BitSight Plugin for Application Risk Exchange
BitSight Plugin for Application Risk Exchange
This document explains how to configure the Bitsight plugin with the Application Risk Exchange module of the Netskope Cloud Exchange platform. This integration has a monitored vendor’s section that stores the vendor details across the enterprise. This plugin provides a mechanism to send the application data of Netskope tenants to Monitored Vendors for risk analysis. This plugin requires Bitsight account details, which has access to Monitored Vendors.
Prerequisites
To complete this configuration, you need:
- A Netskope tenant (or multiple, for example, production and development/test instances) that is already configured in Cloud Exchange.
- A Netskope Cloud Exchange tenant with the Application Risk Exchange module already configured.
- Bitsight instance Authorization Key.
- Connectivity to the following host: https://app.thirdpartytrust.com/.
CE Version Compatibility
Netskope CE v4.1.0
Bitsight Plugin Support
This plugin provides a mechanism to share Applications to the Bitsight platform.
Type of data shared | Application |
Mappings
Fields Pushed
Third-Party Fields | Netskope CE Fields |
---|---|
Internal Notes | Application Name, Cloud Confidence Index, CCL, Category Name, Deep Link, Last Shared at |
API Details
List of APIs Used
API Endpoint | Method | Use Case |
---|---|---|
/api/v2/connections.inactives | GET | Get Application/Vendor details |
/api/tier/{vendor_id}/note | POST | Share applications Risk Score |
Get Application/Vendor Details
Method: GET
Headers:
Content-Type: application/json
Accept: application/json
Authorization: Token {token}
API Request Endpoint: https://api.thirdpartytrust.com/api/v2/connections.inactives
Sample API Response – 200 OK:
[ { "incoming": { "model_name": "CompanyConnection", "approval_boolean": false, "approval_date": "", "connection_date": "2021-03-18T11:17:13.837654", "created_on": "2021-03-18 11:17:13", "description": "", "internal_contacts": [], "lifecyclestate_uuid": "b8ca0bea-1b11-4adf-9601-ee7ec06d4e8e", "manual": "True", "owner_contacts": [], "primary_uuid": "f8feed5f-d200-4ea3-8fe8-8a0fc690eff1", "relationship_date": "", "review_year": 0, "secondary_uuid": "153e6623-da10-404e-bddf-66a872d3c8c3", "type_relation": "secondary_views_primary", "uuid": "e3b80f16-3191-4aab-8892-2eb385d7de93", "is_owner": false }, "outgoing": null, "company": { "model_name": "Company", "uuid": "f8feed5f-d200-4ea3-8fe8-8a0fc690eff1", "domain": "oracle.com", "company_legal_name": "Oracle Corporation, Lodestar", "name": "Oracle Corporation, Lodestar", "website": "oracle.com", "labels": [], "departments": [], "lifecycle_state": null, "logo_url": "https://s3.amazonaws.com/s3-apps-prd-fileservice/d21aa983-4519-4868-a2ec-e2a569d05fb9", "company_cluster_domain": "oracle.com", "domains": [], "generic": { "connection_date": "2021-03-18T11:17:13.837654", "description": "", "approval_date": "", "approval_boolean": false, "relationship_date": "", "lifecycle_state": { "model_name": "LifeCycle", "base_value": true, "color": "#767676", "icon": "x", "type": 1, "uuid": "b8ca0bea-1b11-4adf-9601-ee7ec06d4e8e", "value": "Base Pending" } }, "tier_score": 1, "trust_score": 55.38, "next_review_date": "--", "due_date": { "date": null } } } ]
Method: POST
Headers:
Content-Type: application/json
Accept: application/json
Authorization: Token {token}
Request Body:
{ “note”:”Netskope CE ….” }
API Request Endpoint: https://api.thirdpartytrust.com/api/tier/{vendor_id}/note
Sample API Response – 200 OK:
[ { "incoming": { "model_name": "CompanyConnection", "approval_boolean": false, "approval_date": "", "connection_date": "2021-03-18T11:17:13.837654", "created_on": "2021-03-18 11:17:13", "description": "", "internal_contacts": [], "lifecyclestate_uuid": "b8ca0bea-1b11-4adf-9601-ee7ec06d4e8e", "manual": "True", "owner_contacts": [], "primary_uuid": "f8feed5f-d200-4ea3-8fe8-8a0fc690eff1", "relationship_date": "", "review_year": 0, "secondary_uuid": "153e6623-da10-404e-bddf-66a872d3c8c3", "type_relation": "secondary_views_primary", "uuid": "e3b80f16-3191-4aab-8892-2eb385d7de93", "is_owner": false }, "outgoing": null, "company": { "model_name": "Company", "uuid": "f8feed5f-d200-4ea3-8fe8-8a0fc690eff1", "domain": "oracle.com", "company_legal_name": "Oracle Corporation, Lodestar", "name": "Oracle Corporation, Lodestar", "website": "oracle.com", "labels": [], "departments": [], "lifecycle_state": null, "logo_url": "https://s3.amazonaws.com/s3-apps-prd-fileservice/d21aa983-4519-4868-a2ec-e2a569d05fb9", "company_cluster_domain": "oracle.com", "domains": [], "generic": { "connection_date": "2021-03-18T11:17:13.837654", "description": "", "approval_date": "", "approval_boolean": false, "relationship_date": "", "lifecycle_state": { "model_name": "LifeCycle", "base_value": true, "color": "#767676", "icon": "x", "type": 1, "uuid": "b8ca0bea-1b11-4adf-9601-ee7ec06d4e8e", "value": "Base Pending" } }, "tier_score": 1, "trust_score": 55.38, "next_review_date": "--", "due_date": { "date": null } } } ]
User Agent
netskope-ce-1.1.1
Workflow
- Get your Bitsight API Key.
