Netskope Help

Configure 3rd-party Threat Exchange Plugins

Only an Admin can configure 3rd-party Threat Exchange plugins. Threat Exchange comes with a library of supported plugins. Plugins can be easily configured to collect and share indicators related to file hashes of malicious software (malware) used in a Netskope DLP policy by following the plugin guide.

You can also disable, enable, or delete existing plugin configurations. Threat Exchange can be configured with multiple plugins to the same system for different workflows from either the same Netskope tenant or multiple Netskope tenants.

Cloud Threat Exchange ONLY pulls the following IOC's when they are available:

  1. malicious file filehashes in MD5 or SHA256 format

  2. URL - depending on the nature of the plugin, these could be malicious URL, restricted URL, or allowed URL. The latter two would be for firewall, SWG, or CASB policy synchronization

  3. IP addresses (CIDR) - depending on the nature of the plugin, these could be malicious IP, restricted IP, or allowed IP. The latter two would be for firewall, SWG, or CASB policy synchronization