Activities Monitored by Netskope

Activities Monitored by Netskope

Once you have successfully set up the app instance, Netskope can start monitoring activities on your SaaS environment. Here is a list of activities Netskope can monitor:

AppsActivities Monitored
Atlassian ConfluenceEvents to trigger DLP scan:
All spaces under the Atlassian Confluence site, including personal spaces. Inventory changes scanned:

  • Page created or updated.

  • Blog post created or updated.

  • Comment created or updated.

  • Attachment created or updated.

BoxEvents to trigger a DLP scan:

  • New file created or uploaded

  • File edit, rename, move, and copy.



Note


Netskope does not support scanning web shortcut files.
Cisco WebexEvents to trigger a DLP scan:

  • New and updated chat messages and file attachments posted in 1-1 chats, group chats, public spaces, private spaces, and team spaces.

Citrix ShareFileEvents to trigger a DLP scan:

  • New file upload.

  • New folder upload.


Events to trigger alert:

  • New group creation.

  • New user creation.



Note


Netskope does not monitor content inside the email Inbox folder of ShareFile.
DropboxEvents to trigger a DLP scan:

  • New file created or uploaded.

  • File edit, rename, move, and copy.



Note


Netskope does not support scanning Google related files like Google docs, Google sheets, et al, and web shortcut files.
EgnyteEvents to trigger a DLP scan:

  • New file created or uploaded.

  • File edit, rename, move, or copy.

GitHubEvents to trigger DLP scan:

  • Commits pushed to a repository.

  • Individual file-level incident - With file-based alerts, Netskope can provide DLP alerts with detailed file-level information. Each section of a commit that includes any violations will result in a unique incident with a URL linking to that section of the commit. The alert will specify the violating commit, the associated file, and the specific code block that breaches the DLP rule. Additionally, it includes a URL that allows customers to easily view the identified violation within GitHub. To view a DLP incident, navigate to Incidents > DLP, look for a GitHub incident, and click it.



Note



  • Netskope can scan for DLP and threat protection on plain text source code only. Netskope does not scan binary files such as Microsoft Office docs, PDFs, images, executable files, and likes.

  • Netskope does not scan repositories outside the GitHub organization.

  • Netskope does not scan binary files due to GitHub API limitations downloading the content.


GmailEvents to trigger a DLP scan or threat protection:
All emails sent by all organizations’ users (sent folder). This includes email subject, body, and attachment.
Google DriveEvents to trigger DLP scan:

  • New file created or uploaded.

  • File edited or renamed.

  • File deleted.



Note


Netskope cannot scan Google Doc or Sheet greater than 10 MB. This is a limitation enforced by Google.
Microsoft 365 OneDrive (Commercial/GCC)Events to trigger a DLP scan or threat protection:

Note


Netskope does not scan any OneNote files for DLP and threat protection on Microsoft 365 OneDrive (Commercial).


  • New file created or uploaded.

  • Make a copy of a file.

  • Replace content of a file.

  • If the permission of a parent folder changes, Netskope will trigger a DLP scan on the child folders and files.


Revoke access:

  • User shares a file either through link or directly grant access to a user.

Microsoft 365 Outlook (Commercial/GCC)Events to trigger DLP scan:
All emails sent by all organization’s users (Sent item) will be scanned after instance connection, this includes:

  • Email subject

  • Email body

  • Email attachment

Microsoft 365 SharePoint (Commercial/GCC)Events to trigger a DLP scan or threat protection:

Note


Netskope does not scan any OneNote files for DLP and threat protection on Microsoft 365 SharePoint (Commercial).


  • New file created or uploaded.

  • Make a copy of a file.

  • Replace content of a file.

  • If the permission of a parent folder changes, Netskope will trigger a DLP scan on the child folders and files.


Revoke access:

  • User shares a file either through link or directly grant access to a user.

Microsoft 365 Teams (Commercial)Events to trigger a DLP scan or threat protection:

  • New and updated chat messages, subjects, and file attachments posted in standard and private channels.

  • New and updated chat messages and file attachments posted in 1-1, group, and meeting chats.
Microsoft 365 YammerEvents to trigger DLP scan:
New Yammer message content including:

  • DLP on Yammer messages content in DMs

  • DLP on Yammer messages content in Groups/Communities
SalesforceEvents to trigger DLP scan:

  • File created or updated. Includes Salesforce content document, document, and attachment.

  • Message sent which represents Salesforce Chatter message.

  • Page created or updated which represents Salesforce feed item.

  • Comment created or updated which represents Salesforce feed comment.

ServiceNowEvents to trigger a DLP scan:

  • A new record created in tables monitored by Netskope.

  • A new record updated in tables monitored by Netskope.

  • A new attachment created for a record in tables monitored by Netskope.

  • A new attachment updated for a record in tables monitored by Netskope.


Events to trigger a threat protection scan:

  • A new attachment created for a record in tables monitored by Netskope.

  • A new attachment updated for a record in tables monitored by Netskope.



Note


For a list of tables monitored Netskope, click here.
Slack EnterpriseEvents to trigger DLP scan:

  • Create new messages and attachments.

  • Create new conversations.

  • Upload new files.

  • Make edits to conversations.

  • Create new canvas.

  • Make text edits to canvas

  • Limitations:


    • Edits in text snippets are not supported.

    • Attachments in a canvas are not supported.


WorkdayEvents to trigger DLP scan:

Note


Netskope can only monitor files/folders inside the Workday drive.


  • New file upload.

  • Make a copy of a file.

  • Replace a content of a file.

  • Move to trash.

  • Restore from trash.

  • Rename

  • Share by link.

  • Share with user group.

  • Move file/folder.

  • Add to favorites.

  • Remove from favorites.



Note


Netskope relies on the polling mechanism to monitor the changes of a file. API polling occurs in intervals. If a file is deleted immediately after being created, the file may not be detected due to the polling interval delay.
ZoomEvents to trigger a DLP scan:

  • New/updated direct chat messages sent from an internal user. Message content only. No attachments.

  • New/updated channel messages sent from an internal user. Message content only. No attachments.


In both the case above, DLP scan applies to Zoom “Team Chat” messages only. DLP scanning on “in-meeting” chat is currently a controlled-GA feature. To try this feature, contact your Netskope sales representative or support.
Share this Doc

Activities Monitored by Netskope

Or copy link

In this topic ...