Publishing Activity Logs to S3

Publishing Activity Logs to S3

Overview

You can see downloadable logs of all activity within Netskope One DSPM by navigating to Administration → Activity Logs. These are divided between User Activity and System Activity tabs, and can be sorted and filtered by activity type. Read below for more information on publishing Activity Logs to your organization’s S3 instance within AWS.

To enable this feature, please contact your Account Team or Netskope One DSPM Support.

Understanding Activity Logs

As an optional feature, you can push Activity Logs from Netskope One DSPM (Administration → Activity Logs) to your organization’s S3 instance within AWS.

All system activities and user activities store in the corresponding AWS S3 bucket as separate .json objects with standard formatting and includes the following information:

  • Resource
  • Action type
  • Timestamp
  • User ID
  • Description of the activity

The timestamp on each .json record will match the time at which the activity was recorded in Netskope One DSPM. Once you’ve enabled this feature, Activity Logs will appear in S3 moving forward, but will not show activity retroactively.

The following fields will be required from your organization to enable publishing Activity Logs to S3.

FieldRequired?Value
cloud_account_idYesInternal ID corresponding to your AWS Infrastructure Connection.
bucket_nameYesName of the target bucket (assumption = this must already exist)
bucket_regionYesRegion where bucket resides
file_prefixNoOptional sub-folder to store destination files (only necessary if the S3 bucket is being shared with other business processes & you want to keep Netskope One DSPM data segregated)

Log Examples

System Activity

{
  "timestamp": "02-15-2023 04:33:13",
  "type": "scan",
  "description": "Netskope One DSPM completed a scan of data store: 'fp-redshift'\n\nStart time: 2023-02-15 18:48:02.0\nEnd time: 2023-02-15 18:48:45.309\n\nNew queries scanned: 0\nExfiltration alerts generated: 0\nPrivacy alerts generated: 0\nData modification alerts generated: 0\nColumn classification alerts generated: 0\n\n# of new fields detected:  0\n# of new fields classified as sensitive:  0\n# of new fields classified as not sensitive: 0\n"
}

User Activity

{
  "timestamp": "02-15-2023 04:33:13",
  "type": "create",
  "username": "demo@netskope.com",
  "resource": "User Identity",
  "description": "User configured a new employee directory service with name Netskope One DSPM Directory"
}

Share this Doc

Publishing Activity Logs to S3

Or copy link

In this topic ...