Update a Storage Scan Policy
Update a Storage Scan Policy
Use this endpoint to update a storage scan policy. After updating a policy, use the Apply Changes endpoint to update your tenant.
Request Endpoint
https://<tenant-URL>/api/v1/storage_scan_policies/?token=<token>&op=<update>
Valid parameters include:
Key | Type | Value | Description |
---|---|---|---|
op | string | create | Required. Operation performed. |
name | string | Ex: LQ_storage | Required. Must not be the same name as an existing storage scan policy. |
cloud_provider | string | aws | googlecloud | Required. The storage platform provider. |
instanceConditional | JSON array of object | AWS
GCP
| Optional. If explicit instances are used, and if DLP profiles are used in the policy, all the instances must have DLP service checked in the Instance setup. If explicit instances are used, and if Threat Protection profiles are used in the policy, all the instances must have Threat Protection service checked in the Instance setup. If blocklist is true => won’t scan, return here; if allowlist is true => go to next conditional. |
objectContainerConditional | JSON array of object | AWS
GCP
| Optional. If explicit, this will be used to narrow down a scan to file events that match the conditional for object store attributes. The attributes listed here pertain to the container/store of objects. For example, for AWS it would be buckets, for Azure it would be StorageAccount etc. If blocklist is true => won’t scan, return here; if allowlist is true => go to next conditional. |
objectConditional | JSON array of object | AWS
GCP:
| Optional. If explicit, it will be used to narrow down a scan to file events that match the conditionals for object attributes. The attributes that are listed here correspond to objects or files. If blocklist is true => won’t scan, return here; if allowlist is true => send for scan. |
dlp.profileNames | string | Array of strings | Optional. Must be an existing DLP profile name.
Cannot be used with |
tts.profileNames | string | Array of strings | Required if dlp.profileNames is not provided.Must be an existing Threat Protection profile name.
Cannot be used with |
enabled | boolean | true | false | Required. Use true to enable the policy. User false to disable the policy. |
maxScanFrequency | string | 3h | 6h | 12h | 24h | 7d |30d | Optional. Determines how often to scan. |
notify | object | interval : Time interval between notifications.
| Details for email notification. |
Example Update Policy Request
POST 'https://<tenant-URL>/api/v1/storage_scan_policies?token=<token>&op=update' --header 'Content-Type: application/json' --data-raw '{ "name": "oldPolicyName", "new_name": "newPolicyName", "cloud_provider": "aws", "instanceConditional": { ... }, "objectContainerConditional": { ... }, "objectConditional": { ... }, "dlp": { "profileNames": [ "DLP Profile 1", "DLP Profile 2" ] }, "maxScanFrequency": "7d", "action": "Alert", "enabled": true, "notify": { "interval": "30", "to_users": [ "admin" ], "emails": [ "abc@netskope.com" ], "from_user": "abc@netskope.com" } }'