Netskope
Version: 1.0.0
Netskope, a global cybersecurity leader, is redefining cloud, data, and network security to help organizations apply zero trust principles to protect data.
Connect Netskope with LogicHub
A connection needs to be saved to use NetBIOS integration.
- Navigate to Automations > Integrations.
- Search for Netskope.
- Click Details, then the + icon. Enter the required information in the following fields.
- Label: Enter a connection name.
- Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
- Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).
- Remote Agent: Run this integration using the LogicHub Remote Agent.
- Tenant Name: Tenant name for the netskope API. Example: 'ip12345'.
- Token: Token for the netskope API.
- After you've entered all the details, click Connect.
Actions for NetBIOS
Get Alerts Data
This endpoint returns alerts generated by Netskope.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Operation | Jinja-templated text containing operation for data iterator server-defined pagination (next,head,tail,resend,epoch-timestamp) | Required |
| Netskope Alert Service Type | Select the netskope service that has generated alert. | Required |
| Index | Jinja-templated text containing a unique name to identify a specific iterator. | Optional |
Output
JSON containing the following items:
{
"_id":"string"
"access_method": "string"
"acked":"false"
"action":"Detection"
"activity":"Download"
"alert":"yes"
"alert_name":"string"
"alert_type":string"Malware"
"app":"test app"
"app_name":"test app"
"app_session_id":"id"
"appcategory":string"Security"
"browser":string"MSIE"
"category":string"Security"
"cci":string""
"ccl":string""
"connection_id":int0
"count":int1
"detection_engine":string"Netskope Threat Intelligence"
"device":string"Windows Device"
"device_classification":string"managed"
"dst_country":string"IN"
"file_category":string"Archive and Compressed"
"file_id":string"id"
"file_name":string"name.cab"
"file_size":int33163365
"file_type":string"application"
"hostname":string"host"
"incident_id":id
"instance":string""
"local_md5":string"md5"
"local_sha256":string"sha"
"malware_id":string"mlware id"
"malware_name":string"Gen.Malware.Detect.By.StHeur"
"malware_profile":string"1"
"malware_severity":string"high"
"malware_type":string"Trojan"
"managed_app":string"no"
"md5":string"md5"
"ml_detection":string""
}
Get Events Data
This API call returns events extracted from SaaS traffic and or logs.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Operation | Jinja-templated text containing operation for data iterator server-defined pagination (next,head,tail,resend,epoch-timestamp). | Required |
| Netskope Events Service Type | Select the event type generated by netskope. | Required |
| Index | Jinja-templated text containing a unique name to identify a specific iterator. | Optional |
Output
JSON containing the following items:
{
"_id":string"id"
"access_method":string"API Connector"
"acting_user":string"user"
"activity":string"Introspection Scan"
"app":string"Microsoft Office 365 Sharepoint Online"
"assignee":string"None"
"destination_app":string"onedrive"
"destination_instance_id":string"id"
"dlp_incident_id":id
"dlp_match_info":[...]1 item
"dlp_parent_id":id
"dst_location":string"location"
"exposure":string"external"
"file_lang":string"hindi"
"file_path":string"path"
"file_size":int2565542
"file_type":string"application/vnd.openxmlformats-officedocument.spre ..."
"from_user":string"[email protected]"
"instance":string"instance"
"instance_id":string"id"
"md5":string"md5"
"object":string"monitoring_tracker.xlsx"
"object_id":string"id"
"object_type":string"File"
"owner":string"owner"
"severity":string"Critical"
"site":string"sites/JJmonitoring"
"status":string"new"
"timestamp":int1698623914
"title":string"monitoring_tracker.xlsx"
"true_obj_category":string"Spreadsheet"
"true_obj_type":string"Microsoft Excel 2007 XML"
}
Release Notes
v1.0.0- Initial release withGet Alerts DataandGet Events Dataactions.
Updated 7 months ago