Netskope provides web filtering telemetry. It is to track the unauthorized or malicious web.
- Need Admin Login credentials for Netskope.
- Need REST API Token, the Domain name of Netskope REST API Endpoint.
Configuring Netskope feed
Generate the REST API on Netskope
- In the Netskope UI, navigate to Settings -> Tools -> Rest API
- At the top of the page, there are three items:
- REST API Status: This shows the status and allows you to enable or disable all of the REST API tokens for this tenant. Click the pencil icon to open this dialog when you want to enable or disable all tokens.
- Global Rate Limit: Shows the requests per second. Private Access supports up to four requests per second.
Generate the new token in REST API
- On the REST API v2 page, click New Token.
2. Enter a token name, and the token expiration time, and then click Add Endpoint to select the API endpoints to use with the token. The infrastructure endpoints are used for the Publisher APIs. The steering endpoints are used for the Private Apps APIs.
3. Specify the privileges for each of the endpoints added. Read privileges include GET, and Read + Write privileges include GET, PUT, POST, PATCH, and DELETE.
4. When finished, click Save. A confirmation box opens showing whether the token creation was a success.
5. When finished, click OK.
6. After being created, tokens can be managed by clicking the adjacent … icon for the token and selecting one of these options:
For example, to reset the token expiration time, Change Expiration. Specify the number of hours, days, weeks, or months to keep the token valid, and then click Save.
7. For a standard token rotation over a given time period (like changing passwords every 90 days, for example), or in the event of a compromise/leak, you’ll want to revoke and reissue a new token.
Configuring a Chronicle feed
- Select Third party API as source type and then select Netskope as log source as shown in below image
2. Click Next after which you have to enter the required parameters below
- AUTHENTICATION HTTP HEADER - “token:keyvalue” format (Example “token:Agghjkxxxx”, keyvalue is token which we have generated in REST API)
- API HOSTNAME - myinstance.goskope.com
- API ENDPOINT - alerts
- CONTENT TYPE - all
3. Click Next and Finalize.