icon-dspm.svg
Posture Control (DSPM)

Configuring Scan Settings for Azure Cloud Storage

You can configure the scan settings to scan the Azure cloud storage resources such as Blob Storage. DSPM scans the resources for any sensitive data. The scan results are displayed on the Data Inventory page.

You can configure the scan settings after onboarding the Azure accounts. To learn more, see About Cloud Accounts.

To scan the Azure cloud storage:

    1. Go to Administration > Scan Settings.

    2. Select the Scan Settings tab.

      If you are configuring the scan settings for the first time, the following page appears:

    3. Click Configure Scan Settings.

    4. For subsequent configurations, click Add New on the Scan Settings page.

    5. On the Select Cloud Type and Resource Type page:

      • For Cloud Type, select Azure.
      • For Resource Type, select Cloud Storage.

    6. Click Next.
    Close
    1. On the Select Data to Scan page, choose one of the following options:

      • Scan All Subscriptions/Storage Accounts: Scans all the subscriptions or storage accounts.

      • Exclude Subscriptions/Storage Accounts: Exclude specific accounts or subscriptions from the scan. When you select this option, the list of accounts is displayed. Select the checkbox for the accounts that must be excluded from the scan.

      • Scan Specific Subscription/Storage Accounts: Scan only specific accounts or subscriptions. When you select this option, the list of accounts is displayed. Select the checkbox for the accounts that must be scanned.

      • Scan Blob Containers: Search for and select the checkbox for the blob containers that must be scanned.

    2. Enable Malware Scanning: Enable this option if the resources must be scanned for malware. This option is disabled by default.

    3. Click Next.

    4. If you chose Scan All Subscriptions/Storage Accounts, you can optionally exclude specific blob containers from the scan.

    5. Click Next.
    Close

    1. On the Scan Type page:

      • Full Scan: Scan all the objects in the blob containers.
      • Scan Only New or Modified Files: Scan only those files that are modified or newly added to the storage account since the previous scan.
      • Historical Scan: Scan the data for a specific lookback period (1 to 365 days).

    2. Click Next.
    Close

    1. On the Scan Scope page, choose a scan scope from the drop-down menu to set up your scan settings.

      To learn more about configuring and creating a scan scope, see Configuring Scan Scope.

    2. Click Next.
    Close

    1. Review the scan settings. Click the Edit icon to change any values, if required.

    2. Click Finish.
    Close
Related Articles
Configuring Scan Settings for Azure Cloud StorageConfiguring Scan Settings for Azure Virtual MachineConfiguring Scan Settings for Azure DatabaseConfiguring Scan Settings for Azure Unmanaged Databases