Configure Account Administrator Email Notification
You can configure Skyhigh CASB to notify the account owner, subscription owner, or project owner of any configuration audit policy violation incidents in your IaaS environment. This is to make sure that you, as the account holder, are informed first and can take appropriate actions accordingly.
Azure
To enable your subscription owner email notification for configuration audit policy violation incidents in Azure:
- Go to Settings > Service Management.
- Click Add Service Instance and select Microsoft Azure.
- Add an Instance Name and click Done.
- Select the features you want to enable for your Azure account. Click Next.
- Review the mandatory Pre-requisites, click the checkbox, and click Next.
- Click Provide API Credentials.
Microsoft O365 (or Azure) login window appears.
- Enter your O365 (or Azure) credentials, or pick an existing account.
- Review the permissions and click Accept.
- API Access is Enabled. Click Next.
Make sure you have configured the roles in Skyhigh CASB.
- Select a Subscription ID from the list. Click Next.
- Select the pre-populated Subscription Owner's email to notify any Configuration Audit Policy violation incidents. Alternatively, you can manually enter an email in the description box. Click Next.
- Review your settings and click Save.
Email notification for the subscription owner in Azure is configured successfully.
Google Cloud Platform (GCP)
To enable your project owner email notification for configuration audit policy violation incidents in GCP:
- Go to Settings > Service Management.
- Click Add Service Instance and select Google Cloud Platform.
- Add an Instance Name and click Done.
- Click Enable API.
- Select the features you want to enable for your GCP account. Click Next.
- Review the mandatory Prerequisites, click the checkbox, and click Next.
- Add the Service Account to the GCP project in your GCP console. Under Project Settings, add projects using one of two options:
- Enter my projects info manually. Enter the Project ID of an existing project.
- Discover projects under my organization. Select a project from the list of available projects under your organization, and click Authenticate Projects.
- Select the pre-populated Project Owner's email to notify any Configuration Audit Policy violation incidents. Alternatively, you can manually enter an email in the description box. Click Next.
- In the Summary page, verify your settings and click Save.
Email notification for the Project Owner in GCP is configured successfully.
Amazon Web Services (AWS)
To enable your account owner email notification for configuration audit policy violation incidents in AWS:
- Go to Settings > Service Management.
- Click Add Service Instance and select Amazon Web Services (AWS).
- Add an Instance Name and click Done.
- Click Enable API.
- Select the features you want to enable for your AWS account. Click Next.
- Review the mandatory Pre-requisites, click the checkbox, and click Next.
- Add the Accounts to the AWS project in your console. Under Add Accounts, add accounts using one of two options:
- Enter my account info manually. Choose this option, then type each AWS account's Role ARN, Preferred Name, and AWS Bucket name (if you have enabled Activity Monitoring).
- Upload a CSV with account info. Choose this option if you have a CSV file.
- Click Authenticate Accounts.
- Select the account on the right, then select the Account Owner's email to notify any Configuration Audit Policy violation incidents. Alternatively, you can manually enter an email in the description box. Click Next.
- In the Summary page, verify your settings and click Save.
Email notification for the account owner in AWS is configured successfully.