Backups scanning policy

Backups scanning policy is a security policy that scans the backups for malware and prevents restoring infected files from backups.

For more information on the Backups scanning functionality, refer to https://www.acronis.com/en-us/support/documentation/CyberProtectionService/index.html#44537

The following examples can be used when creating a protection plan with this protection policy:

  • If scan target is a single archive located on the workload:

    Policy example

     1{
     2    # Put a unique ID of the policy here.
     3    "id": "",
     4    # Backups scanning policy type is 'policy.security.backups_scanning'
     5    'type': 'policy.security.backups_scanning',
     6    'parent_ids': [
     7        # Put the ID of total protection policy here.
     8    ],
     9    'origin': 'upstream',
    10    'enabled': True,
    11    'settings_schema': '2.0',
    12    'settings': {
    13        # A type of target that should be scanned. 'ARCHIVE' means that individual archives will be scanned.
    14        'targets_type': 'ARCHIVE',
    15        # A list of targets to scan. Must be IDs of backups.
    16        'targets': [
    17            # Put IDs of the archives here.
    18        ],
    19        # A type of the scan.
    20        'scan_type': 'LAST',
    21        # Set to true to enable antimalware scanning.
    22        'anti_malware_scan_enabled': True,
    23        # If archive is encrypted by password, an ID of the credentials must be provided here.
    24        'archive_cred_id': '',
    25        # A type of extra settings. 'INTERNAL_SCAN' means that agents of your organization will be used for scanning.
    26        'extra_type': 'INTERNAL_SCAN',
    27        'extra': {
    28            # A list of agent IDs that will scan the backups.
    29            'agent_ids': [
    30                'c5cf050e-bf2c-4866-aac6-bfe60fd94797'
    31            ]
    32        }
    33    }
    34}
    
  • If scan target is a location with archives located on the remote storage:

    Policy example

     1{
     2    # Put a unique ID of the policy here.
     3    "id": "",
     4    # Backups scanning policy type is 'policy.security.backups_scanning'
     5    'type': 'policy.security.backups_scanning',
     6    'parent_ids': [
     7        # Put the ID of total protection policy here.
     8    ],
     9    'origin': 'upstream',
    10    'enabled': True,
    11    'settings_schema': '2.0',
    12    'settings': {
    13        # A type of target that should be scanned. 'LOCATION' means that all archives in specified locations will be scanned.
    14        'targets_type': 'LOCATION',
    15        # A list of targets to scan. Must be IDs of locations.
    16        'targets': [
    17            # Put IDs of the locations here.
    18        ],
    19        # A type of the scan.
    20        'scan_type': 'LAST',
    21        # Set to true to enable antimalware scanning.
    22        'anti_malware_scan_enabled': True,
    23        # If location is encrypted by password, an ID of the credentials must be provided here.
    24        'archive_cred_id': '',
    25        # A type of extra settings. 'EXTERNAL_SCAN' means that external agents will be used for scanning.
    26        'extra_type': 'EXTERNAL_SCAN'
    27    }
    28}