Enabling Forensics for Azure Blob Storage

Enabling Forensics for Azure Blob Storage

To configure your Azure Blob Storage as a forensic destination,

  1. Ensure that you have Blob storage with a storage account and a container within the storage account. You can use existing resources or create new resources.

    Netskope recommends that the container in the storage account is specifically used to store forensic data only.
  2. Allow storage account key access. You should enable key access in the storage account for Netskope to access the Azure Blob storage. To do so:

    1. Log in to portal.azure.com.

    2. On the left navigation, click All services. Then click Storage > Storage accounts.

    3. Select the storage account for forensic.

    4. On the left navigation, navigate to Settings > Configuration.

    5. Netskope recommends to disable Allow Blob anonymous access.

      Disabling Allow Blob anonymous access does not impact Netskope from uploading and downloading forensic data to and from the Azure Blob storage. Netskope uses secured and authenticated communication with the Blob storage.
    6. Ensure that Allow storage account key access is enabled.

      Netskope uses Shared Key Access to authorize access to Azure Blob storage.
      Enabling Forensics for Azure Blob Storage
  3. Configure an Azure Active Directory Application. To learn more: Step 1/3: Configure an Azure AD Application for Forensics.

  4. Assign permissions to store objects in the Blob storage. To learn more: Step 2/3: Assign Azure permissions to store forensic objects.

  5. Add the Azure Subscription to the Netskope tenant. To learn more: Step 3/3: Set up a Netskope instance with Azure App Registration credentials

    Netskope normalizes the term “Account” to help with cross CSP summaries. Netskope normalized “Account” field maps to Azure Subscription.
Share this Doc

Enabling Forensics for Azure Blob Storage

Or copy link

In this topic ...