Real-time Protection for AWS
You can define granular Real-time Protection policies to monitor API and browser traffic to sanctioned and unsanctioned AWS accounts. The workflow to create a new Real-time Protection policy has been optimized so that you can include all the supported AWS services in a single policy with a single click using the new Cloud App Suite grouping. To learn more about supported AWS services: Supported AWS Entities for Real-time Protection.
Real-time Protection leverages Netskope's Cloud Security Posture Management (CSPM) capabilities to synchronize the AWS account IDs as App Instances in the new Real-time Protection policy workflow. When the policy is applied, Netskope refers to these account IDs to identify the destination of the traffic.
If you are not using CSPM for AWS, then you can use a REST API to add the app instances.
To create a new Real-time Protection policy for AWS,
In the Netskope tenant, navigate to Policies > Real-time Protection.
Click New Policy and select Cloud App Access.
In the Real-time Protection Policy page, select the source from the list of users, user groups, organizational units, or unknown users.
If you want to apply this policy to all AWS services, then select Cloud App in Destination and then select Amazon Web Services under Cloud App Suite.
If you want to apply this policy to all your AWS accounts that were onboarded through CSPM, then select App Instance in Destination and then select All Amazon Web Services to include all the existing and future AWS instances. Else, select specific instances under Amazon Web Services.
If you are not using CSPM for AWS, then create an app instance using REST API and then select the instances under App Instance > App. To learn more, see Add an App Instance in Public Cloud API Endpoints for REST API v1.
In the previous step, if you selected Cloud App and Amazon Web Services suite or individual cloud apps in the Amazon Web Services suite, you can apply additional criteria such as App Instance Tag using REST API. To learn more, see Add an App Instance in Public Cloud API Endpoints for REST API v1.
Under Profile & Action you can select multiple DLP profiles and set an action for each profile.
Provide a policy name, set the status as Enabled, and set the policy schedule. Click Save on top of the page to save the policy.
To learn more about creating a new Real-time Protection policy, see Real-time Protection Policies.