Configure 3rd-party Threat Exchange Plugins

Configure 3rd-party Threat Exchange Plugins

Only admins and write-access users can configure 3rd-party Threat Exchange plugins. Threat Exchange comes with a library of supported plugins. Plugins can be easily configured to collect and share indicators related to file hashes of malicious software (malware) used in a Netskope DLP policy by following the plugin guide. Refer to the Threat Exchange Custom Plugin Developers Guide to understand how to build and upload a custom plugin.

You can also disable, enable, or delete existing plugin configurations. Threat Exchange can be configured with multiple plugins to the same system for different workflows from either the same Netskope tenant or multiple Netskope tenants.

Threat Exchange ONLY pulls the following IoC’s when they are available:

  1. Malicious file file hashes in MD5 or SHA256 format.
  2. URL: Depending on the nature of the plugin, these could be malicious URL, restricted URL, or allowed URL. The latter two would be for firewall, SWG, or CASB policy synchronization.
  3. IP addresses (CIDR): Depending on the nature of the plugin, these could be malicious IP, restricted IP, or allowed IP. The latter two would be for firewall, SWG, or CASB policy synchronization.
Share this Doc

Configure 3rd-party Threat Exchange Plugins

Or copy link

In this topic ...