Netskope Help

Getting Started with CSPM for Public Cloud

Netskope Public Cloud Security provides a security assessment framework which accesses and analyzes the posture of your IaaS resources in AWS, Azure, and Google Cloud Platform, and generates alerts that an administrator can remediate. You can configure one or more accounts to be evaluated against CIS benchmarks such as CIS AWS Foundations, CIS Microsoft Azure Foundations, or your own assessment framework. Netskope assesses your environment and measures against benchmarks and best practices. Netskope securely audits your cloud services continuously so you can determine if there are any potentially exploitable misconfigurations.

To set up CSPM for public cloud, you need to:

  1. Configure Security Posture for each AWS account, Azure tenant, and GCP organization.

    To learn more:

  2. Assign roles to IaaS/PaaS administrators.

    To learn more about managing admin privileges using Netskope UI, see Managing Administrators

  3. Set up security assessment policies

    To learn more: Creating Security Assessment Policies for Netskope Public Cloud Security.

    To learn more about creating custom security assessment rules, see Custom Rules using Domain Specific Language.

Here are references to APIs that help you automate deployments at scale.

  • To manage your IaaS instances, use 

    https://<tenant-name>.goskope.com/api/v1/introspection_instance
  • To receive security assessment violations from the latest scan, use

    https://<tenant-name>.goskope.com/api/v1/security_assessment

To learn more about REST API endpoints: Public Cloud API Endpoints.