Create the Scan

Objective: Create a DLP Scan

Here you’ll notice that creating an on-demand scan for the EDM-based policies is exactly the same as it was for regular expressions and Skyhigh classifications.

Tasks

Create a Scan

  1. From the main menu bar, select Policy then On-Demand Scan.
  2. Using the Actions drop-down menu, select Create a Scan.
  3. From the General Info screen, select the DLP & Malware scan type.
  4. Provide a name for the scan, such as “EDM DLP Scan”.
  5. Under the Service Instance dropdown, select the AWS account you configured earlier.
  6. For Service Type select Storage (S3).
  7. For Hosted select Cloud (via API).
  8. Click Next.

Add all your cloned/customized policies to the scan

  1. From the Select Policies page, select the EDM-based DLP policy you just created.
  2. Click Next.

Configure the Scan

  1. From the Data Scope section, select the Full option and All dates.
  2. In the Buckets section, select the Exclude CloudTrail Buckets option (if available) and set Buckets to Scan to All Buckets.
  3. In the Accounts section, set Accounts to Scan to All Accounts.
  4. Click Next.

(Don’t) Schedule the Scan

  1. Since we are in a lab environment and want to run this scan manually, set the Frequency to None (On-Demand Only).
  2. Click Next.

Review Your Scan Settings

Ensure that your scan settings are what you intend and click Save.