Netskope Help

Configure the Netskope Plugin for Threat Exchange

You will need your Netskope tenant name and API token (V1, and optionally V2) to complete this configuration.

  1. Log in to your Cloud Exchange tenant.

  2. Go to Settings and click Netskope Tenants.

  3. Click Add Tenant.

    CE-Log-Shipper-Tenant.png
  4. Enter a Threat Exchange name for your Netskope tenant.

  5. Enter your Netskope tenant name. Do not enter the <tenant_name>.goskope.com, URL. Enter just your tenant. For example, if it's mycompany.goskope.com, just enter mycompany. If your tenant has eu in the URL, enter tenant_name.eu.

  6. Enter your Netskope tenant API token(s) obtained previously.

  7. Set the range for ingesting data from Netskope. In this case, set the Initial Range to 7 days to pre-populate Threat Exchange.

  8. If you use a proxy, enable the proxy toggle.

  9. Click Save. Your tenant appears on the page.

  10. Now configure the Netskope plugin for Threat Exchange. Go to Settings > Plugins.

  11. Select the Netskope CTE box to open the plugin creation pages. Field descriptions are provided here.

    Enter and select the Basic Information on the first page:

    CTE-Plugin-1.png
    • Configuration Name: Enter a name appropriate for your integration.

    • Tenant: Choose the Tenant you added previously.

    • Aging Criteria: Adjust to your business needs. The default is 90 days for an indicator to be marked as inactive.

    • Override Reputation: Enter a value between 1-10. Reputation is a meta field that can be used for advanced sorting only.

  12. Click Next.

  13. Enter and select the Configuration Parameters on the second page:

    CTE-Plugin-2.png
    • Enable Polling: Leave the default of yes.

    • Type of Threat Data: Select the type of threat data you want to collect.

  14. Click Save in the top right. Go to Threat Exchange > Plugins to see your new Netskope plugin.

Threat Exchange Field Descriptions

Field

Description

Default Value

Configuration Name

Name of the Threat Exchange plugin.

-

Tenant Name

Netskope Tenant name. For <companyname>.goskope.com, enter <companyname>.

-

Aging Criteria

How long before the indicator is marked “inactive” and will no longer be sharable.

-

Override Reputation

All reputation indicators are honored when provided by plugged in alliance partners. If they are not provided, their reputation is set to 5. The native or assigned value can be overridden when setting this value.

5

Enable Polling

Enable/Disable polling data from Netskope.

Yes

Type of the Threat data to pull

Type of Threat data to pull. Allowed values are Malware, URL (For Malsite data) and Both.

Both