Netskope Help

CrowdStrike Plugin for Threat Exchange

This document explains how to configure CrowdStrike with Threat Exchange in the Netskope Cloud Exchange platform. This integration allows for sharing of event driven intelligence that has been identified by CrowdStrike EDR or Netskope.


To complete this configuration, you need:

  • A Netskope tenant (or multiple; for example, production and development/test instances)

  • A Netskope Cloud Exchange tenant with the Threat Exchange module configured

  • A CrowdStrike Falcon Prevent account.

  1. Create a custom File Profile.

  2. Create a Malware Detection Profile.

  3. Create a Real-time Protection Policy.

  4. Get the Netskope token.

  5. Create CrowdStrike API credentials.

  6. Configure the Threat Exchange Plugin.

  7. Configure the CrowdStrike Plugin.

  8. Configure sharing between Netskope and CrowdStrike.

  9. Validate the CrowdStrike Plugin.

Click play to watch a video.