Netskope Cloud Exchange Release Notes Version 5.1.0

Netskope Cloud Exchange Release Notes Version 5.1.0

GA Release Date: 5th November 2024

We are excited to announce our Cloud Exchange 5.1.0 updates! Here’s the latest features and changes, fixed issues, and known issues in this release.

New Features and Enhancements

Added

Core UI
  • From 5.1.0 onwards After starting the CE for the first time User will only be able select current and version greaten than current version of CE.

  • Dynamic Promotional banners to CE
  • Added “Error Code” fields to create business rules for Cloud Exchange logs
  • Added Initial Range input for fetching initial data from configured range for following plugins.
    • Netskope CLS, Netskope CTE, Netskope CTO, Netskope CRE
  • Tenant name can have “_” and “-“ in between
  • Custom Netskope Tenant URL support (e.g. gov tenants)
    • Now users are required to enter full url while configuring tenant
  • Docker-Compose –
    • Docker-Compose support. Refer to Install the Compose plugin.
    • Added Secondary nodes Port availability check for HA
    • Added strict check for OS validation, supported OS are RHEL 8,9 and Ubuntu 20.04 and Ubuntu 22.04
    • Added script to migrate or upgrade upcoming CE with minimum steps.
  • Cloud Risk Exchange – V2
    • CRE now unifies URE and ARE modules and plugins to provide richer risk context across users and applications/workloads. TBA (new API endpoints)
    • added support for calculated fields, where users can define simple arithmetic expressions to tune the score coming from plugins.
    • Support for pulling of CCI tags
    • Added the Tag Application action to allow users to tag applications on Netskope
    • Action to update UCI scores
    • Support for List type fields which can be used to store tags from various third party or Netskope plugins. These then can be used in the filtering and sharing workflow.
    • workflow to queue CRE changes for manual approval
    • Pulling of policy name from Netskope for users
    • Policy name can be shared to third party plugin as reason (e.g Okta)
    • system_serial_number fields extraction from crowd strike
    • send user risk updates to Okta when a user’s Netskope score changes bucket classification (i.e. low to medium, or medium to high)
    • Range map for dynamic score mapping
    • Action “Add host to private app“
      • CRE will need to create a new app once we hit 500 tied to the “quarantined” app – i.e. create “quarantine-2” and start using this
    • Merge Action for adding field in Schema
    • Allow users to import records from csv
    • Action – Add or Update App Instance
  • CTO –
    • Support of Endpoint and Incidents events in CTO
    • Update the DLP Incidents back to Netskope when ticket is updated on 3rd party plugin
  • CTE –
    • CTE IoC Retraction
    • CTE source labeling for plugins
    • Restricting users for configuring multiple sharing with same url list for the tenant.
    • Tags aggregate strategy in CTE plugins which will used to either append or overwrite tags for that particular source
  • CLS –
    • Support of Endpoint events in CLS
    • Added support for sending CLS (alerts, events, webtx) data in UTF-8 encoded format
  • Banner for Tenant configuration workflow change
  • “Netskope Tenants“ Menu option in left bottom navigation menu to open Netskope portal
  • CRE V2 –
    • Schema Editor page
    • Records page
    • Actions Page
    • Type of field when hovers over the fields from dropdown
  • CLS –
    • CLS dashboard charts for WebTx backlog visualisation
    • Switch in Log shipper settings page to enable or disable the UTF-8 encoding of CLS data.
  • CTE –
    • Switch to enable IOC retraction on CTE setting page
    • Retraction Interval settings on CTE settings page
    • Button to mark individual indicator as retracted from Threat IOCs page
  • CTO –
    • Test button on queue configuration to validate the queue
    • Autocomplete of strings while creating / updating CTO queue configuration
    • User will be able to select Incident and/or Endpoint event type while configuring the Netskope CTO Plugin.
    • New screen for Events to be displayed
    • Added fields for Events as Event Type and File type

Changed

Core UI
  • Switched to Ubuntu 22.04 as Base of for docker image
  • Classic queue to Quorum queue
    • Data migration from classic queue to Quorum is not supported
  • Analytics 2.0 – TBA
  • Netskope Tenant configuration updates – Tenants would be configured via Tenant plugin instead of Settings > Tenants > Add Tenant.
    Alerts configurations are moved to individual plugins.
  • Netskope plugin updates – Netskope plugins for CLS, CTE, CTO, CRE are now available on GitHub. Renamed plugins to be in Sync.
  • Renamed Netskope plugins
    • Provider plugin > Netskope Tenant (Required)
    • Netskope (CTE) > Netskope Threat Exchange (CTE)
    • Netskope ITSM(CTO) > Netskope Ticket Orchestrator (CTO)
    • Netskope (URE) > Netskope Risk Exchange (CRE)
    • Netskope ARE(ARE) > Netskope Risk Exchange (CRE)
    • Syslog for CE > Cloud Exchange Logs (CLS)
    • Netskope (CLS) > Netskope Log Shipper (CLS)
    • Netskope WebTx (CLS) > Netskope WebTx (CLS)
    • Cloud Exchange (CTO) > Cloud Exchange Alerts (CTO)
  • Alerts type and initial range for pulling old data selection is moved to all Netskope plugins. (i.e. Netskope CLS , CTE, CTO and CRE plugins)
  • Each Netskope plugins are now support specific sub types of alerts or events data pulling
  • v1 token validation endpoint /api/v1/app_instances
  • SSO supports password less authentication methods as well such as Push notification, MFA etc.
  • User will be now notified with list of missing permission for v2 token while configuring Netskope plugins, there will be audit log too
    • if permission is revoked after configuring the plugin, user will be notified with banner
  • Added user email length validation
  • Changed status code to 503 for HA cluster if any one service is down.
  • Memory usage optimizations for historical data pulling
  • “0” is now supported for initial data pull range to disable/prevent the historical pulling
  • Docker Compose –
    • Strict checks for CPU, RAM, Total disk and free disk check, it should be either matching with medium or large profile
  • CRE V2 –
    • Updated Netskope CRE plugin description to list down the required v2 token permissions
    • SCIM v2 api usage in CREv2 module /addon-*.goskope.com/SCIM/v2
  • CTE –
    • IoC source labelling to identify the original source of the IoC.
    • Implement new minimum sync interval of 10 minutes
    • Implement practice of not uploading anything if there is nothing to upload (don’t resend existing IOC)
    • Implement single deploy call and multiple replace calls when multiple sharing is configured.
    • Implement best practices for URL list sharing
    • Honor rate limit for deploy api call, call only once for multiple replace calls to multiple or single URL list.
    • Indicator sharing will be done based on the configured sync interval instead of indicator received (old workflow in 5.0.1)
  • CLS –
    • WebTx Plugin updates – Netskope WebTx plugin now requires tenant to be configured and subscription path and key will be fetched using v2 token of configured tenant.
    • While configuring the webtx plugin,, v2 token will validated for 2 endpoints and user will be notified if required permissions are missing
  • CTO –
    • Cloud Exchange Alerts plugin now supports pulling debug logs
  • Switched to Ubuntu 22.04 as Base of for docker image
  • Updated plugins card details to display last sync details accurately

Removed

Core UI
  • Alert type selection from tenant configuration page
  • Initial Range from the tenant configuration page
  • Deprecated v1 API usages (like /api/v1/alerts)
  • SCIM v1 api usage
  • Subscription path and Subscription key inputs from Netskope WebTx plugin
  • Docker-compose support 
  • Support fo CentOS
  • “Add Tenant” button from Tenants page
  • Initial Range from the tenant configuration page

Fixed Issues

Core
  • Out of Memory issue in CLS Historical Pull.
  • Restricted configuring same URL list in multiple sharing configurations in CTE module.
  • Fixed MongoDB migration errors occurred while running setup script.
  • Fixed HA tasks duplication error in CLS module.
  • Fixed Minimum Core version check while adding new repository.
  • Fixed automatic ticket cleanup of CTO module
  • Fixed issue of inconsistent Netskope data pulling when plugin is enabled from the disabled state.
  • Fixed SLO url getting empty while re enabling the SSO configurations.
  • Fixed issue in removal of the security banner added in 4.x version
  • Fixed cleanup mechanism for Celery task results
  • Fixed inconsistent casing in user agent string while making netskope api call
  • Fixed high memory usages of CE while pulling historical data
  • Fixed to allow user configure the destination which only supports alerts (CLS SIEM mapping)
  • Fixed – Action is not getting performed during manual or Automatic sync
  • Fixed – Netskope UCI Score Issue
  • Fixed – WebTx data pulling stops due to invalid utf-8 characters

Known Issues and Limitations

  • For CRE module Actions and Business rules will not be migrated from older version. User will be required to configure Actions and Business rules again once the CE is migrated to 5.1.0-beta.1
  • For CRE module if score for users or hosts are not fetched yet and if user migrate to 5.1.0 then user will see the following error in audit logs, as there is no impact on functionality this error can be ingored. This error will get resolved once the scores are pulled for the users or hosts.
  • UCI scores of the users are not fetched if it isn’t updated in the last 7 days.
  • There is a rate limit of 1 API call per minute for create/update app instance action. So more than 1 actions per minute will fail.
  • For Users migrating to 5.1.0.beta.1, first pulling task (of alerts, events, webtx) will be started after 1 hour and 30 minutes for WebTx.
  • Intermittently encountering a “Temporary failure in name resolution” error observed in core logs in RHEL standalone instance.
  • RabbiMQ data migration is not supported due to change of queue type from Classic to Quorum queue.
  • In OVA while running start script or diagnose script user will see the warning message related “WARNING: No swap limit support“ this warning message can be ignore safely.
  • CRE Value Map currently only supports string to integer mapping. For example, mapping values like “high“, “low“, “medium“ to its numeric equivalent.
  • When using the CRE action for Tag Application, we encountered a limitation where the total length of all tags, including the commas used to separate static values, must not exceed 4,120 characters. If this limit is exceeded, the last tags or characters may be trimmed without any error message being generated. The system does not provide an explicit error when the tag length exceeds the limit.
  • In older versions of CE, you might start seeing errors related to the importing of plugins continuously.
  • Error occurred while importing plugin netskope.plugin.***

Validated Plugins List

CRE

New Plugins Existing Plugins
  • Microsoft Defender for Endpoint
  • CrowdStrike Falcon Cloud Security CNAPP
  • Wiz
  • AWS Verified Access
  • JAMF
  • Forescout
  • Infoblox Bloxone
  • Microsoft Entra ID (Azure AD)
  • CrowdStrike Falcon Identity Protection
  • CrowdStrike
  • Okta
  • Elastic
  • Mimecast (migration not available)

For the existing plugins that are not updated to CREv2 and for those whose migration is not available,

  • While updating the core to 5.1.0 – the existing configured plugin will be lost along with the data,
  • The user will not see those plugin in the CRE module.

For the plugins whose migration is present and which are migrated to CREv2

  • Configuration will be retained
  • Users or Devices or Application data will also be retained and will be stored in a default fields created in the resected entities.
  • Business rules and Action configuration will be lost.

CTE

  • Illumio
  • MISP

CTO

  • ServiceNow
Share this Doc

Netskope Cloud Exchange Release Notes Version 5.1.0

Or copy link

In this topic ...