Publishing Activity Logs to S3
Publishing Activity Logs to S3
Overview
You can see downloadable logs of all activity within Netskope One DSPM by navigating to Administration → Activity Logs. These are divided between User Activity and System Activity tabs, and can be sorted and filtered by activity type. Read below for more information on publishing Activity Logs to your organization’s S3 instance within AWS.
To enable this feature, please contact your Account Team or Netskope One DSPM Support.
Understanding Activity Logs
As an optional feature, you can push Activity Logs from Netskope One DSPM (Administration → Activity Logs) to your organization’s S3 instance within AWS.
All system activities and user activities store in the corresponding AWS S3 bucket as separate .json objects with standard formatting and includes the following information:
- Resource
- Action type
- Timestamp
- User ID
- Description of the activity
The timestamp on each .json
record will match the time at which the activity was recorded in Netskope One DSPM. Once you’ve enabled this feature, Activity Logs will appear in S3 moving forward, but will not show activity retroactively.
The following fields will be required from your organization to enable publishing Activity Logs to S3.
Field | Required? | Value |
---|---|---|
cloud_account_id | Yes | Internal ID corresponding to your AWS Infrastructure Connection. |
bucket_name | Yes | Name of the target bucket (assumption = this must already exist) |
bucket_region | Yes | Region where bucket resides |
file_prefix | No | Optional sub-folder to store destination files (only necessary if the S3 bucket is being shared with other business processes & you want to keep Netskope One DSPM data segregated) |
Log Examples
System Activity
{
"timestamp": "02-15-2023 04:33:13",
"type": "scan",
"description": "Netskope One DSPM completed a scan of data store: 'fp-redshift'\n\nStart time: 2023-02-15 18:48:02.0\nEnd time: 2023-02-15 18:48:45.309\n\nNew queries scanned: 0\nExfiltration alerts generated: 0\nPrivacy alerts generated: 0\nData modification alerts generated: 0\nColumn classification alerts generated: 0\n\n# of new fields detected: 0\n# of new fields classified as sensitive: 0\n# of new fields classified as not sensitive: 0\n"
}
User Activity
{
"timestamp": "02-15-2023 04:33:13",
"type": "create",
"username": "demo@netskope.com",
"resource": "User Identity",
"description": "User configured a new employee directory service with name Netskope One DSPM Directory"
}