Netskope Help

Configure Threat Protection for a Real-time Protection Policy

Netskope can scan files stored in your cloud storage applications for malware. Real-time Protection policies scan files for malware by default. For added protection, optional configurations include allowlist and blocklist file hash lists for malware detection, and integrating Carbon Black for endpoint protection to use remediation profiles while creating an Real-time Protection policy.

To use the optional configurations in a Real-time Protection policy, configure these options before creating the Real-time Protection policy:

  • Create a file hash list: Specify the type of hash lists to detect in a malware scan.

  • Create a detection profile: Specify which hash list file types to allowlist and blocklist.

  • Integrate endpoint detection and remediation: Set up a 3rd-party integration, like with Carbon Black or CrowdStrike, for endpoint protection.

  • Create a remediation profile: Specify the action to take, like Isolate, Alert, or Add to Watchlist/Blocklist.

To configure threat protection for Real-time Protection policies:

  1. In the Netskope tenant UI, go to Policies > Real-time Protection and click New Policy. Select Threat Protection.

  2. Enter the settings in the Real-time Protection policy page for Source (Users) and Destination (Cloud App/Category) first. Next, in the Profile and Action section, select a Threat Protection Profile.

  3. Select the Action for each severity level. To apply a remediation profile for each severity level, select a remediation profile from the dropdown list.

  4. Enter a name for the policy and click Save.

Now you are ready to use the malware and malicious sites pages.