Skip to main content

Netskope Help

Get Started with Cloud Exchange

These instructions are for the Admin only. This section describes the initial steps for getting started with Netskope Cloud Exchange after installation is complete.

Default User Login

By default, a single user is created with administrative capabilities with these credentials: Username: admin Password: admin

This user will have Administrator level access to the application. This user will have write access, and will be able to create new users as well.

On the first login, you will be required to change these credentials. After that, log in using your new credentials.

image2.png

Service Status can be viewed on the i  icon mouse hover at the top of the login screen. The default color of that icon should be grey. If any of the services are down, the icon will be highlighted with red color.

CE-Status-Icon.png
Enable Modules

Upon successful login, enable the modules you want to use.

image3.png

Enabled modules appear in the left panel.

image4.png

Go to the following sections to configure the Cloud Exchange modules you enabled.

Configure the Netskope Tenant Settings for Cloud Exchange

Before configuring the plugins for the modules you just enable, add a tenant in Cloud Exchange. To do this you must create a RESTful API v1 token in your Netskope tenant at settings > tools > rest API. For now, a Netskope RESTful v1 API token must be installed for CE to communicate with Netskope because it is required for uploading filehashes for use in threat prevention and DLP policies. You should also create a RESTful API v2 token in your Netskope tenant at settings > tools > REST API v2. CE will use the v2 endpoints whenever possible when communicating with the Netskope tenant.

When creating an API token for CE to use to communicate with a Netskope tenant, use least privileged access concepts. API v1 token should be rotated on a regular basis. Create and use in the "Netskope Tenant" configuration on the Cloud Exchange a properly entitled v2 token with the following privileges:

  • Read: /api/v2/events/data/network

  • Read: /api/v2/events/data/application

  • Read: /api/v2/events/data/page

  • Read: /api/v2/events/data/audit

  • Read: /api/v2/events/data/infrastructure

  • Read: /api/v2/events/data/alert

  • Read Write: /api/v2/policy/urllist/file

  • Read Write: /api/v2/policy/urllist

  • Read Write: /api/v2/policy/urllist/deploy

Now that you have your v1 and v2 tokens ready, proceed with the Netskope tenant configuration of your Cloud Exchange instance.

  1. Log in to your Cloud Exchange tenant.

  2. Go to Settings and click Netskope Tenants.

  3. Click Add Tenant.

    CE-Log-Shipper-Tenant.png
  4. Enter a name for your Netskope tenant.

  5. Enter your Netskope tenant name. Do not enter the <tenant_name>.goskope.com, URL. Enter just your tenant. For example, if it's mycompany.goskope.com, just enter mycompany. If your tenant has eu in the URL, enter tenant_name.eu.

  6. Enter your Netskope tenant API token(s) obtained previously.

  7. Set the range for ingesting data from Netskope. In this case, set the Initial Range to 7 days to pre-populate Log Shipper.

  8. If you use a proxy, enable the proxy toggle.

  9. Click Save. Your tenant appears on the page.