Netskope Governance Language
Netskope Governance Language
Netskope Governance Language (NGL) is a query language defined by Netskope to work with data collected by Netskope SSPM. This is used internally by Netskope to define the predefined rules and can be used by customers to define custom rules or search conditions. In this document, we will look at syntax, semantics, operators and functions that can be used in NGL.
To quickly try NGL, navigate to API-enabled Protection > Security Posture SaaS > Inventory menu and go to Resources tab. Click the Switch to NGL icon on the right side of the filters toolbar. This will open the NGL query tool which we can use to try the NGL queries.
Understanding NGL Syntax
Following is the NGL syntax used to create NGL rules.
<app suite> <resource type> <expression> <condition>
NGL Example:
microsoft365 remotedomain should-have autoforwardenabled = false
-
App Suite – refers to the application suite on which the query is to be executed. See the list of supported apps in the support matrix. It is case insensitive. In the above NGL example, ‘microsoft365’ is the app suite.
SaaS Security Posture Management‘s Atlassian Jira and Confluence apps do not currently support Netskope Governance Language (NGL). -
Resource Type – refers to the type of configuration or resource in the SaaS app. Various resource types can be used depending on the supported app suite. Use the DOM structure of the corresponding app to identify the Resource Types that can be used. Refer Understanding DOM files to learn more. In the above NGL example, ‘remotedomain’ is the resource type.
-
Expression – refers to whether the condition following this should be applied or should not be applied on the resource type used in the rule. It is case insensitive. In the above NGL example, ‘should-have’ is the expression.
-
Condition – refers to the clauses to be applied against the resource type in the app suite. It is case sensitive. A condition is made up of one or more clauses, each clause using different operators. A complex condition can apply operators against multiple properties of one resource type or against multiple linked resource types. See Operators section for more information. For example,
-
In the above simple NGL example,
autoforwardenabled = false
is the condition and ‘=’ is the conditional operator. -
In the below complex conditional example, multiple conditions are looped using the ‘=’ operator.
azuread deviceconfiguration should-have ( passwordminutesofinactivitybeforescreentimeout = 5 and passwordminutesofinactivitybeforelock = 0 ) or ( passcodeminutesofinactivitybeforescreentimeout = 5 and passcodeminutesofinactivitybeforelock = 0 )
-
Usage
-
NGL can be used to create custom rules, see Create a SaaS Security Posture Rule to learn more.
Content
Drill down into the NGL chapter ahead to learn more: