Added Secondary nodes Port availability check for HA
Added strict check for OS validation, supported OS are RHEL 8,9 and Ubuntu 20.04 and Ubuntu 22.04
Added script to migrate or upgrade upcoming CE with minimum steps.
Cloud Risk Exchange – V2
CRE now unifies URE and ARE modules and plugins to provide richer risk context across users and applications/workloads. TBA (new API endpoints)
added support for calculated fields, where users can define simple arithmetic expressions to tune the score coming from plugins.
Support for pulling of CCI tags
Added the Tag Application action to allow users to tag applications on Netskope
Action to update UCI scores
Support for List type fields which can be used to store tags from various third party or Netskope plugins. These then can be used in the filtering and sharing workflow.
workflow to queue CRE changes for manual approval
Pulling of policy name from Netskope for users
Policy name can be shared to third party plugin as reason (e.g Okta)
system_serial_number fields extraction from crowd strike
send user risk updates to Okta when a user’s Netskope score changes bucket classification (i.e. low to medium, or medium to high)
Range map for dynamic score mapping
Action “Add host to private app“
CRE will need to create a new app once we hit 500 tied to the “quarantined” app – i.e. create “quarantine-2” and start using this
Merge Action for adding field in Schema
Allow users to import records from csv
Action – Add or Update App Instance
CTO –
Support of Endpoint and Incidents events in CTO
Update the DLP Incidents back to Netskope when ticket is updated on 3rd party plugin
CTE –
CTE IoC Retraction
CTE source labeling for plugins
Restricting users for configuring multiple sharing with same url list for the tenant.
Tags aggregate strategy in CTE plugins which will used to either append or overwrite tags for that particular source
CLS –
Support of Endpoint events in CLS
Added support for sending CLS (alerts, events, webtx) data in UTF-8 encoded format
Banner for Tenant configuration workflow change
“Netskope Tenants“ Menu option in left bottom navigation menu to open Netskope portal
CRE V2 –
Schema Editor page
Records page
Actions Page
Type of field when hovers over the fields from dropdown
CLS –
CLS dashboard charts for WebTx backlog visualisation
Switch in Log shipper settings page to enable or disable the UTF-8 encoding of CLS data.
CTE –
Switch to enable IOC retraction on CTE setting page
Retraction Interval settings on CTE settings page
Button to mark individual indicator as retracted from Threat IOCs page
CTO –
Test button on queue configuration to validate the queue
Autocomplete of strings while creating / updating CTO queue configuration
User will be able to select Incident and/or Endpoint event type while configuring the Netskope CTO Plugin.
New screen for Events to be displayed
Added fields for Events as Event Type and File type
Changed
Core
UI
Switched to Ubuntu 22.04 as Base of for docker image
Classic queue to Quorum queue
Data migration from classic queue to Quorum is not supported
Analytics 2.0 – TBA
Netskope Tenant configuration updates – Tenants would be configured via Tenant plugin instead of Settings > Tenants > Add Tenant. Alerts configurations are moved to individual plugins.
Netskope plugin updates – Netskope plugins for CLS, CTE, CTO, CRE are now available on GitHub. Renamed plugins to be in Sync.
SSO supports password less authentication methods as well such as Push notification, MFA etc.
User will be now notified with list of missing permission for v2 token while configuring Netskope plugins, there will be audit log too
if permission is revoked after configuring the plugin, user will be notified with banner
Added user email length validation
Changed status code to 503 for HA cluster if any one service is down.
Memory usage optimizations for historical data pulling
“0” is now supported for initial data pull range to disable/prevent the historical pulling
Docker Compose –
Strict checks for CPU, RAM, Total disk and free disk check, it should be either matching with medium or large profile
CRE V2 –
Updated Netskope CRE plugin description to list down the required v2 token permissions
SCIM v2 api usage in CREv2 module /addon-*.goskope.com/SCIM/v2
CTE –
IoC source labelling to identify the original source of the IoC.
Implement new minimum sync interval of 10 minutes
Implement practice of not uploading anything if there is nothing to upload (don’t resend existing IOC)
Implement single deploy call and multiple replace calls when multiple sharing is configured.
Implement best practices for URL list sharing
Honor rate limit for deploy api call, call only once for multiple replace calls to multiple or single URL list.
Indicator sharing will be done based on the configured sync interval instead of indicator received (old workflow in 5.0.1)
CLS –
WebTx Plugin updates – Netskope WebTx plugin now requires tenant to be configured and subscription path and key will be fetched using v2 token of configured tenant.
While configuring the webtx plugin,, v2 token will validated for 2 endpoints and user will be notified if required permissions are missing
CTO –
Cloud Exchange Alerts plugin now supports pulling debug logs
Switched to Ubuntu 22.04 as Base of for docker image
Updated plugins card details to display last sync details accurately
Removed
Core
UI
Alert type selection from tenant configuration page
Initial Range from the tenant configuration page
Deprecated v1 API usages (like /api/v1/alerts)
SCIM v1 api usage
Subscription path and Subscription key inputs from Netskope WebTx plugin
Docker-compose support
Support fo CentOS
“Add Tenant” button from Tenants page
Initial Range from the tenant configuration page
Fixed Issues
Core
Out of Memory issue in CLS Historical Pull.
Restricted configuring same URL list in multiple sharing configurations in CTE module.
Fixed MongoDB migration errors occurred while running setup script.
Fixed HA tasks duplication error in CLS module.
Fixed Minimum Core version check while adding new repository.
Fixed automatic ticket cleanup of CTO module
Fixed issue of inconsistent Netskope data pulling when plugin is enabled from the disabled state.
Fixed SLO url getting empty while re enabling the SSO configurations.
Fixed issue in removal of the security banner added in 4.x version
Fixed cleanup mechanism for Celery task results
Fixed inconsistent casing in user agent string while making netskope api call
Fixed high memory usages of CE while pulling historical data
Fixed to allow user configure the destination which only supports alerts (CLS SIEM mapping)
Fixed – Action is not getting performed during manual or Automatic sync
Fixed – Netskope UCI Score Issue
Fixed – WebTx data pulling stops due to invalid utf-8 characters
Known Issues and Limitations
For CRE module Actions and Business rules will not be migrated from older version. User will be required to configure Actions and Business rules again once the CE is migrated to 5.1.0-beta.1
For CRE module if score for users or hosts are not fetched yet and if user migrate to 5.1.0 then user will see the following error in audit logs, as there is no impact on functionality this error can be ingored. This error will get resolved once the scores are pulled for the users or hosts.
UCI scores of the users are not fetched if it isn’t updated in the last 7 days.
There is a rate limit of 1 API call per minute for create/update app instance action. So more than 1 actions per minute will fail.
For Users migrating to 5.1.0.beta.1, first pulling task (of alerts, events, webtx) will be started after 1 hour and 30 minutes for WebTx.
Intermittently encountering a “Temporary failure in name resolution” error observed in core logs in RHEL standalone instance.
RabbiMQ data migration is not supported due to change of queue type from Classic to Quorum queue.
In OVA while running start script or diagnose script user will see the warning message related “WARNING: No swap limit support“ this warning message can be ignore safely.
CRE Value Map currently only supports string to integer mapping. For example, mapping values like “high“, “low“, “medium“ to its numeric equivalent.
When using the CRE action for Tag Application, we encountered a limitation where the total length of all tags, including the commas used to separate static values, must not exceed 4,120 characters. If this limit is exceeded, the last tags or characters may be trimmed without any error message being generated. The system does not provide an explicit error when the tag length exceeds the limit.
In older versions of CE, you might start seeing errors related to the importing of plugins continuously.
Error occurred while importing plugin netskope.plugin.***
Validated Plugins List
CRE
New Plugins
Existing Plugins
Microsoft Defender for Endpoint
CrowdStrike Falcon Cloud Security CNAPP
Wiz
AWS Verified Access
JAMF
Forescout
Infoblox Bloxone
Microsoft Entra ID (Azure AD)
CrowdStrike Falcon Identity Protection
CrowdStrike
Okta
Elastic
Mimecast (migration not available)
For the existing plugins that are not updated to CREv2 and for those whose migration is not available,
While updating the core to 5.1.0 – the existing configured plugin will be lost along with the data,
The user will not see those plugin in the CRE module.
For the plugins whose migration is present and which are migrated to CREv2
Configuration will be retained
Users or Devices or Application data will also be retained and will be stored in a default fields created in the resected entities.
Business rules and Action configuration will be lost.