Azure Service Bus Plugin for Ticket Orchestrator

Azure Service Bus Plugin for Ticket Orchestrator

This document explains how to configure the Azure Service Bus ITSM plugin with the Cloud Ticket Orchestrator module of the Netskope Cloud Exchange platform. This plugin is used to send messages in the Queues available on the Azure Service Bus platform. This plugin only supports adding (creating) messages in the Queues; the plugin does not support updating or syncing messages in Queues.

Prerequisites

To complete this configuration, you need:

  • Netskope tenant (or multiple, for example, production and development/test instances) that is already configured in Cloud Exchange.
  • A Netskope Cloud Exchange tenant with the Ticket Orchestrator module already configured.
  • A Namespace Primary String.
  • Connectivity with the Azure Namespace.
CE Version Compatibility

Netskope CE: v4.2.0, v5.0.1

Azure Service Bus Plugin Support

This plugin is used to send messages in the Queues available on the Azure Service Bus platform. This plugin only supports adding (creating) messages in the Queues, the plugin does not support updating or syncing messages in Queues.

Supported Alert types for messages

Anomaly, Compromised Credentials, policy, Legal Hold, malsite, Malware, DLP, Security Assessment, watchlist, quarantine, Remediation, UBA, CTEP

Queue Mappings
Netskope CE Fields Third Party Fields
Message Custom MessageAlert ID: $id , App: $app , Alert Name: $alertName , Alert Type: $alertType , App Category: $appCategory , User: $user
Permissions

A Shared Access Policy which claims Manage, Send, and Listen is required.

API Details

This plugin uses Python libraries for adding alerts in the Azure Service Bus queue.

Library: The Azure Service Bus SDK for Python (azure-servicebus)

Usage: The Azure Service Bus SDK for Python (azure-servicebus) to create, configure, and manage Azure Service Bus services, such as Azure Service Bus Queue (service bus), it also provides support for other messaging services such as Topics and Subscriptions. Topics allow for the publish-subscribe pattern, where multiple subscribers can receive messages from a single topic. The Azure Service Bus SDK offers access to Azure Service Bus features, providing flexibility and control in building messaging solutions.

Creating the Azure Service Bus Client and Sender

servicebus_client = ServiceBusClient.from_connection_string(conn_str=CONNECTION_STR, logging_enable=True)
with servicebus_client:
    sender = servicebus_client.get_queue_sender(queue_name=QUEUE_NAME)
    with sender:
	# code

Adding a message to Azure Service Bus Queue

def send_single_message(sender):
    message = ServiceBusMessage("Single Message")
    sender.send_messages(message)

servicebus_client = ServiceBusClient.from_connection_string(conn_str=CONNECTION_STR, logging_enable=True)
with servicebus_client:
    sender = servicebus_client.get_queue_sender(queue_name=QUEUE_NAME)
    with sender:
        send_single_message(sender)

To list queues present in service bus namespace

def list_queues(servicebus_mgmt_client):
    print("-- List Queues")
    for queue_properties in servicebus_mgmt_client.list_queues():
        print("Queue Name:", queue_properties.name)
    print("")

Getting Namespace Connection String URL
Go to Resource Group > Namespace > Shared Access Key.

User Agent

netskope-ce-5.0.1-cto-microsoft-azure-service-bus-v1.0.0

Workflow

  1. Create a Namespace in the Microsoft Azure.
  2. Get the Namespace Connection String.
  3. Create a Queue in the created Namespace.
  4. Configure Azure Service Bus Plugin.
  5. Configure a Ticket Orchestrator Business Rule.
  6. Configure a Ticket Orchestrator Queue.
  7. Validate the Azure Service Bus plugin.

Click play to watch a video.

 

Create a Namespace in Microsoft Azure

  1. To create a Namespace, go to Home > All Services.
  2. Click Integration > Service Bus.
  3. Click Create.
  4. Enter the required fields information and click Review+Create.

Get the Namespace Connection String

Create a customized SAS policy.

  1. Go to Home > Service Bus Namespace > Shared Access Policies > Add.
  2. Enter Policy Name and click on the checkbox for Manage, Send, and Listen.
  3. Click Create.

Get your Namespace Connection String.

