Update a Storage Scan Policy

Update a Storage Scan Policy

Use this endpoint to update a storage scan policy. After updating a policy, use the Apply Changes endpoint to update your tenant.

Request Endpoint

https://<tenant-URL>/api/v1/storage_scan_policies/?token=<token>&op=<update>

Valid parameters include:

KeyTypeValueDescription
opstringcreateRequired. Operation performed.
namestringEx: LQ_storageRequired. Must not be the same name as an existing storage scan policy.
cloud_providerstringaws | googlecloudRequired. The storage platform provider.
instanceConditionalJSON array of objectAWS

accountID: AWS account ID.

GCP

projectID: GCP Project ID.

folderID: GCP Folder ID.

organisationID: GCP Organisation ID.

Optional. If explicit instances are used, and if DLP profiles are used in the policy, all the instances must have DLP service checked in the Instance setup.

If explicit instances are used, and if Threat Protection profiles are used in the policy, all the instances must have Threat Protection service checked in the Instance setup.

If blocklist is true => won’t scan, return here; if allowlist is true => go to next conditional.

objectContainerConditionalJSON array of objectAWS

name: Name of the bucket.

region: Region where the bucket is available.

tags: Tags associated with the AWS bucket.

access: “private”, “public”. Objects can be public.

GCP

name: Name of the GCP Bucket.

region: Region where the GCP bucket is available.

labels: Labels as key value pair used with GCP Buckets.

storageClass: Valid Storage Class for GCP are: “STANDARD”, “NEARLINE”, “COLDLINE”, and “ARCHIVE”

access: “private”, “public”

Optional. If explicit, this will be used to narrow down a scan to file events that match the conditional for object store attributes. The attributes listed here pertain to the container/store of objects. For example, for AWS it would be buckets, for Azure it would be StorageAccount etc.

If blocklist is true => won’t scan, return here; if allowlist is true => go to next conditional.

objectConditionalJSON array of objectAWS

name: Name of the object.

key: Path to the object, including the Object name.

owner: Owner name of the AWS object.

contentType: The mimeType as determined by AWS.

storageClass: Valid storage class for AWS are “STANDARD”, “REDUCED_REDUNDANCY”, “STANDARD_IA”, “ONEZONE_IA”, “INTELLIGENT_TIERING”, “GLACIER”, “DEEP_ARCHIVE”, “OUTPOSTS”

serverSideEncryption: Server side encryption available in AWS, has to be one of “AES256”, “aws:kms”.

extension: FileExtension of the object.

tags: Tags associated with objects.

access: “private”, “public”

GCP:

name: Name of the object.

key: Path to the object including the Object name.

owner: Owner name of the GCP object.

contentType: The mimeType as determined by GCP.

extension: FileExtension of the object.

access: “private”, “public”

Optional. If explicit, it will be used to narrow down a scan to file events that match the conditionals for object attributes. The attributes that are listed here correspond to objects or files.

If blocklist is true => won’t scan, return here; if allowlist is true => send for scan.

dlp.profileNamesstringArray of stringsOptional.

Must be an existing DLP profile name.

iaas_storage_dlp_enabled must be enabled. Can be an empty array.

Cannot be used with tss.profileNames.

tts.profileNamesstringArray of stringsRequired if dlp.profileNames is not provided.

Must be an existing Threat Protection profile name.

iaas_storage_dlp_enabled must be enabled. Can be an empty array.

Cannot be used with dlp.profileNames.

enabledbooleantrue | falseRequired. Use true to enable the policy. User false to disable the policy.
maxScanFrequencystring3h | 6h | 12h | 24h | 7d |30dOptional. Determines how often to scan.
notifyobjectinterval: Time interval between notifications.

to_users: Groups of users who will get notified.

emails: Email addresses of additional users to notify.

from_user: Email address from which the email will be sent.

Details for email notification.

Example Update Policy Request

POST 'https://<tenant-URL>/api/v1/storage_scan_policies?token=<token>&op=update' 
--header 'Content-Type: application/json' 
--data-raw '{
    "name": "oldPolicyName",
    "new_name": "newPolicyName",
    "cloud_provider": "aws",
    "instanceConditional": {
      ...
    },
    "objectContainerConditional": {
      ...
    },
    "objectConditional": {
      ...
    },
    "dlp": {
        "profileNames": [
            "DLP Profile 1",
            "DLP Profile 2"
        ]
    },
    "maxScanFrequency": "7d",
    "action": "Alert",
    "enabled": true,
    "notify": {
      "interval": "30",
      "to_users": [
        "admin"
      ],
      "emails": [
        "abc@netskope.com"
      ],
      "from_user": "abc@netskope.com"
    }
}'
Share this Doc

Update a Storage Scan Policy

Or copy link

In this topic ...