Netskope Help

Step 1/2: Accounts & Services

On the Accounts & Services screen provide your AWS account number, account name, and admin email address. Then enable the services you want to run on the AWS accounts.

  1. Enter the AWS account number, account name, and admin email address in the text box. You can upload a CSV file with the account information, or enter them individually using the following format:

    123456789012,test,andrew@netskope.com
    764389765412,develop
    345689713654,production,timms@netskope.com
    

    Note

    Account name is required to help you easily identify each account in the Netskope tenant. Email address is optional.

    For information on how to create a CSV file, see Creating a CSV file.

  2. In the Services section, select the services you want to enable on the AWS accounts.

    • Security Assessment: Scans the AWS resources for misconfigurations and measures them against compliance benchmarks and best practices such as, CIS, PCI-DSS, NIST, and Netskope's recommended best practices.

      You can view the compliance status of your resources in the Compliance > Security Posture, IaaS > Overview, and IaaS > Inventory pages.

      For information on configuring security assessment policies and rules, see the Security Assessment documentation.

    • DLP Scan: Scans the S3 buckets for sensitive data and generates events when buckets are created, modified, or deleted. You can view the DLP Incidents in the IaaS > Overview ,  SkopeIT > Alerts, and Incidents > DLP pages.

      DLP is a licensed feature. Contact Support and get the license to enable this feature in your tenant UI.

      For information on using DLP policies, rules, and data identifiers to scan for DLP violations, see the Data Loss Prevention documentation.

    • Threat Protection (Malware Scan): Scans the S3 buckets for malware. Threat Protection is a licensed feature. Contact Support and get the license to enable this feature in your tenant UI.

      You can view the malware alerts in the SkopeIT > Alerts and Incidents > Malware pages.

      For information on configuring a malware detection profile, see Create a Malware Detection Profile.

After providing the account information and selecting the services, proceed to Step 2/2: Permissions.

Creating a CSV file

An effortless way to add multiple AWS accounts in the setup screen is to create a CSV file with the account numbers, account names, and email addresses.

You can use Microsoft Excel or Google Sheets to create a CSV file. To get the list of AWS account numbers, account names, and email addresses using the AWS CLI, run the following command:

aws --output=text organizations list-accounts | awk -F'\t' '{printf("%s,%s,%s\n",$4,$7,$3)}'

The output of this command can then be copied to a spreadsheet in Microsoft Excel or Google Sheets and saved as a comma separated CSV, as shown in the screenshot.

excel-to-csv.png

This CSV file can then be uploaded to the setup screen.