Skip to main content

Netskope Help

Explore the Dashboards

Both Admins and Users can view the dashboards. The dashboards provide a high-level overview of each module and provide a view of overall user activity. The Home page has tabs for each of the enabled modules and provides system status information. The System Status dashboard appears by default as the home page after first logging into the Cloud Exchange.

System Status Dashboard

The System Status tab appears by default as the home page after first logging into the Cloud Exchange. The Disk Space section shows the currently available disk space and low watermark in a pie chart. When the low watermark value is more than disk space, a notification will appear on the bottom of the screen.

CE-Low-Watermark.png

The Service Status section shows all the services running on the system, with an appropriate Up and Down arrow based on active status. When the service is up, respective service status will have a green colored up arrow. When the service is down, respective service status will have a red colored down arrow.

image7.png

Click the Refresh button to get the latest system and service status updates.

CE-System-Status-Refresh.png

Click the Log Shipper tab.

The Log Shipper Dashboard contains the following information:

LS-Dashboard.png
  • Total Logs Ingested: Total number of logs retrieved from the Netskope tenant.

  • Total Plugins: Total number of configured plugins contributing ingestion of logs to Log Shipper.

  • Logs Ingested: Percentage breakdown by log receiver. If there were two log receivers each configured to receive the same logs, each would show 50% of the pie chart.

  • Plugin Status: Indicates if the plugin is successfully polling the vendor’s system.

Click the Ticket Orchestrator tab to view overall user activity.

The Ticket Orchestrator Dashboard contains the following information:

image11.png
  • Total Ticketing Sources: Shows the total number of configured and active plugins contributing ticketing events to Ticket Orchestrator.

  • Total Alerts Queried: Shows total active alerts in the Ticket Orchestrator database. Not every alert will create a ticket if the option to mute has been enabled.

  • Total Duplicate Alerts: Shows the number of duplicate alerts. Alerts that are shown here are being deduplicated automatically by Ticket Orchestrator.

  • Total Tickets Created: Shows the total number of tickets and/or notifications created by Ticket Orchestrator across all of the connected ticketing systems.

  • Overall Status Of Ticket: Shows the relative proportion of tickets in a pie chart.

  • Ticketing Sources Status: Shows the up (green up arrow) or down (red down arrow) state of configured plugins.

  • Recent Tickets: Shows the last 10 tickets Ticket Orchestrator created with the ITSM ticket ID, the Netskope alert type, the ticket status, and a link to browse to the ticket in the connected ITSM system. Only alerts that match a ticket flow will create a ticket.

  • Recent Alerts: Shows the list of ten (10) most recent alerts reported by the Netskope tenant, with alert name, the type of alert (one of 8 categories Netskope uses), and the associated event’s application category. For example, the widget shows that an alert matched a machine learning finding of an anomalous behavior associated with activity in a cloud storage SaaS application. Ticket Orchestrator is not a SIEM; more information can be found in the Netskope tenant Skope IT logs.

Threat Exchange is a rules-based engine for collecting and sharing indicators related to file hashes of malicious software (malware), file hashes of files used in Netskope DLP policy for absolute matching, or URLs used by plugged in systems for policy enforcement of restricted or allowed access.

The Threat Exchange Dashboard opens by default (when enabled) and contains the following information:

image8.png
  • Total Threat Sources: Shows the total number of configured and active plugins contributing data to Threat Exchange.

  • Total Active Indicators: Shows the number of total active (not disabled) indicators in the Threat Exchange database.

  • Indicators Reported In Last 7 Days: Shows the number of active (not disabled) indicators delivered to Threat Exchange in previous days. This is a rolling count as of the time the dashboard is viewed.

    Note

    Although an indicator could have been recently obtained by Threat Exchange, no event will contribute to the count if the metadata timestamp delivered with the IoC entry is from a period earlier than seven days.

  • Indicators by Threat Sources: Shows the relative contribution, in record counts, from each connected plug-in to the entire active Threat Exchange database in a pie chart.

  • Threat Sources Status: Shows the up (green up arrow) or down (red down arrow) state of configured plugins.

  • Top 10 Active Indicators by External Hits: Shows the top 10 indicators that all of the plugins have matched against. For example, the value started with d7771 has been seen by all the non-Netskope connectors a total of 4903 times, indicating that it is appearing the most frequently in the customer IT stack.

  • Top 10 Active Indicators by Reputation: Shows the sorted count of the top 10 active indicators by reputation. Reputation is configured per plugin and is applied to all indicators received from that plugin, although API commands can be used to overwrite the setting for any given IoC entry. This metadata is only used for filtering purposes. Regardless of reputation, the last IOC update takes affect.

Click the Risk Exchange tab to view overall user activity.

The Risk Exchange Dashboard contains the following information:

RE-Dashboard.png
  • Total User Sources: How many vendor plugins have been configured and connected.

  • Total Users Fetched: How many users have been identified as having noteworthy risk scores.

  • Total Hosts Fetched: How many devices have been identified as having noteworthy risk scores.

  • Total Actions Performed: The total number of actions performed on hosts and by users.

  • Overall Status of Users: The relative proportion of users.

  • Overall Status of Hosts: The relative proportion of hosts.

  • Score Change Across Organization: The change in average of normalized score every 24 hours. Number below the line chart shows the change in average normalized score from yesterday.

  • Riskiest 10 Records by Weighted Score of Users: Riskiest 10 users among all those fetched.

  • Riskiest 10 Records by Weighted Score of Hosts: Riskiest 10 hosts among all those fetched.

  • Plugin Status: Indicates if the plugin is successfully polling the vendor’s system or not. The up (green up arrow) or down (red down arrow) indicates state of configured plugins..