Creating a Cloud App Definition

Creating a Cloud App Definition

When you create a Cloud App Definition and choose From Predefined App, Universal Connector, or Custom Connector, it takes precedence over any predefined apps with the same domain. If you choose Custom Connector, it takes precedence over other App Definitions, including any predefined app connectors with the same domains. For example, if you create a custom connector for the LinkedIn app with all the app domains, all traffic for the app only hits the custom app connector.

Note

Adding a custom app definition to an OU/Group steering configuration adds the custom app definition as managed in the OU/Group steering configuration and unmanaged in the default account configuration.

Creating a Cloud App Definition from a Predefined App, Universal Connector, or Custom Connector

You can create a Cloud app definition from a predefined app, universal connector, or custom connector. The steps to create a Cloud app definition from a predefined app or a universal connector are the same. However, creating from a custom connector differs. This topic is separated by sections depending on the connector type.

  1. Go to Settings > Security Cloud Platform > App Definition.
  2. In the Cloud Apps tab, click New App Definition Rule and then Cloud App.
  3. In the New App Definition: Cloud App window:
    • Application: Enter a name for the app.
    • Connector: Choose one of the following:
      • From Predefined App: Choose if you are adding a custom URL and want to associate it with an existing application. Choose the predefined application name from the drop-down list. Traffic activity is determined based on the predefined app you select. Note, no need to specify a path as it would do a partial match and match everything beyond the domain specified.
      • Universal Connector: Choose if you want to associate it with a custom app definition. Traffic activity is determined based on the connector Netskope defines. Only limited activities are supported. Traffic activity with the universal connector is based on Netskope heuristics logic and a best-effort detection option. The universal connector can detect several activities for any cloud app, such as login, login out, form post, upload, download, and login successful. Note, no need to specify a path as it would do a partial match and match everything beyond the domain specified. Note, the complete path needs to be specified as a complete match is done for the activity to which it is mapped.
      • Custom Connector: Choose if you want to create a custom app inline connector. You must define the mapping between the traffic and activities. You can click Add App Activity to manually add activities or Import from File to replace or add to an Activity List. If you choose this option, see the Creating a Cloud App Definition from a Custom Connector.

  4. Add domains. Refer to the section below, Adding Domains to a Cloud App Definition from a Predefined App or Universal Connector.
  5. Optionally, if you are creating a custom connector, refer to Creating a Cloud App Connector from a Custom Connector below.
  6. Click Save.

Adding Domains to a Cloud App definition from a Predefined or Universal Connector

Domains: Click +Add New Domain and enter the following information. You can add multiple domains.

  • Domain: Enter the associated domain for the custom app definition, like example.com. This must be a publicly available domain and URL. Don’t include any internal domains and URLs that aren’t accessible from the Netskope proxy in the cloud.
  • Path: Enter the paths for the domain, like /login, etc. Ensure each path is separated by a comma. Note, adding a path is optional. If a path is not provided, the connector does a partial match, e.g. “/path”.
The New Cloud App window in App Definition.

Creating a Cloud App Definition from a Custom Connector

Note

You must contact Netskope Support to enable this feature for your tenant.

To create a Cloud app definition from a custom connector:

  1. Go to Settings > Security Cloud Platform > App Definition.
  2. In the Cloud & Firewall Apps tab, click New App Definition Rule and then Cloud App.
  3. In the New App Definition Rule: Cloud App window:
    • Application: Enter a name for the app.
    • Connector: Choose Custom Connector. You can create custom app definitions by using Netskope to tailor a custom app inline connector so that different activities you select can be detected and used for policy enforcement. You can choose and create one or many different custom inline connectors. You must define the mapping between the traffic and activities.
      The Custom Connector option in the New Cloud App window.
    • App Activities: You can click Add App Activity to manually add activities or Import from File to import recorded app activities.
      • Add App Activity: Enter the following information.
        • Domain – Custom apps support only publicly available domains and URLs. Do not include any internal domains and URLs that are not accessible from the Netskope proxy in the cloud. For example, if you want to create a custom connector for application called Pixlr, then ad the domain as https://pixlr.com/
        • Paths (provide the entire path for evaluation) – The path for each domain. For example, login, upload and so on. Paths are optional. If the path does not exist, add “/”. If there is a dynamic variable in the path, use “/.+”. For example, abc.com/.+/XXX. If the traffic pattern is “/skillportfe/1234/login” then the connector match should be “/skillportfe/.+/login”. If the traffic pattern is “/skillport/user.name/testing” then the connector match should be “/skillport/.+/testing“.
        • Parameters – These represent the query parameters and are a part of the URL. For example: in this URL: https://docs.google.com/document/d/1TbzJ5ToPD2dI9t-kezi4LtD9w-cu5AaXJUaE541ROZI/edit?tab=t.0, the parameter would be “tab=t.0”. Note: Parameters are optional and comma separated key-value pairs. For example, page = 1, version = 5
        • Method – Methods are optional. This represents the HTTP methods that are part of the HTTP Request. Examples include: GET, POST, DELETE.
        • Response code (Resp Code) – This represents the HTTP response.They are alphanumeric, for example,  200. Response codes are optional.
        • Pattern – This represents the pattern in the HTTP response body. The Pattern field operates on “resp-body” data, meaning it matches based on the response body (server response) using the specified pattern. This field is used only for Login Failure and Login Successful activities and not for other activities. Pattern field is optional.
        • Activity – If you define a new activity, use initcap for the activity name. For example, Newyork or Camelcase, Upload, Download.
      • Import From File: Import a file with the recorded app activities. You can choose to Replace Activity List or Add To Activity List. To import app activities from a file:
        1. Go to Google Webstore or click Netskope Chrome Extension (Windows 10) to add the extension to your browser.
        2. Go to chrome://extensions/.
        3. Enable Developer mode. For security reasons, Chrome only allows extension installation from the Chrome store. Since the Netskope extension isn’t developed for mass consumption but only for admins, it isn’t published to the Chrome store. Therefore, you must be an admin to install Netskope’s extension in developer mode.
          Developer Mode in Chrome Extensions.
        4. After adding the extension, restart your browser.
        5. Click the Netskope extension and then Netskope App Activity Recorder.
          The Get Started with Netskope App Activity Recorder window.
        6. Click Start Recording on the browser tab you want to start performing and recording website/app activities. Netskope only records activities from the active tab. You can Pause or Reset your recording anytime.
          The app activity count recorded with the Netskope extension.
        7. After recording some activities, hover over the activity number and select Click to edit requests to view your recorded activities.
          The Click to edit requests option in the Netskope extension.
        8. In the Netskope App Activity Recorder window, under the Activity column, choose an action for each activity you want to import into the Netskope UI.
          The Activity column in the Netskope App Activity Recorder window.
        9. Click Download to export the activities to a JSON file.
          The Download option in the App Activities list.
        10. In the Netskope UI, click Import From File and then Add To Activity List to upload your JSON file. Netskope parses the JSON file and extracts the following information:
          • Domain
          • URI path
          • URI parameters (key-value pairs)
          • HTTP method
          • Response code
          • Pattern
          • Activity
            The Import From File in the New App Definition: Cloud App window.
        11. Export Activities: Export the activities to a JSON file.
  4. Click Create.

You can view a list of your configured Cloud app definitions on the Cloud Apps page.

Share this Doc

Creating a Cloud App Definition

Or copy link

In this topic ...