Skip to main content

Netskope Help

Investigate Netskope IoT Security

Investigate Devices

Navigate to Investigate > Devices menu to see an entire dashboard stating the device summary in your environment based on different aspects like spectrum, type, ownership, etc.

Note

You can also sort the device summary in combination with the total of all devices, managed, unmanaged, new, automated and user-controlled devices.

Investigate devices based on spectrum

Navigate to Investigate > Devices menu and select the “Spectrum” tab from the navigation bar to see the devices based on the network spectrum in the environment.

4__Investigate_devices_spectrum.png
  1. You will see a pie chart with the number of devices connected through Wi-FI, wired connections or with undetermined interface information. Click on the pie chart elements to see an entire list of devices with detailed device summary.

  2. The high chart on the right shows the analog representation of Wi-Fi and wired devices on a specific time stamp.

  3. You can filter the chart results by choosing the elements in the spectrum class.

Investigate devices based on type

Navigate to Investigate > Devices menu and select the “Type” tab from the navigation bar to see the devices based on distinct types in the environment.

4__Investigate_devices_type_1.png
4__Investigate_devices_type_2.png
  1. The chart shows the distinct device types connected in the environment, like computers, smart phones, IOT devices, etc. You can hover over them to see the number of devices.

  2. The high chart on the right shows the analog representation of the devices on a specific time stamp.

  3. You can see a bar graph representing the manufacturers of the devices like Philips, HP, etc connected in your environment.

  4. The bar graph shows the devices sorted by operating systems like Android, Linux, Windows, Mac, etc.

Investigate devices based on ownership

Navigate to Investigate > Devices menu and select the “Ownership” tab from the navigation bar to see the devices based on the owners of the devices in the environment.

4__Investigate_devices_ownership.png
  1. The chart shows the number of devices owned by corporate managed and unmanaged devices, employee owned, visiting owners, etc. You can hover over the elements in the pie chart. By clicking on the elements, you can see the inventory details of devices.

  2. The high chart on the right shows the analog representation of the ownership on a specific time stamp.

Investigate devices based on control

Navigate to Investigate > Devices menu and select the “Control” tab from the navigation bar to see the statistics of devices controlled manually or automated in the environment. Auto devices are the ones that work automatically without needing human intervention like printers, set-top boxes, smart tvs, thermostats, IoT devices, server computers, etc. These devices exhibit non-human behavior, for example, they are active long hours every day. User devices, on the other hand, are usually controlled by a human and exhibit human behavior, for example, they are not active more than certain hours a day, visit lots of sites, etc. Examples include: smart phones, computers, tablets. Devices can be either auto or user-controlled depending on their function.

4__Investigate_devices_control_1.png
4__Investigate_devices_control_2.png
  1. You can see the number of devices controlled manually and automatically in the chart. You can hover over the elements in the pie chart. By clicking on the elements, you can see the detailed device summary.

  2. The high chart on the right shows the analog representation of the devices based on the control aspect on a specific time stamp.

  3. You can filter the chart results by choosing the elements in the devices class.

  4. The bar graph shows the distinct user-controlled devices.

  5. The bar graph shows the distinct automatically controlled devices.

Investigate devices based on protocols

Navigate to Investigate > Devices menu and select the “Protocols” tab from the navigation bar to see the devices based on different device protocols used in the environment.

4__Investigate_devices_protocol.png
  1. You can see a bar chart with distinct protocols and the count of devices beside it. By clicking on the elements, you can see the detailed device summary.

  2. The high chart on the right shows the analog representation of the protocol usage on a specific time stamp.

  3. Hotspots /Personal Hotspot / Neighbor AP Exposure section shows discovered Wi-Fi hotspots and exposed neighboring access points. The list contains devices outside of your network.

  4. You can filter the chart results by choosing the protocols from the list.

Investigate devices based on internal topology

Navigate to Investigate > Devices menu and select the “Internal topology” tab from the navigation bar to see the device topology in the environment.

4__Investigate_devices_internal_topo.png

You can see a fluid topology chart with all the parameters, like device category, control mode, ownership, protocols, type, etc in the topology. You can also filter out the chart results by playing with the filters.

Investigate devices based on external topology

Navigate to Investigate -> Devices menu and select the “External topology” tab from the navigation bar. It is the communication network of your devices to external destinations.

4__investigate_devices_external_topo.png
Investigate events

Navigate to Investigate > Events menu to see a list of events captured on the devices. You can see the number of events with high, medium and low severity at the top right of the screen, which can be used to sort the event results by clicking on the circles.

