Skip to main content

Netskope Help

Managing Credentials

Credentials required for all Cloud Exchange operations are stored within the Mongo database. MongoDB is password protected. Authentication configured during the setup. The data stored within Mongo is unencrypted.

Note

Data encryption within Mongo is available in the Enterprise edition.

When creating an API token for CE to use to communicate, use least privileged access concepts. For now, a Netskope RESTful v1 API token must be installed for CE to communicate with Netskope (it is required for uploading file hashes for use in threat prevention and DLP policies) - it should be rotated on a regular basis. Netskope Cloud Exchange does use the v2 RESTful API endpoint for all other calls when it is provided. Create and provide a properly entitled v2 token.

The following privileges are required with the v2 token:

  • Read: /api/v2/events/data/network

  • Read: /api/v2/events/data/application

  • Read: /api/v2/events/data/page

  • Read: /api/v2/events/data/audit

  • Read: /api/v2/events/data/infrastructure

  • Read: /api/v2/events/data/alert

  • Read Write: /api/v2/policy/urllist/file

  • Read Write: /api/v2/policy/urllist

  • Read Write: /api/v2/policy/urllist/deploy