Skip to main content

Netskope Help

Using DLP with Netskope Public Cloud Security

You can use Netskope's DLP solution to check for compliance and protect sensitive data. The DLP profiles that enforce compliance and protect sensitive data consists of DLP rules that specify data identifiers. These data identifiers find content that should not be present in your IaaS environment. The following predefine rules and data identifiers can be used to create DLP profiles to monitor the data in your IaaS environment.

Predefine Rule

Predefine Identifier


Security - API Secret Keys

  • (P0) - computing/security/secret_keys/aws

  • (P1) - computing/security/secret_keys/generic_32h

  • (P2) - computing/security/secret_keys/generic_40a

Checks for AWS, GitHub, and Facebook API keys.

Security - Passwords

  • (P0) - computing/security/password_terms/eng

  • (P1) - computing/security/passwords/common

  • (P2) - computing/security/passwords/secure

Checks for common and secure passwords, and password related terms such as passwd, p/w, password.

Security - Private Key Blocks

  • (P0) - computing/security/private_keys/generic_begin

  • (P1) - computing/security/private_keys/generic_end

Checks for private keys.

You can setup DLP policies for AWS and GCP to perform retro scans and ongoing scans on your storage buckets. For detailed information refer to the following topics,

You can view the DLP incidents in your tenant under API-enabled Protection > IaaS > Overview > DLP Incidents. To learn more: View IaaS Overview.

For information on DLP Profiles and Rules, see the Data Loss Prevention documentation.