Netskope Help

Step 1/2: Configure AWS Accounts & Services for Forensic

On the Accounts & Services screen provide your AWS account number, account name, and admin email address. Then enable the services you want to run on the AWS accounts.

  1. Enter the AWS account number, account name, and admin email address in the text box. You can upload a CSV file with the account information, or enter them individually using the following format:



    Account name is required to help you easily identify each account in the Netskope tenant. Email address is optional.

    For information on how to create a CSV file, see Creating a CSV file.

  2. In the Services section, select Forensic.

    This feature provides insight into user activity and alerts you when a DLP violation is found. The forensics data is stored in a forensics folder of the S3 bucket defined in the Forensic Profile. You can view your forensics profiles under Settings > Forensics.

    You can view the forensic alerts under Incidents > DLP.

    DLP Forensics is a licensed feature. Contact Support and get the license to enable this feature in your tenant UI.

    To learn more about configuring a forensic profile, see Forensic Profile.

After providing the account information and selecting the services, proceed to Step 2/2: Configure AWS Permissions for Forensic.

Creating a CSV file

An effortless way to add multiple AWS accounts in the setup screen is to create a CSV file with the account numbers, account names, and email addresses.

You can use Microsoft Excel or Google Sheets to create a CSV file. To get the list of AWS account numbers, account names, and email addresses using the AWS CLI, run the following command:

aws --output=text organizations list-accounts | awk -F'\t' '{printf("%s,%s,%s\n",$4,$7,$3)}'

The output of this command can then be copied to a spreadsheet in Microsoft Excel or Google Sheets and saved as a comma separated CSV, as shown in the screenshot.


This CSV file can then be uploaded to the setup screen.