Netskope Help

Cloud Exchange Release Notes

  • Multithreading while pulling in data from Netskope.

  • Notification in the UI when RabbitMQ reaches free disk space limit.

  • Support for pulling in historical data from specified datetime range in Cloud Log Shipper (CLS).

  • Dedicated worker for ingestion of historical data.

  • Restrict RabbitMQ free disk space limit to 2GB by default.

  • Restrict memory of RabbitMQ docker container to 2GB by default.

  • Maintenance window is split into chunks of 15 minutes and added to historical queue if it ever exceeds 15 minutes.

  • Fix update from UI workflow.

  • Fix timestamp field value in CLS Elastic plugin so Elastic can now parse datetime.

  • Fix Jira timeout issue in CTO plugin which occurred with a large number off Jira projects.

  • Fix the CTE issue where malsite type indicators were pulled when malware was specified in the plugin configuration.

  • Added ArcSight plugin for CLS with millisecond precision for timestamps

  • Updated the lxml python library as the older version was causing issues with the CTE STIX/TAXII plugin

  • Cloud Threat Exchange (CTE) has now uses new IOC sharing workflow

  • Added Netskope Webtx, AWS S3, Azure Object Storage, Google Cloud Storage, Chronicle, Elastic, Local Export plugins in Cloud Log Shipper (CLS).

  • Added support for Netskope v2 APIs

  • Added Severity mapping in CTE CrowdStrike plugin.

  • Added user agent string for all outbound API calls to third party APIs.

  • Fixed a issue where whitelist queries not working on CTO alerts.

  • Added Cloud Risk Exchange (CRE) module with Netskope CRE, CrowdStrike, ProofPoint, Security Advisor plugins.

  • Added Cloud Log Shipper (CLS) module with Netskope CLS, Azure Sentinel, Google Cloud SCC, LogRhythm, Microsoft Cloud App Security, QRadar, Rapid7, Syslog plugins.

  • Added analytics related to plugins.

  • System log cleanup has been added.

  • Changed CrowdStrike CTE apis in place of deprecated apis.

  • The solution, Cloud Threat Exchange, has been renamed and is now known as Cloud Exchange.

  • Cloud Threat Exchange (CTE) is now a module available under Cloud Exchange.

  • Cloud Ticket Orchestrator (CTO) is a new module that has been added.

  • Cloud Ticket Orchestrator allows for the consumption of Alert data from Netskope and then provides the ability to Open ticket into Service Now, Jira, or send out notifications via Slack and other message mediums.

    • Plugin Support for CTO

      • Netskope - Consumption of Alerts - able to filter alerts of interest

      • Service Now - Supports both ITSM and SecOps modules in SNOW: there is a corresponding helper app within Service Now ITSM module

      • Jira - Generate tickets into your projects

      • Notifier (early access) - Send alerts to Slack, Email, PagerDuty and others

  • When first logging into Cloud Exchange, both modules, CTE and CTO, are disabled by default.

  • After initial configuration, the ability to enable or disable these modules can be found under Settings -> General.

  • Updates can be performed by selecting Settings -> General from the lower left navigation pane.

Major Improvements
  • Netskope Query reduction - With the addition of the CTO module, query workflows were refactored to support query once, use many to reduce the queries made toward Netskope.

  • New Plugin Workflow: A Netskope Tenant is created under Settings, by selecting Plugins.

  • SSO Authentication Workflow

  • Upgrades can be performed in the UI under Settings -> General and clicking on the “Check for Updates” button.

  • GitHub Plugin Workflow - We are not able to connect to a GitHub repo for plugins. This allows for 3rd party plugins and will support the migration of Netskope Plugins to GitHub allowing for plugin upgrades to be removed from Core image Upgrades.

Quality of Experience Enhancements
  • Renamed and repositioned the Audit Log to Logging. The Logging link is now listed in the lower left of the primary navigation bar.

  • Table query persistence: When you look at the tables of data, when making a query, the query is remembered if you click away from the table.

Cloud Threat Exchange Plugins
  • Threat Plugins:

    • Mimecast - Learn and Share indicators with Mimecast (Sharing indicators with Mimecast does require an additional license from Mimecast, Bring your own Threat Intel (BYOTI))

    • Microsoft Defender for Endpoint - Learn indicators from Microsoft Defender for Endpoint.

    • Threat Quotient: Learn indicators from ThreatQ

    • MISP (early access): Learn and share indicators with MISP

    • Cybereason: Learn and Share indicators with Cybereason

  • Safe File Plugins:

    • GitHub DLP: Using this plugin, you are creating a SAFE file list. This plugin will scrape the files in a GitHub organization and create a file hash list. This File hash list can then be uploaded to Netskope for use in DLP policy.

Known Issues
  • None