- Configure the Bitsight plugin.
- Configure an Application Risk Exchange Business Rule for Bitsight.
- Configure Application Risk Exchange Sharing for Bitsight.
- Validate the ThirdPartyTrust plugin.
To watch a demo, click play.
Get your Bitsight Authorization Key
- Log in to Bitsight and go to Settings.
- Go to the Integrations tab.
- Click Generate Key.
- Copy the generated Authorization Key. This is needed to configure the Bitsight plugin.
Configure the Bitsight Plugin
- In Cloud Exchange, go to Settings > Plugins. Search for and select the ARE Bitsight plugin.
- Add a Configuration Name, and enable the Use System Proxy if you are using a proxy for configuring the plugin. Click Next.
- Enter the Authorization Key, and click Next.
- Provide the Mapping.
- The left dropdown represents the Bitsight Platform’s field, and the right dropdown represents the Netskope fields.
- Verify the name of the field by expanding the application stored in Cloud Exchange.
- The Company Name present in Bitsight should be the domain, and it can be mapped with the value present in Discovery Domains or Steering Domains present in the application stored in Cloud Exchange.
- Click Save.
Configure an Application Risk Exchange Business Rule for Bitsight
- Go to Application Risk Exchange > Business Rules and click Create New Rule.
- Enter the Rule Name, and configure a query for business rules based on your requirement.
- Click Save.
Configure Application Risk Exchange Sharing for Bitsight
- Go to Application Risk Exchange > Sharing and click Add Sharing Configuration.
- Select the required Business Rule and Configuration (plugin) from their respective dropdowns.
- Click Save.
Validate the Bitsight Plugin
Validate in Cloud Exchange
- Go to Application Risk Exchange > Application. You will be able to see all the applications and their pulled scores.
- Go to the Logging page to see the application pulled.
Note
Only unique applications are stored in Cloud Exchange, so if pulled data are the same from the Netskope tenant, then unique applications will only be stored in Cloud Exchange.
Go to the Logging page to verify the sharing of the application to the Bitsight platform.
Note
The Internal notes are added to the applications on Bitsight based on the unique domains present in the Netskope Applications. For example, if there is only one Application on Cloud Exchange, but it contains multiple discovery and steering domains. On the BitSight platform, there will be multiple applications but with a unique domain. So all the unique domains present in the Cloud Exchange application that are present on BitSight will be updated with the note. There might be the case that for a single Cloud Exchange application multiple applications are updated on BitSight.
In general if a single application in Netskope has many domains, BitSight will list each domain as a separate application.
Validate in Bitsight
- Log in to the Bitsight platform.
- Go to Connections and click Monitored Vendors.
- Go to the Company that got updated.
- Check the Internal notes section to get the Netskope tenant details.
Troubleshooting
Unable to share Applications to the Bitsight Platform
If applications are not shared to the Bitsight platform, check the logs on Cloud Exchange Logging. It could be either of the following.
- Application is not present on the Bitsight platform, that is intended to share.
- The Mapping provided while configuring the Bitsight platform has no match.
What to do: If you have received any warning while sharing the applications, check the warning message and accordingly follow the below step.
- Make sure that the application is already present on the Bitsight platform.
- Make sure that the provided mapping’s value matches properly for Bitsight and the shared applications.
Unable to configure the BitSight plugin
If not able to configure the BitSight Plugin, check the logs in Cloud Exchange Logging. It could the Authorization Key is expired/invalid/deleted.
What to do: If you have received any error while configuring the BitSight Plugin, check the message, and then check the Authorization Key. If it is invalid/expired/deleted, create a new Authorization Key, and then configure the plugin.