Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Near Real-Time DLP Scan and Malware Scan for Azure

Skyhigh CASB provides Near Real-Time (NRT) DLP and Malware detection capability for Azure blob storage. This feature significantly reduces the time to find new DLP and Malware violations in blob storage by detecting file creation or modification events in almost real-time and evaluating associated DLP and Malware policies.

NRT DLP and Malware Scans for Azure leverages event subscription for the storage account which is mapped to the Skyhigh CASB webhook. Whenever a blob storage event is generated, it sends a notification to the webhook, which is then processed and triggers the evaluation of the appropriate DLP or Malware policies.  

Prerequisites

Configure an Azure instance in Skyhigh CASB. For more information, see Enable Microsoft Azure.

Note : Azure does not support events on v1 storage accounts, hence NRT DLP is supported on v2 storage accounts only.

Enable NRT DLP and Malware for Azure 

 To enable Near Real-Time DLP and Malware Scans for Azure:

  1. Login to Skyhigh CASB and go to Settings > Service Management.
  2. Select your Microsoft Azure instance and click Setup > Edit.
  3. You are redirected to the Summary page. Under Enabled Features, click Edit.
  4. To enable NRT DLP, select the checkbox Near Real Time.
  5. To view the prerequisite steps to set up NRT DLP, click the link NRT DLP. You are redirected to the current page.
    nrt_enable.png

Configure Event Subscriptions

You can configure Event Subscriptions using an ARM template or manually. 

Use the ARM Template

  1. In the Azure Portal, go to Templates
    azure_webhook_1.png
  2. Select Add
    azure_webhook_2.png
  3. For General, add a name and description, and click OK.
    azure_webhook_3.png
  4. Download the file update_Storage_account_with_Event_sub.json. Use this template if you want to create event subscription for multiple storage accounts.
  5. Copy and paste the contents into the ARM Template page. Then click OK and Add
    azure_webhook_4.png
  6. The result should look like this:
    azure_webhook_5.png
  7. Deploy the template.
    azure_webhook_6.png
  8. Fill in the required information: 
  9. Accept terms and conditions, then select Purchase
    azure_webhook_7.png
  10. To make sure everything works, check that events are configured for the intended storage blobs. 
    azure_webhook_8.png

Configure Event Subscriptions Manually

  1. In the Azure portal, go to the Storage account that you want to configure. 
  2. Add Event Subscription and provide the required information:
  3. Click Create.azure_webhook_9.png

 

Configure DLP and Malware Policies for NRT 

  1. Go to Skyhigh CASB and choose Policy > DLP Policies.
  2. You can create a new DLP policy or edit an existing one and choose Services as Microsoft Azure. For complete details, see Create or Edit a Sanctioned DLP Policy
  3. Review your policy and Save.
  4. You can create a new malware policy or edit an existing one. Choose Policy > Malware Policies
  5. Click Actions > Create a Malware Policy.
  6. For Services select Microsoft Azure.
  7. Complete the further steps, and then save your policy. For complete details, see Create a Malware Policy
  • Was this article helpful?