Updated on January 9, 2024

Enabling Forensics for Google Cloud Storage

Enabling Forensics for Google Cloud Storage

To configure a Google Cloud Storage as a forensic destination, follow these steps.

  1. Step 1: Assign permissions
  2. Step 2: Create a service account
  3. Step 3: Setup the Google instance in your Netskope tenant

Step 1: Assign permissions

In your Google console, navigate to organization, folder, or project which contains the storage bucket to be configured as a forensic destination.

  1. Log into Google Cloud console and go to IAM & Admin.
  2. Select the organization, folder, or project resource with the storage bucket to be configured as a forensic destination.
  3. In the left navigation panel, click Roles and click Create Role.
  4. Provide a role title and click Add Permissions. Provide the following permissions.
    storage.buckets.list
storage.objects.create
storage.objects.get
  5. Enter each permission in the Enter property name or value text box. Select the permission and click Add.
    add-permissions.png

    After adding the permissions, click Create to create the custom role.

Step 2: Create a service account

Create a service account for the organization, folder, or project and download the private key. This key will be required when setting up the instance in your Netskope tenant.

  1. In the left navigation panel if the Google Cloud console, click Service Accounts > Create Service Account
  2. Provide a name for the service account and click Create and Continue. Click Continue without granting access or permissions. Then click Done without granting user access to the service account.
  3. On the Service accounts page, click the service account you created and select on the Keys tab.
  4. Click Add Key and from the drop-down list click Create new key.
  5. In the Create private key for <service account> dialog box, select the key type as JSON and click Create. The private key is downloaded to your computer.

    Click Close.

Step 3: Setup the Google instance in your Netskope tenant

Set up the Google organization, folder, or project instance for forensic in your Netskope tenant using the credentials of the service account to which the custom role is attached.

  1. Log in to the Netskope tenant UI and navigate to Settings > API Data Protection > IaaS.
  2. Click the Google Cloud Platform icon and then click SETUP.

    The New Setup window opens.

  3. Under the GCP Service Account section, enter the following details:
    1. Instance Name: Enter a name for the Google Cloud Platform instance.
    2. Admin Email: Enter the email address of the Google Cloud Platform account owner.

      Note

      You can enter any email address here. Netskope sends notifications to this email address.

    3. Connection Type: Select Forensic.

      Note

      Few of the instance type options may be disabled. Contact your Netskope sales representative for additional information.

  4. In the Cloud Provider Information section, enter the following details:
    1. Under the Upload section, click SELECT FILE and upload the private key JSON file that you downloaded in Step 2: Create a service account.
  5. Click SAVE.
  6. On the API Data Protection > IaaS page, click the Google Cloud Platform icon.
  7. Click Grant Access beside the newly created instance.

    Refresh your browser, and you will see a green check icon next to the Google Cloud Platform instance name.

Once you set up the instance with forensic enabled, you should create a forensic profile. To learn more: Creating a Forensic Profile for Public Cloud Storage.

Share this Doc

Enabling Forensics for Google Cloud Storage

Or copy link

In this topic ...