- 25 Mar 2025
- 2 Minutes to read
- Print
- DarkLight
Netskope
- Updated on 25 Mar 2025
- 2 Minutes to read
- Print
- DarkLight
Netskope is a SASE solution that provides data protection, and threat prevention across cloud apps, web traffic, and private applications. It helps organizations enforce policies, detect threats, and prevent data loss while ensuring compliance. For detailed information, refer to Netskope’s official documentation.
Integration Method: API
Tables: Detection Finding (2004), Network activity (4001)
This integration supports the following events.
Event | Description |
---|---|
Alerts | Captures alert data on security and compliance violations, including file details, user activity, policy violations, and exposure risks. |
Pages | Captures detailed logs of user web activity, including accessed URLs, application usage, connection details, data transfer, and geolocation information. |
This integration supports the following versions.
Netskope Version | 124.0.2.163 |
Netskope API Version | v2 |
Prerequisites
The user should have access to Netskope console.
The user should have access to the DataBee console.
Configuration Overview
Create an API Token with required permissions to fetch the data.
Create Netskope data feed in the DataBee console with the required Client credentials.
DataBee Parameter
Netskope Parameter
API Base URL (< instance >)
Token
Netskope Configuration
Login to the Netskope console. Extract the instance name from the URL, as it is required for configuring the DataBee UI.
Clicking the Settings button will open the settings page in a new tab.
Click on the Tools button.
Click on the REST API v2 button.
Click on the NEW TOKEN button.
Enter ‘TOKEN NAME’.
In the ‘EXPIRE IN’ field, enter 12 and select Month(s) from the dropdown.
Click on the ADD ENDPOINT button.
Note:
Token expiration is set for one year. Ensure reconfiguration of the token after that to maintain seamless data ingestion.
In the ‘SCOPE’ section, add the endpoints mentioned below to enable access.
Endpoint
Description
/api/v2/events/data/alerts
Get a list of all alerts in the Netskope instance
/api/v2/events/data/page
Get the full details for a user web activity
Search for events/data/alerts, then locate and select the /api/v2/events/data/alert endpoint.
Search for events/data/page, then locate and select the /api/v2/events/data/page endpoint.
After the above point, the permission scope should be structured as follows.
Click on the SAVE button.
Click on the COPY TOKEN to copy the token to your clipboard. Ensure you store the token in a secure location, as you will not be able to view it again.
Note:
Ensure you store the token in a secure location, as you will not be able to view it again.
Click on the OK button.
DataBee Configuration
Login to the DataBee UI, navigate to Data > Data Feeds and click the Add New Data Feed button.
Search for Netskope and select it.
Click on the API Ingest.
Enter feed contact information and click Next.
In the configuration page, enter the following:
Authorization Method: Bearer Token
API Base URL: this is the base URL that DataBee will interact with.
Replace <instance> with your Instance according to your Instance URL.
Token: paste the Token generated earlier in the Netskope portal.
Event Types: preselected for all the event types that integration pulls.
Click Submit.
Troubleshooting Tips
If you encounter an Unauthorized error, it may indicate that the authentication token has expired or deleted. In this case, regenerate the token to restore access. To prevent potential issues, consider pasting the token into a text editor to verify that there are no extra spaces or unexpected characters before reconfiguring the DataBee feed.