Posture Control (DSPM)
About Scan Settings
DSPM regularly scans the cloud resources (data stores) such as cloud storage devices, databases, virtual machines. etc., within your cloud accounts and detects sensitive data and vulnerabilities. DSPM performs the scan by leveraging the local scan orchestrator that is deployed in your AWS, Azure, or Google Cloud Platform (GCP) account during the onboarding process. The resources are scanned against a set of standard security policies and a scan schedule. In the scan settings you can select the resources you want to scan, the scan type, and set the scan frequency. DSPM supports data scanning for different data stores and file types. To learn more, see Supported Data Stores and File Types.
You need to first onboard your cloud accounts before configuring the scan settings. To learn more, see About Cloud Accounts.
If a resource is deleted from the account after configuring the scan schedule, then DSPM ignores this resource during the scan.
The scan framework in DSPM provides the following benefits and enables you to:
- Configure the scan settings to scan your accounts and identify sensitive data.
- Regularly monitor your cloud accounts for any vulnerabilities.
- Select the required accounts for scanning and exclude some accounts from scanning.
- Configure the scan frequency and scan type.
Scan Types
DSPM supports the scanning of the following data stores. The scan type varies for each data store.
| Data Store | Scan Type |
|---|---|
| Compute |
|
| Storage |
|
| Database |
|
| NoSQL Datastore |
|
About the Scan Settings Page
On the Scan Settings page (Administration > Scan Settings), you can see the following tabs:
- Scan Scopes
On the Scan Scopes tab, you can do the following:
- Create a new scan scope.
- View the scan scope configurations. For each configuration, you can view the following information:
- Scope: Name of the scan scope. Click to view the scope details.
For each scan scope configuration, you can view:
- Name of the scan scope.
- General Information: Provides an overview of the scan scope, including:
- Created by: Name of the user who created the scan scope.
- Created on: Date and time the scan scope was created.
- Description: Brief summary of the scope.
- Scope Criteria: Defines the scan scope.
- DLP Engines: List of the DLP engines included in the scan scope.
- File Type: List of the file types included in the scan scope.
- ML Categories: Whether machine learning categories are enabled or disabled for the scan scope.
- Scan Settings: List of scan settings associated with the scan scope.
- Description: A concise summary of the purpose and objectives of each scan scope.
- Scan Settings: Information on whether the scan scope is linked to any specific scan settings.
- Created by: The user who created the scan scope.
- Created on: The date and time when the scan scope was created
- Scope: Name of the scan scope. Click to view the scope details.
- Show or hide the columns on the table.
- Click the Action icon to edit or delete the scan scope.
- Scan Settings
On the Scan Settings tab, you can do the following:
- Add a new scan setting for AWS, GCP, or Azure accounts.
- View the scan configurations for various resources. For each configuration, you can view:
- Cloud: The name of the cloud service (AWS, Azure, or GCP).
- Resource Type: The type of resource or data store (cloud storage, database, or virtual machine).
- Scan Type: The type of scan.
- Scan Status: The scan status indicates the state of the scanning process. To learn more, see Understanding Scan Status.
- Next Scan Schedule: The date and time the next scan is scheduled to start.
- Scan Setting: The enabled or disabled state of the scan setting. By default, the scan setting is disabled. After configuring the scan setting, you must enable the scan setting to initiate the scan.
- Enable or disable the scan setting.
- Show or hide the columns in the table.
- Click the Action icon to:
View the scan details.
- Edit the scan setting.
- Start or stop the scan.
You can perform an on-demand scan only on databases and virtual machines.
