Cloud Exchange Module Descriptions

Cloud Exchange Module Descriptions

Log Shipper

Log Shipper regularly and persistently executes polls against the Netskope REST API gateway to extract raw JSON formatted event and alert logs and push a newly formatted version out to one or more receivers, configured as a plugin. It does this using a sophisticated algorithm to use a multi-threaded query engine, working within rate limits (4 queries/second), and handling error responses and datasets larger than its pagination limit (10,000 logs per response) in order to deliver all requested logs during initial seeding and near-real time activities.

Ticket Orchestrator

Ticket Orchestrator extracts alerts, and the fields in those alerts, generated by Netskope in response to user and system behaviors/discoveries, and creates tickets and/or notifications in 3rd-party ITSM/IR/collaboration systems to streamline incident response.

Threat Exchange

Threat Exchange is designed to streamline and automate the sharing of indicators found/blocked/sourced by one security or IT platform in defense of a specific customer to every other connected platform owned or used by the same customer that can leverage that data, to reduce the likelihood of success of attack.

Risk Exchange

The Risk Exchange v1 module replaces the original User Risk Exchange and Application Risk Exchange workflows. This new module is designed to ingest one or multiple plugged-in vendors’ user or device risk scores, and create a single view of individual contributors to the companies overall risk score. Its rules-based engine matches single or multiple vendor scores, or a derived weighted score, to trigger notifications and drive highly-focused orchestrated actions to reduce the risk from individual users or devices.

The initial Risk Exchange includes two workflows, User Risk Exchange and Application Risk Exchange, that create a single view into multiple connected systems risk values for individual users, devices, and applications.

With User Risk Exchange, as scores are consumed into a database, they are mapped to a normalized value range and can be weighted as needed to create a single score per user, and a daily average across all users/devices. By leveraging business logic, you can match individual scores, score combinations, or weighted scores as nested, ordered triggers to send notifications via Ticket Orchestrator plugins, and/or trigger one or more preconfigured orchestrated actions as made available in individual plugins.

Application Risk Exchange is an engine for collecting the application details from the application events of a Netskope tenant, and then sharing those with other Application Risk Exchange configured plugins.

Share this Doc

Cloud Exchange Module Descriptions

Or copy link

In this topic ...