Enabling Forensics for Azure Blob Storage
Enabling Forensics for Azure Blob Storage
Deprecation Notice for Classic Azure Blob Storage as a Forensic Destination.
To configure your Azure Blob Storage as a forensic destination,
-
Ensure that you have Blob storage with a storage account and a container within the storage account. You can use existing resources or create new resources.
Netskope recommends that the container in the storage account is specifically used to store forensic data only. -
Allow storage account key access. You should enable key access in the storage account for Netskope to access the Azure Blob storage. To do so:
-
Log in to portal.azure.com.
-
On the left navigation, click All services. Then click Storage > Storage accounts.
-
Select the storage account for forensic.
-
On the left navigation, navigate to Settings > Configuration.
-
Netskope recommends to disable Allow Blob anonymous access.
Disabling Allow Blob anonymous access does not impact Netskope from uploading and downloading forensic data to and from the Azure Blob storage. Netskope uses secured and authenticated communication with the Blob storage. -
Ensure that Allow storage account key access is enabled.
Netskope uses Shared Key Access to authorize access to Azure Blob storage.
-
-
Configure an Microsoft Entra ID Application. To learn more: Step 1/3: Configure a Microsoft Entra ID Application for Forensics.
-
Assign permissions to store objects in the Blob storage. To learn more: Step 2/3: Assign Azure permissions to store forensic objects.
-
Add the Azure Subscription to the Netskope tenant. To learn more: Step 3/3: Set up a Netskope instance with Azure App Registration credentials
Netskope normalizes the term “Account” to help with cross CSP summaries. Netskope normalized “Account” field maps to Azure Subscription.
- Deprecation Notice for Classic Azure Blob Storage as a Forensic Destination
- Step 1/3: Configure a Microsoft Entra ID Application for Forensics
- Step 2/3: Assign Azure permissions to store forensic objects
- Step 3/3: Set up a Netskope instance with Azure App Registration credentials
- Azure forensics Instance Re-grant FAQs
Articles
- Step 1/3: Configure a Microsoft Entra ID Application for Forensics
- Deprecation Notice for Classic Azure Blob Storage as a Forensic Destination
- Step 2/3: Assign Azure permissions to store forensic objects
- Step 3/3: Set up a Netskope instance with Azure App Registration credentials
- Azure forensics Instance Re-grant FAQs