4__Investigate_-__Events.png

The page shows the list of events with the number of occurrences. You can click on the individual events to see the detailed information of the devices with the issue. To remediate the issues, you can select the one or multiple events to create policies or change the severity of the event.

4__Investigate_-__Events_Timer.png

Timer symbol indicates that the event was modified or filtered. Clicking on the timer symbol shows the details.

4__Investigate_-__Events_settings.png

Navigate to the Settings button on the top right of the screen. The page shows the list of modified events.

Manually blocked IPs

The Manually Blocked IPs section lists all the blocked device IPs. You can also unblock the devices by clicking on the Unblock button.

4__Investigate-_Evenets-_manully_blocked_IPs.png
Investigate risks

Navigate to Investigate > Risks menu to see a list of devices with high, medium or low priority. The screen provides the event view and device view for the information representation. You can see the number of devices with risk at the top right chart.

Events view shows the information in device summary and event drill down table.

4__Investigate_-__Risks_-__Edit_View.png
  1. You can see the host name, type, tags assigned and managed or unmanaged information.

  2. Click on the “details” link to see the device summary.

  3. You can see the risk score calculated by the Netskope proprietary risk engine, which categorizes packet alerts, device software vulnerabilities and device behavior anomalies into threat vectors.

  4. It shows if the device is Wi-Fi, wired or undefined interface connected.

  5. You can see the operating system and site assigned information. It shows if the device is user or automatically controlled.

  6. Displays a list of risk factors with severity and number of occurrences. You can create policy by selecting one or multiple risk issues or modify the severity of the risks.

Device view shows the information in the Inventory menu with risk severity search.

4__Investigate_-__Events_-__Device_view.png
Device Details

Navigate to the Investigate -> Risks menu and click on the “details” link of any device from the device summary screen. You will see detailed information about the device and the risks.

4__Investiagte_Risks_-__Device_info_1.png

The screen shows a pie chart risk score and distinct risk contributions to the score of the device. You can see the drill down details of the device on the left side. Click on the “More details” link to see the alert and anomaly occurrences to raise a risk with the time of occurrence for the last 30 days to investigate the issue. You can also see the transfer of information in bytes received and bytes sent charts for the last 10 days.

4__Investiagte_Risks_-__Device_more_info.png

On the device risk summary page, you can see the device compliance with the asset management systems services. You can also see the interface connection on the left side.

4__Investiagte_Risks_-__Device_info_2.png

Drilling down, risk assessment shows the list of risk issues on the device with severity and number of occurrences.

4__Investiagte_Risks_-__Device_info_3.png
Investigate compliance services

The chart shows the compliance state of managed and unmanaged devices in the corporate environment with the total number of devices managed by that asset management system.

4__Investigate_-__Compliance.png

A device can be in compliant, non compliant or in a stale state. A device will be in a stale state when it does not have any movement for more than 15 days. You can configure the number of days. You can see the devices that do not follow the compliance in the table below the charts. The table shows the device host name, type, managed/unmanaged state and the services it is compliant and non-compliant. Click on the device host name to see a detailed device risk summary page.

Add a new compliance service

You can add a new compliance for the devices to follow in the environment. You can add a new compliance service based on either domain or integrated service. The system will attribute the compliance of a device. Follow the procedure to add a service:

  1. Navigate to Investigate > Compliance menu.

  2. Click on the “Settings” button on the right top corner of the screen.

  3. Click on the “Add new service” button on the top right corner of the screen. You will see a new element to add a service at the bottom of the existing services.

  4. Give a unique name to the service.

  5. Give a description of the service.

  6. Select the type of service. These types can be used to group compliance services based on the use of the services.

    1. Management

    2. App

    3. Security

  7. Give the maximum number of days to stale the device.

  8. Select the control type.

    1. User control

    2. Automated control

  9. Select the operating systems from the drop down list the service should follow.

  10. Select the service integration type.

    1. Domain based compliance - You can provide domains that are used by the service provider. Devices connecting to the domains will be considered as compliant.

    2. Integration based compliance - You can provide API keys for the service provider. Netskope IoT Security backend integration service will pull devices from the service provider periodically and classify devices as compliant or non-compliant.

    4__Add_compliance_service.png
Modify existing compliance service

You can edit or delete the existing service. Follow the procedure to edit the compliance service:

  1. Navigate to Investigate > Compliance menu.

  2. Click on the “Settings” button on the right top corner of the screen.

  3. Choose a service you want to edit.

  4. You can edit the name, description, type, date of stale, control, operating systems fields.

  5. Click on the “Save” button

    Note

    Click the “Delete” button to delete the selected service.