Create a DLP On-Demand Scan for GCP
You can create an On-Demand DLP and Malware scan to scan your Google Cloud Platform (GCP) resources for issues.
For more information, see this 5-minute YouTube video:
Quarantine Behavior in GCP Cloud Storage Bucket
The quarantine response action for GCP Cloud storage buckets has the following specific behavior:
- Files are quarantined in a new quarantine bucket.
- The new bucket is automatically created in the same project. For example, if you have three projects, one quarantine bucket will be created in each project.
NOTE: The above Quarantine behavior is common for both NRT and ODS DLP or Malware Scan in GCP Cloud Storage Bucket.
Create an On-Demand Scan for GCP
To configure an On-Demand Scan, perform the following steps:
- Go to Policy > On-Demand Scan.
- Click Actions > Create a Scan.
- The Scan Creation Wizard is displayed. On the General Info page enter the following:
- Scan Type. Select DLP & Malware.
- Name. Enter a unique identifier so that you can rerun the scan later.
- Description. Enter an optional description for the scan.
- Service Instance. Select the Google Cloud Platform instance you want to scan.
- Click Next.
- On the Select Policies page, select the available policies to use for your scan type.
- Click Next.
- On the Configure Scan page, configure the data scope, buckets, and projects for your scan.
- Data Scope.
- Full. Scans all content every time the scan is run. The first time you run a scan, you must use Full mode.
- Incremental. Scan only content that has changed since the last successful scan. For details about Incremental mode, see About On-Demand Scans.
- Scan Dates. Select All, to scan all data. Or select Last X Days to limit the scan to the specified time period.
NOTES:
- Starting with the Skyhigh CASB 5.4.0 release onwards, to align IaaS DLP/Malware scan configurations with the SaaS DLP/Malware scan, per-scan settings options "File Size" and "Restrict File Type(s) to" are not available for the IaaS (Azure, AWS, and GCP) DLP Scans.
- With this change, all new IaaS DLP/Malware scan honors the global scan settings by default.
- The existing IaaS DLP/Malware scan honors the per-scan settings for the Skyhigh CASB 5.4.0 release only. If you want to retain the custom settings for specific IaaS scans, contact Skyhigh Security Support.
- Buckets.
- All Buckets. Scan all storage accounts.
- Include Specific Buckets. To include specific buckets for scan, manually enter them in a comma-separated list in the text box below.
- Exclude Specific Buckets. To exclude specific buckets for scan, manually enter them in a comma-separated list in the text box below.
- Projects.
- All Projects. Scan all projects.
- Include Specific Projects. To include only specific projects, click Edit and select specific projects from the list.
- Exclude Specific Projects. To exclude only specific projects, click Edit and select specific projects from the list.
- Click Next.
- On the Schedule Scan page, select the schedule for your scan to run:
- None (On-Demand Only). Run the scan once now.
- Daily. Run the scan once a day. Configure the time and time zone.
- Weekly. Run the scan once a week. Configure the day, time, and time zone.
- Click Next.
- On the Review & Activate page, review your settings for the On-Demand Scan, and click Save. Or click Back to make changes.
Once the setup is complete, to run a scan, on the Policy > On-Demand Scan page, select a Scan Name. Under the Actions column for that scan, click Start. You can view all the policy incident violations on the Policy Incidents page.