icon-unified.svg
Experience Center

About SaaS Security Scan Configuration

In order for the SaaS Security Data at Rest Scanning Data Loss Prevention (DLP) and Malware Detection policies to inspect content in sanctioned SaaS applications, you must create SaaS Security scan schedules.

Before scheduling a scan, you must configure the DLP and Malware Detection policy (i.e., configure policy rules for your SaaS application tenant). When configuring a scan schedule for a tenant, you must select the Data at Rest Scanning policy. This allows the scan to use the policy rules associated with the tenant, and to inspect content based on the rule's specifications (e.g., criteria, action, etc.).

To learn more, see Understanding SaaS Security Scan Schedules.

About the SaaS Security Scan Configuration Page

On the Scan Configuration page (Policies > Common Configuration > Out-of-band CASB > Scan Configuration), you can do the following:

  1. Add a new scan schedule.
  2. Search for a scan schedule.
  3. View a list of all configured scan schedules. For scan schedules, you can see the following:
    • SaaS Application Tenant: The SaaS application tenant chosen for the scan schedule.
    • Schedule Criteria: The specified policy and the amount of historical data inspected by the scan.
    • Description: The description of the scan schedule, if available.
    • Status: Displays whether the scan is running or stopped. When the scan is running, this also displays the date and time the scan started. When the scan is stopped, this also displays the date and time the scan stopped and the reason.

  4. Stop a scan at any time.

    Stopping a scan flushes the processing queue. If you stop the scan, you must use one of the following options to start it again.

    • Configure the scan to inspect all historical data and the scan will process all data from the beginning. This might result in duplicate results for data that the scan has already inspected.
    • First, analyze your SaaS Security Insights logs to find when the scan stopped processing your historical data. Then, configure the scan to inspect data starting from that date, so it ignores already processed data.
  5. Start a scan at any time.
  6. Edit or delete a scan schedule.
  7. Modify the table and its columns.

Tasks on the Zscaler SaaS Security Scan Configuration page

Related Articles
Understanding the Data at Rest Scanning PolicyAbout Data at Rest Scanning DLPConfiguring the Data at Rest Scanning DLP PolicyConfiguring the Data at Rest Scanning DLP Policy ExceptionsAbout Data at Rest Scanning Malware DetectionConfiguring the Data at Rest Scanning Malware Detection PolicyConfiguring the Data at Rest Scanning Malware detection Policy ExceptionsAbout SaaS Security Scan ConfigurationUnderstanding SaaS Security Scan SchedulesConfiguring SaaS Security Scan SchedulesConfiguring the Data at Rest Scanning Exceptions