Skip to main content

Netskope Help

About CTEP Settings

On the CTEP Settings page (Settings > Threat Protection > CTEP Settings), you can enable Client Traffic Exploit Prevention (CTEP) for your organization as well as create exceptions using allow lists and signature overrides.

CTEP Status

Enable to inspect your organization's traffic for any CTEP violations.

The CTEP Status option on the CTEP Settings page.
User Notification

Select the user notification you want to display when users visit websites that violate your CTEP policy. You can use the default CTEP notification or create a custom one. If you create a custom notification, ensure the action is set to Block.

The User Notification option on the CTEP Settings page.

When blocked, users will see a similar notification:

The default user notification template for CTEP violations.
Allow List

Under Allow List, you can see the following options:

  • Source IP Allowlist: The Network Location profiles that contain the source IP addresses you want to bypass from CTEP. Click Edit to add or remove profiles.

  • Domain Allowlist: The domains, fully qualified domain names (FQDNs), and wildcards you want to bypass from CTEP. Click Edit to enter domains or FQDNs separated by a comma.

  • Destination IP Allowlist: The Network Location profiles that contain the destination IP addresses you want to bypass from CTEP. Click Edit to add or remove profiles.

The Allow List tab on the CTEP Settings page.
Signature Overrides

Under Signature Overrides, you can:

  1. Enable Alert Only Mode to allow all traffic with signature matches and only send alerts. If enabled:

    • Netskope won't block traffic. Netskope will change any enabled overrides from the Block action to the Alert action.

    • Netskope won't generate alerts for disabled overrides.

  2. Search for a signature name in the table.

  3. Create a signature override.

  4. View a list of configured signature overrides. For each override, you can see the following information:

    • Signature ID: The ID of the signature.

    • Signature Name: The name of the signature.

    • Status: The signature is enabled or disabled for matching.

    • Action: If you enabled signature matching, you can see one of the following actions when a match occurs.

      • Alert: Netskope allows the traffic and generates an alert in Skope IT.

      • Block: Netskope blocks the traffic.

    • Last Edited: The last time the override was edited and by who.

  5. Sort the table by signature name, signature ID, or last edited.

  6. Select at least one override using the checkbox and click Remove to delete it.

  7. Click The Settings icon. to customize table columns or restore the default ones.

  8. Click The More icon. to edit or delete an override.

  9. View up to 100 overrides per page.

  10. View multiple pages of the table.

The Signature Overrides section on the CTEP Settings page.
Viewing CTEP Violation Alerts

After configuring the CTEP settings, you then can view the detected CTEP violations on the Skope IT About Alerts page (Skope IT > Alerts). To view the violations, select C2 and CTEP for the Alert Type filter.

The C2 and CTEP filters on the Skope IT Alerts page.