Netskope Help

Creating a Forensic Profile for Public Cloud Storage

After you have enabled the Forensic feature for you AWS, Azure, and GCP instances, you can now create a Forensic Profile to receive forensic data. In the Netskope UI, go to Policies > Profiles > Forensic and specify the instance name and storage name. Then, enable forensics in Settings > Forensics.

To learn more: Create a Forensic Profile.

When the profile is created, Netskope creates a README.txt file in the storage to verify the destination.

Note

Ensure that you exclude the S3 Bucket used for the Forensic Profile from API Data Protection DLP and Threat Protection policies. This will ensure that Netskope does not generate false positive incidents from DLP and Threat Protection scans and you do not incur additional AWS costs due to scanning.

To learn more: What Triggers a Scan and Billing of AWS S3?.