Define Data Security Scan Settings

The scan settings for data security allows you to configure scans for additional buckets, view the data profiles and the associated data patterns, and modify what you want to scan.
After you add the cloud accounts that you want to scan using Prisma Cloud, the data security configurations that define what profiles and patterns are used to scan your files stored in the storage bucket, how sensitive information is displayed when there is a pattern match, and any modifications to enable and disable scans for specific buckets are available on
  1. Select
    Scan Settings
    The table view displays a list of all storage resources across the cloud accounts that you have added to Prisma Cloud.
    Bucket additions or deletions after the cloud account is onboarded are not displayed on this page.
    • Any buckets which are created after the cloud account is onboarded are not be displayed on this page until you edit the onboarded cloud account (
      Cloud Accounts
      and select the additional buckets.
    • Any buckets that are deleted after onboarding are not removed from this page.
    The columns display the following information:
    1. The resource name, which is the bucket name as you defined it on the cloud service, cloud storage service name, and cloud service provider, and the cloud account name you provided when you onboarded the account on Prisma Cloud.
    2. The estimated size of data.
      Prisma Cloud retrieves the approximate
      Storage Size
      of the storage bucket and the
      Last Estimate
      timestamp indicates when the data was last retrieved. The estimate is updated once a week, by default, and it starts when you enable Data Security scanning for the cloud account. This size estimate excludes CloudTrail buckets and objects that contain ELB access logs, VPC flow logs, and S3 access logs.
      From the
      Estimate Retrieval
      dropdown, you can set the estimate retrieval schedule to Daily, Weekly (default), or None. This is a tenant-level configuration and the schedule you set will affect all the accounts under that tenant. You can change the schedule once in 24 hours.
      Storage for Sensitive Data Scanning
      Storage for Malware Scanning
      are an estimate of the data to be scanned based on the supported file types and file sizes that are eligible. The estimated size for
      Storage for Sensitive Data and Malware Scanning
      maybe lesser than the sum total for the malware category, and the sensitive data category because of file types that may overlap.
      For cloud accounts that were onboarded using versions of the CloudFormation template earlier than 21.5.1, the storage size estimate does not display because additional permissions are required to retrieve this estimate.
    3. Scan configuration. The
      Scan Status
      indicates whether each bucket is enabled or disabled for scanning, and when enabled whether it is performing Forward only, or Forward and Backward scans.
  2. Configure scanning of buckets.
    The options to fine-tune your scanning configuration, such as which file extensions to ignore, or to scan only for sensitive date or only malware are not available.
    1. Select a storage bucket for which to
      Configure Scan
      . You can update the following options for scanning:
    2. Enable Scanning
      or toggle to disable scanning.
  3. Select the
    Scan Type
    ) When you select
    Forward and Back Scan
    , the forward scan inspects any new or modified files, and the backward scan is retrospective, which means that it inspects files that exist in the storage bucket. The size and number of Supported File Extensions—Prisma Cloud Data Security that you want to scan within your storage bucket will determine how many Prisma Cloud credits are used for Data Security. However, in the event that you trigger the scan quota threshold and the Prisma Cloud Data Security scan is paused, if you have enabled both forward and backward scan all files will be inspected when you increase the scan quota and scanning resumes. For backward scan, all existing files in the bucket are scanned in a batch operation. Depending on the number of files in your bucket, backward scan can consume more credits.
    Forward Scan Only
    , Prisma Cloud scans all files that are modified or new files added to the bucket after you enable scanning.
    For forward scan, the scan scope is unknown and therefore an estimate of data to be scanned and the corresponding credit consumption is not displayed onscreen.
  4. View the list of
    Data Profiles
    Data Patterns
    By default, the predefined profiles—Financial Information, Healthcare, Intellectual Property & PII—are enabled. To disable a data profile, toggle
    for one or more data profile. When disabled, the patterns associated with the profile are not used to discover sensitive content in your storage buckets.
    To create custom data profiles and patterns and generate alerts for data policy violations, see Use Data Policies to Scan for Data Exposure or Malware.
  5. Select a Data Profile to see all the Data Patterns included within the profile.
    To add a custom data profile, see Use Data Policies to Scan for Data Exposure or Malware.
  6. Select each data pattern to learn more.
  7. Learn how to request for an increase in Data Security scan quota.
With Prisma Cloud Data Security, the
experience offers 300GB per tenant, before you are charged for using the Data Security module.
The default scan quota for each tenant is 10TB; this quota allows you to control how much data is scanned so that you can align your organizational DLP budget with the amount of data that is scanned. This 10 TB limit is adjustable and you can open a support ticket with Prisma Cloud Customer Success to increase it and balance your costs, while also ensuring that you're using Prisma Cloud Data Security to scan the file types that you want to secure.
If you reach the 10TB threshold, you must submit a request to increase the scanning quota. Until you increase it, Prisma Cloud does not perform forward scan of new or modified files. Backward scan is also paused and is resumed only after you increase this scanning quota.

Recommended For You