Netskope Help

Device Classification for Linux

Note

This is currently a Beta feature. Contact your Sales Representative or Netskope Support to enable this feature for your tenant.

You can classify Linux devices based on these criteria:

  • Criteria match: Checks for All or Any of the criteria selected.

  • Encryption: Checks for the entire disk encryption.

  • OPSWAT: Checks if the OPSwat MetaAccess client is installed and running.

  • File: Checks for specified files. For example, /usr/lib/slack/slack.

  • AD Domain check: Checks for AD domains.

Configure Device Classification For Linux
  1. Go to Settings > Manage > Device Classification and select Linux on the New Device Classification Rule dropdown list.

  2. On the New Device Classification Rule: Linux screen, select the following options steps to classify your Linux device:

    • Encryption: Select to check for disk encryption.

    • OPSWAT: Select to check if the OPSwat MetaAccess client is installed and running.

    • Process: To classify a managed device based on the presence of any one or more processes, enter the executable file name.

    • File: To classify a device based on the presence of any one or more files, enter the file name.

    • AD Domain: To classify a device associated with any one or more domains, enter the domain name.

  3. Click Save.

Configure Real-Time Policy

After creating a device classification rule, you can use it in a Real-time Protection policy.

  1. To use this Device Classification in a Real-time Protection policy, click Policies > Real-time Protection on the Netskope UI. Select an existing policy or click New Policy and choose a policy type.

  2. Proceed through the Users, Cloud Apps + Web, DLP/Threat Protection, and Select Activities sections.

  3. For Additional Attributes, go to Source and click ADD CRITERIA > Access Method. Select either Client, Mobile Profile, or Reverse Proxy, and then click Save. Click Device Classification, and then select Managed or Unmanaged, based on the devices you just classified.

    • Managed means the device is managed; the device information sent by the Client matches at least one of the device classification checks configured for that Client's OS.

    • Unmanaged means the device is unmanaged; the device information sent by the Client matches none of the device classification checks configured for that Client's OS.

  4. Combine device classification with other policy elements, like using the Block Action for specific applications for activities like uploading files from managed or unmanaged devices. Finish creating or updating this policy to establish this device classification. Click Apply Changes for this policy.

After the policy has been created, perform the process for which the policy was created. Next, go to Skope IT > Application Events and click the magnifying icon for an event to open the Application Event Details panel. In the User section you will see a Device Classification field that shows one of these device classifications.