Enable auditing in Forcepoint ONE SSE

To enable auditing, ensure that you have setup the API access to AWS. This can be done via an IAM user or via Security Token Service. Once you have setup the API, you can enable auditing and have Forcepoint ONE SSE scan and provide visibility in your setting configuration.

Steps

  1. Navigate to the AWS application settings page and select Setup API. You have likely already enable API scanning and configured you AWS tenant previously. If not, follow the Amazon S3: Configuring API access to learn how to configure the API settings via IAM user or STS.




  2. With the tenant API configured, you can now select the Audit AWS Configuration checkbox on the Add AWS Tenant dialog. Once enabled, save your settings and you should see that the Configuration column should switch from Not Audited to Continually Audited.




  3. Once the setup is completed, the first audit scan will kick off within 15 minutes. Once the scan is complete, you should see your report that was created on the Analyze > CSPM Page. After that initial scan, Forcepoint ONE SSE will rescan once every 6 hours and update your the report accordingly.