Netskope

Netskope is a SASE solution that provides data protection, and threat prevention across cloud apps, web traffic, and private applications. It helps organizations enforce policies, detect threats, and prevent data loss while ensuring compliance. For detailed information, refer to Netskope’s official documentation.

Integration Method: API

Tables: Detection Finding (2004), Network activity (4001)

This integration supports the following events.

This integration supports the following versions.

Prerequisites

• The user should have access to Netskope console. 

• The user should have access to the DataBee console.

Configuration Overview

1. Create an API Token with required permissions to fetch the data.

2. Create Netskope data feed in the DataBee console with the required Client credentials.

   DataBee Parameter	Netskope Parameter
   API Base URL (< instance >)	Instance URL
   Token	Token

Netskope Configuration

1. Login to the Netskope console. Extract the instance name from the URL, as it is required for configuring the DataBee UI.
    

2. Clicking the Settings button will open the settings page in a new tab.
    

3. Click on the Tools button.
    

4. Click on the REST API v2 button.
    

5. Click on the NEW TOKEN button.
    

6. Enter ‘TOKEN NAME’.
    

7. In the ‘EXPIRE IN’ field, enter 12 and select Month(s) from the dropdown.
    

8. Click on the ADD ENDPOINT button.
    

   Note:

   Token expiration is set for one year. Ensure reconfiguration of the token after that to maintain seamless data ingestion.

9. In the ‘SCOPE’ section, add the endpoints mentioned below to enable access.

   Endpoint	Description
   /api/v2/events/data/alerts	Get a list of all alerts in the Netskope instance
   /api/v2/events/data/page	Get the full details for a user web activity

   1. Search for events/data/alerts, then locate and select the /api/v2/events/data/alert endpoint.
       

   2. Search for events/data/page, then locate and select the /api/v2/events/data/page endpoint.
       

   3. After the above point, the permission scope should be structured as follows.
       

10. Click on the SAVE button.
     

11. Click on the COPY TOKEN to copy the token to your clipboard. Ensure you store the token in a secure location, as you will not be able to view it again.
     

    Note:

    Ensure you store the token in a secure location, as you will not be able to view it again.

12. Click on the OK button.
     

DataBee Configuration

1. Login to the DataBee UI, navigate to Data > Data Feeds and click the Add New Data Feed button.
    

2. Search for Netskope and select it.
    

3. Click on the API Ingest.
    

4. Enter feed contact information and click Next.
    

5. In the configuration page, enter the following:

   • Authorization Method: Bearer Token

   • API Base URL: this is the base URL that DataBee will interact with.

     • Replace <instance> with your Instance according to your Instance URL.

   • Token: paste the Token generated earlier in the Netskope portal.

   • Event Types: preselected for all the event types that integration pulls.

   

6. Click Submit.

Troubleshooting Tips

• If you encounter an Unauthorized error, it may indicate that the authentication token has expired or deleted. In this case, regenerate the token to restore access. To prevent potential issues, consider pasting the token into a text editor to verify that there are no extra spaces or unexpected characters before reconfiguring the DataBee feed.