  1. To create a Namespace Connection String, go to Home > Service Bus Namespace > Shared Access Policies.
  2. Click on your Policy and copy the Primary/Secondary Connection String. Save the String at a secure place to use in the plugin configuration.

Create a Namespace Queue in Microsoft Azure

  1. Go to the Overview tab and click +Queue.
  2. Enter the values for the queue and click Create.
  3. Scroll Down to view the created queue.

Configure the Azure Service Bus Plugin

  1. Go to Settings > Plugins. Search for and select the Azure Service Bus plugin box. Make sure the Ticket Orchestrator module is enabled. If not, go to Settings > General and enable the Ticket Orchestrator module.
  2. Enter a Configuration Name and adjust the Sync Interval to the appropriate value: The recommended value is 5+ minutes.
  3. Click Next.
  4. Enter your Namespace Connection String.
  5. Click Save. Your new plugin will appear on the Ticket Orchestrator > Plugins page.

Configure a Ticket Orchestrator Business Rule for Azure Service Bus

Create a business rule based on the filters you need to generate tickets in the Azure Service Bus plugin

  1. Under the Ticket Orchestrator module, select Business Rules from the navigation bar.
  2. Click Create new rule.
  3. Enter the appropriate Rule Name in the text box and build the appropriate filter query condition on the field(s) for the business rule. You can also build the query manually by pressing the Filter Query button.
  4. Click Save.
  5. To test the newly created business rule, click the Sync  icon and enter the Time period(in days), and then click Fetch. This will show the number of alerts that are eligible for incident/ticket creation.

Configure a Ticket Orchestrator Queue for Azure Service Bus

  1. In Ticket Orchestrator, click Queues.
  2. Click Add Queue Configuration.
  3. Select the previously created Business Rule from the dropdown.
  4. Select the plugin from the dropdown for which the queue is being configured.
  5. Select the Queues from the dropdown. The alerts will be added to the selected queue.
  6. Add/Map appropriate values between alerts and attributes under the Target Fields section. Alert’s attributes can be accessed via “$” in the custom message field.

    Note

    You must provide the value of the field in JSON format: {“text”:”$url”}.

  7. Click Save.
  8. Based on the business rule(s), messages will be added to the Azure Service Bus queues for incoming alerts. automatically. To add historical alerts in the Azure Service Bus queue, click on the Sync icon for the configured queue, enter the Time period (in days) and click Fetch. This will show the number of alerts that are eligible for ticket creation. Click Sync to add alerts to the Azure Service Bus queue.

Validate the Azure Service Bus Plugin

Validate in Cloud Exchange

To validate the workflow, you must have Netskope Alerts.

To view the list of Alerts pulled by the Source Plugin, go to Ticket Orchestrator > Alerts.

To view that the Alerts have been pulled by the Source Plugin, go to Logging.

To view the list of alerts added to Azure Service Bus queue, go to Ticket Orchestrator > Tickets.

Validation in Azure

  1. Go to the Azure Service Bus Namespace and search for the created queue.
  2. Click  Azure Service bus queue > Service Bus Explorer > Peek from Start
  3. Click on one of the messages to check the message content (It will be the same attributes mapped while configuring the queue on the Netskope Cloud Exchange platform).

Troubleshooting

Unable to Configure Plugin/Queue/Disable Plugin

If you are not able to save plugin/configure queue/disable the Azure Service Bus plugin, it might be due to SSL certificate verification failure.

What to do: If you are running the cloud exchange on your on-premise device and receiving the “[SSL: CERTIFICATE_VERIFY_FAILED] certificate verification failed: unable to get local issuer certificate” error, contact your organization IT Team. This issue can be resolved by using cloud platforms such as ec2 or Azure.

Unable to Add messages to queue

If you are not able to add messages (alerts) into the Azure Service Bus queue, it might be due to one of these reasons:

  • Queue is deleted on the Azure Service Bus Namespace
  • Namespace is deleted on the Azure Platform

What to do: Make sure that Namespace and Queues used on the Cloud Exchange platform are available on the Azure Platform.

Share this Doc

Azure Service Bus Plugin for Ticket Orchestrator

Or copy link

In this topic ...