Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Near Real-Time DLP Scan and Malware Scan for Azure

Skyhigh CASB provides Near Real-Time (NRT) DLP and Malware detection capability for Azure blob storage. This feature significantly reduces the time to find new DLP and Malware violations in blob storage by detecting file creation or modification events in almost real-time and evaluating associated DLP and Malware policies.

NRT DLP and Malware Scans for Azure leverages event subscription for the storage account which is mapped to the Skyhigh CASB webhook. Whenever a blob storage event is generated, it sends a notification to the webhook, which is then processed and triggers the evaluation of the appropriate DLP or Malware policies.  


Configure an Azure instance in Skyhigh CASB. For more information, see Enable Microsoft Azure.

Note : Azure does not support events on v1 storage accounts, hence NRT DLP is supported on v2 storage accounts only.

Enable NRT DLP and Malware for Azure 

 To enable Near Real-Time DLP and Malware Scans for Azure:

  1. Login to Skyhigh CASB and go to Settings > Service Management.
  2. Select your Microsoft Azure instance and click Setup > Edit.
  3. You are redirected to the Summary page. Under Enabled Features, click Edit.
  4. To enable NRT DLP, select the checkbox Near Real Time.
  5. To view the prerequisite steps to set up NRT DLP, click the link NRT DLP. You are redirected to the current page.

Configure Event Subscriptions

You can configure Event Subscriptions using an ARM template or manually. 

Use the ARM Template

  1. In the Azure Portal, go to Templates
  2. Select Add
  3. For General, add a name and description, and click OK.
  4. Download the file update_Storage_account_with_Event_sub.json. Use this template if you want to create event subscription for multiple storage accounts.
  5. Copy and paste the contents into the ARM Template page. Then click OK and Add
  6. The result should look like this:
  7. Deploy the template.
  8. Fill in the required information: 
  9. Accept terms and conditions, then select Purchase
  10. To make sure everything works, check that events are configured for the intended storage blobs. 

Configure Event Subscriptions Manually

  1. In the Azure portal, go to the Storage account that you want to configure. 
  2. Add Event Subscription and provide the required information:
  3. Click Create.azure_webhook_9.png


Configure DLP and Malware Policies for NRT 

  1. Go to Skyhigh CASB and choose Policy > DLP Policies.
  2. You can create a new DLP policy or edit an existing one and choose Services as Microsoft Azure. For complete details, see Create or Edit a Sanctioned DLP Policy
  3. Review your policy and Save.
  4. You can create a new malware policy or edit an existing one. Choose Policy > Malware Policies
  5. Click Actions > Create a Malware Policy.
  6. For Services select Microsoft Azure.
  7. Complete the further steps, and then save your policy. For complete details, see Create a Malware Policy
  • Was this article helpful?