Learn how Prisma SaaS enables you to create a custom
list of S3 buckets to exclude archived data from asset scans.
Prisma SaaS enables you to exclude specific
S3 buckets from scans to meet your organization’s compliance needs.
Sometimes organizations designate specific S3 buckets to store data
that is not in use before that data moves to
(for example, Amazon Glacier). If you have compliance reporting
demands when such data is accessed, you can omit that data from
Prisma SaaS has two exclusion lists:
—S3 buckets that Prisma SaaS automatically excludes
from scans. CloudTrail logging enables the Amazon S3 app to log
management and data events to the CloudTrail buckets. Prisma SaaS
depends on CloudTrail to determine if S3 buckets change. Your log
events do not display as assets in Prisma SaaS web interface because
Prisma SaaS automatically adds your CloudTrail buckets to
Ignored by Prisma SaaS
Custom exclusion list
—S3 buckets that you manually exclude
from scans. If you specify
order for Prisma SaaS to enforce your custom exclusion list, you
must add the bucket names after you onboard the Amazon S3 app—but
you start scanning.
Otherwise, absent any bucket names, Prisma SaaS scans
buckets, then displays those unwanted assets in the Prisma SaaS
web interface. If you add the bucket names
begins, Prisma SaaS stops scanning those buckets moving forward,
but those unwanted assets remain in Prisma SaaS. To remove those
assets, you must delete the Amazon S3 app and repeat the onboarding
process. Similarly, you can delete a bucket name from exclusion,
but previously discovered assets remain unless you delete the cloud app.
Log in to Prisma SaaS.
Cloud Apps & Scan Settings
Click on the
Specify a comma-separated list of bucket names in
List of Buckets to Exclude
: Start scanning,
when you’re ready for Prisma SaaS to discover your assets.