Netskope Help

Creating a Real-time Protection Policy for CTEP

The default CTEP profile is used in a Real-time Protection policy to detect threats and take action, like blocking traffic based on the signature match.

To create a Real-time Protection policy using the default CTEP profile:

  1. Go to Policies > Real-time Protection.

  2. Click New Policy and then CTEP.

    The CTEP option in the New Policy drop-down menu of the Real-time Protection policy.
  3. On the Real-time ProtectionPolicy page:

    • Source: Select the users, user groups, or organizational units you want to apply the CTEP profile to. Netskope recommends using the default option User = All Users. Click Add Criteria to add other sources.

    • Destination: Select the traffic destination you want to apply the CTEP policy to. You can scan traffic for URL categories, cloud apps, app instances, or any web traffic with a specific Cloud Confidence Level (CCL), application tag, or country destination. Click Add Criteria to add other destinations.

    • Profile & Action: Ensure it's CTEP. You can't edit the default CTEP profile or add more profiles with the default profile.


      If you have a custom profile named Default Profile, ensure you rename or delete it to prevent interference with the default CTEP profile.

    • Set Policy: Enter a policy name. You can only use alphanumeric characters and symbols such as underscore (_), dash (-), and square brackets ([ ]). You cannot use the greater-than (>) or less-than (<) symbols in policy names. Optionally, You can:

      • Click + Policy Description to add notes or information.

      • Click + Email Notification to configure email notifications for these events. See Real-time Protection Policies.

      The configured Real-time Protection Policy page.
  4. Click Save.

  5. In the Move Policy window, select where to move the policy. For guidelines on CTEP policy placement, see Client Traffic Exploit Prevention.

    To the bottom selected in the Move Policy window.
  6. Click Save.

  7. Click Apply Changes.

After creating a CTEP policy, you must configure the CTEP Settings to apply the policy to your organization. You then can view violations for each CTEP policy on the Skope IT About Alerts page. To view violations in the last 30 days, click the number in the # Alerts column.

The # Alerts column on the Real-time Protection page.

To view violations in the last 7 days, click the The More icon. icon and then View Alerts.

The View Alerts option in the More menu.