Configuring cloud discovery scans

Use the Main > Policy Management > Discovery Policies > Cloud Discovery Scans page in the Data Security module of the Security Manager to discover and remediate sensitive data at rest stored in authorized cloud applications.

Initially, the Cloud Discovery Scans page does not list any scans.

To create a new scan, click New in the toolbar at the top of the content page. A Cloud Discovery Scan Properties page opens. See Adding or editing a cloud discovery scan for information on how to add a new scan or to edit the existing scan.

If you receive an error message, go to the Settings > General > Services > Cloud Applications page in the Data Security module of the Security Manager to verify one of the following:

  • DLP Cloud Applications is connected. See Configuring DLP Cloud Applications.
  • Cloud applications are defined. See the Forcepoint CASB Administration Guide, available on the Forcepoint CASB management portal.
  • At least one discovery policy is defined and enabled. See Creating a discovery policy.

After a new scan is created and saved, it appears in the list of cloud discovery scans. The Cloud Discovery Scans list displays the following properties:

  • Scan Name - A name that you entered when the scan was created.
  • Description - A description that you entered when the scan was created or modified.
  • Cloud Application - The cloud application with which this scan is associated. Each cloud application can be assigned to only one scan. A Cloud Application name can be edited by a CASB administrator.
Note: A cloud application in Forcepoint DLP is referred to as asset in Forcepoint CASB.

If a cloud application that is used in a scan was deleted in the CASB portal, the application name and type are N/A and the scan status becomes Inactive.

  • Type - A cloud application name (e.g., Office 365). The type cannot be changed.

    The “Office 365” type may include several Office 365 cloud applications, each with its own name and configuration.

  • Enabled - Indicates whether the scan is enabled or disabled. Enable or disable the scan from the Cloud Discovery Scan Properties page.
  • Scan Status - The status of the scan in Forcepoint DLP:
    • Active - Indicates that the scan is running
    • Inactive - Indicates one of the following:
      • The scan was deleted in the CASB portal.
      • The Data at Rest option is not selected in the CASB portal.
      • The default DLP policy was removed.
    • Deployment needed - Indicates that not all changes were deployed. Click Deploy to deploy scan changes.
  • Enforced Policies - All discovery policies to be enforced on the files stored in the cloud applications or selected policies

To reset the discovery scan cache, click Reset Scan.

Important:

You need to deploy all changes you made in the system before you can run a scan, even if the changes are not related to a selected scan.

Clicking Reset Scan forces a discovery scan cache reset. All files at rest are queued and processed for scanning with the latest policy configuration, including any files that were previously scanned.

Using the Reset Scan button can significantly affect file processing time. Use this action only when significant changes are made to policies or when testing policies with a small data set. Avoid using this button after deployments when possible.

To delete a scan, select the desired scan and click Delete.

Use the Main > Logs > Audit Log page in the Data Security module of the Security Manager to see administrator actions related to cloud discovery scans that were performed in the system.

Use the Main > Logs > System Log page in the Data Security module of the Security Manager to see system alerts, warnings, errors, or information that relate to a CASB connection or to cloud discovery scans.