1. Home
    2. Prisma
    3. Prisma SaaS
    4. Prisma SaaS Administrator's Guide
    5. Secure Cloud Apps on Prisma SaaS
    6. Add Cloud Apps to Prisma SaaS
    7. Begin Scanning an Amazon S3 App
    8. Exclude Amazon S3 Buckets from Scans

    Exclude Amazon S3 Buckets from Scans

    Learn how Prisma SaaS enables you to create a custom list of S3 buckets to exclude archived data from asset scans.
    Prisma SaaS enables you to exclude specific S3 buckets from scans to meet your organization’s compliance needs. Sometimes organizations designate specific S3 buckets to store data that is not in use before that data moves to
    cold
     storage (for example, Amazon Glacier). If you have compliance reporting demands when such data is accessed, you can omit that data from scans.
    Prisma SaaS has two exclusion lists:
    • Default exclusion list
      —S3 buckets that Prisma SaaS automatically excludes from scans. CloudTrail logging enables the Amazon S3 app to log management and data events to the CloudTrail buckets. Prisma SaaS depends on CloudTrail to determine if S3 buckets change. Your log events do not display as assets in Prisma SaaS web interface because Prisma SaaS automatically adds your CloudTrail buckets to
      Buckets Ignored by Prisma SaaS
      .
    • Custom exclusion list
      —S3 buckets that you manually exclude from scans. If you specify
      All
       S3 buckets during single account or multiple accounts onboarding, you have the option to add a custom list of S3 buckets for exclusion.
    In order for Prisma SaaS to enforce your custom exclusion list, you must add the bucket names after you onboard the Amazon S3 app—but
    before
     you start scanning. Otherwise, absent any bucket names, Prisma SaaS scans
    All
     S3 buckets, then displays those unwanted assets in the Prisma SaaS web interface. If you add the bucket names
    after
     the scan begins, Prisma SaaS stops scanning those buckets moving forward, but those unwanted assets remain in Prisma SaaS. To remove those assets, you must delete the Amazon S3 app and repeat the onboarding process. Similarly, you can delete a bucket name from exclusion, but previously discovered assets remain unless you delete the cloud app.
    1. Log in to Prisma SaaS.
    2. Select
      Settings
      Cloud Apps & Scan Settings
      .
    3. Click on the
      Amazon S3
       app that you added.
    4. Specify a comma-separated list of bucket names in
      Custom List of Buckets to Exclude
      , then
      Add
      .
      amazon-s3-ignore-buckets.png
    5. Next Step
      : Start scanning, when you’re ready for Prisma SaaS to discover your assets.

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2021 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo