`	string	Array of strings	Required if `dlp.profileNames` is not provided. Must be an existing Threat Protection profile name. `iaas_storage_dlp_enabled` must be enabled. Can be an empty array. Cannot be used with `dlp.profileNames`.
`enabled`	boolean	`true \| false`	Required. Use `true` to enable the policy. User `false` to disable the policy.
`maxScanFrequency`	string	`3h \| 6h \| 12h \| 24h \| 7d \|30d`	Optional. Determines how often to scan.
`notify`	object	`interval`: Time interval between notifications. `to_users`: Groups of users who will get notified. `emails`: Email addresses of additional users to notify. `from_user`: Email address from which the email will be sent.	Details for email notification.

Example Update Policy Request

POST 'https://<tenant-URL>/api/v1/storage_scan_policies?token=<token>&op=update' 
--header 'Content-Type: application/json' 
--data-raw '{
    "name": "oldPolicyName",
    "new_name": "newPolicyName",
    "cloud_provider": "aws",
    "instanceConditional": {
      ...
    },
    "objectContainerConditional": {
      ...
    },
    "objectConditional": {
      ...
    },
    "dlp": {
        "profileNames": [
            "DLP Profile 1",
            "DLP Profile 2"
        ]
    },
    "maxScanFrequency": "7d",
    "action": "Alert",
    "enabled": true,
    "notify": {
      "interval": "30",
      "to_users": [
        "admin"
      ],
      "emails": [
        "abc@netskope.com"
      ],
      "from_user": "abc@netskope.com"
    }
}'

Update a Storage Scan Policy

Update a Storage Scan Policy

Request Endpoint

Example Update Policy Request

Update a Storage Scan Policy

In this topic ...