Create a DLP On-Demand Scan for GCP

Quarantine Behavior in GCP Cloud Storage Bucket

The quarantine response action for GCP Cloud storage buckets has the following specific behavior: 

• Files are quarantined in a new quarantine bucket.
• The new bucket is automatically created in the same project. For example, if you have three projects, one quarantine bucket will be created in each project.

NOTE: The above Quarantine behavior is common for both NRT and ODS DLP or Malware Scan in GCP Cloud Storage Bucket.

Create an On-Demand Scan for GCP

1. Go to Policy > On-Demand Scan.
2. Click Actions > Create a Scan.
3. The Scan Creation Wizard is displayed. On the General Info page enter the following:
   • Scan Type. Select DLP & Malware.
   • Name. Enter a unique identifier so that you can rerun the scan later.
   • Description. Enter an optional description for the scan. 
   • Service Instance. Select the Google Cloud Platform instance you want to scan. 
4. Click Next. 
5. On the Select Policies page, select the available policies to use for your scan type. 
   
6. Click Next. 
7. On the Configure Scan page, configure the data scope, buckets, and projects for your scan. 
   

• Data Scope. 
  • Full. Scans all content every time the scan is run. The first time you run a scan, you must use Full mode. 
  • Incremental. Scan only content that has changed since the last successful scan. For details about Incremental mode, see About On-Demand Scans. 
  • Scan Dates. Select All, to scan all data. Or select Last X Days to limit the scan to the specified time period. 

NOTES: 

• Starting with the Skyhigh CASB 5.4.0 release onwards, to align IaaS DLP/Malware scan configurations with the SaaS DLP/Malware scan, per-scan settings options "File Size" and "Restrict File Type(s) to" are not available for the IaaS (Azure, AWS, and GCP) DLP Scans.
• With this change, all new IaaS DLP/Malware scan honors the global scan settings by default.
• The existing IaaS DLP/Malware scan honors the per-scan settings for the Skyhigh CASB 5.4.0 release only. If you want to retain the custom settings for specific IaaS scans, contact Skyhigh Security Support.

• Buckets. 
  • All Buckets. Scan all storage accounts.
  • Include Specific Buckets. To include specific buckets for scan, manually enter them in a comma-separated list in the text box below. 
  • Exclude Specific Buckets. To exclude specific buckets for scan, manually enter them in a comma-separated list in the text box below. 
• Projects.
  • All Projects. Scan all projects. 
  • Include Specific Projects. To include only specific projects, click Edit and select specific projects from the list. 
  • Exclude Specific Projects. To exclude only specific projects, click Edit and select specific projects from the list. 

8. Click Next. 
9. On the Schedule Scan page, select the schedule for your scan to run:
   • None (On-Demand Only). Run the scan once now.
   • Daily. Run the scan once a day. Configure the time and time zone. 
   • Weekly. Run the scan once a week. Configure the day, time, and time zone. 
     
10. Click Next. 
11. On the Review & Activate page, review your settings for the On-Demand Scan, and click Save. Or click Back to make changes. 
    

Once the setup is complete, to run a scan, on the Policy > On-Demand Scan page, select a Scan Name. Under the Actions column for that scan, click Start. You can view all the policy incident violations on the Policy Incidents page.