Troubleshooting UEBA Setup for AWS
Troubleshooting UEBA Setup for AWS
This topic provides common scenarios that you can troubleshoot when you set up UEBA for AWS.
Removing UEBA for AWS
After you set up UEBA for AWS along with other Netskope Public Cloud security products if you choose to discontinue the UEBA offering, you must do the following for each AWS account that has Netskope’s CloudTrail feature enabled.
- In the AWS console, delete the NetskopeCloudTrailStack that the aws-instance-setup.yml created for each AWS account.
- In the Netskope tenant, disable CloudTrail, download the new CFT, and update the existing CloudFormation stack in your AWS console.
Follow the detailed instructions below.
- In the Netskope UI go to Settings > Configure App Access > Classic > IaaS.
- Click on each AWS instance for which CloudTrail is enabled and uncheck the CloudTrail service in the Edit window.
- Download the new CFT and click on the checkbox to confirm that the AWS account has the required permissions.
- Log in to the AWS Management Console using the credentials of the AWS account and navigate to Services > CloudFormation.
- In the CloudFormation page, delete the NetskopeCloudTrailStack stack that was previously created By Netskope at the time of setup.
- Update the stack you created previously with the new CFT you downloaded in step 3.
- In the Netskope UI, click on the Confirm radio button in the Edit window. Click Save.
To learn more: Step 2/2: Configure AWS Permissions for UEBA.