Improved Reporting on Malware Files in API Data Protection
Improved Reporting on Malware Files in API Data Protection
API Data Protection dashboard page now includes additional information about theMD5 checksum on malware as well as details if the malware was detected by Netskope or the SaaS application. Filtering capabilities on the newly available data is also added.
The current malware section on the API dashboard is now enhanced to provide more information about how Netskope calculates the malware count and provide more malware metadata such as MD5 checksum and Detection Type for files listed as malware on the dashboards’ file listing page.
As part of this enhancement, following changes are introduced:
Log in to the Netskope UI tenant, click API-enabled Protection > SAAS on the left navigation pane. The panel displays a list of apps. Click the desired app to view the app-specific dashboard statistics.
-
Added a tool-tip to explain how the malware count is calculated on the API-enabled Protection dashboard page.
How does Netskope calculate the malware file count on the API-enabled Protection dashboard?
-
The malware files count here only denotes the count of malware identified via API integrations to this specific SaaS application instance. Malware detected using other access methods are not included in this count.
-
For customers with threat protection enabled, the malware files count on the API-enabled Protection dashboard shows the combined malware files count from threats detected by the native SaaS app + threats detected by the Netskope threat engine.
-
For customers with no threat protection enabled, the malware files count on the API-enabled Protection dashboard shows the malware files count from threats detected by the native SaaS app only.
-
-
Renamed Malware File filter to Malicious. Added MD5 checksum and Detection Engine filters.
The MD5 checksum and Detection Engine filters are available only when Malicious filter is set to Yes.The detection engine filter has the following sub-filters:
-
Native App
-
Netskope AV
-
Netskope Advanced Heuristic Analysis
-
Netskope Cloud Sandbox
-
Netskope Threat Intelligence
-
-
Added MD5 checksum of the identified malware file and Detection Engine fields on the File Details page
The Classic API Data Protection interacts with the FastScan detection engine to retrieve scan results. Occasionally, when FastScan yields no detection, this outcome is relayed back to API Data Protection and the Detection Engine field displays it as Not Available on the File Details page. If no threats are detected, FastScan forwards the request to the DeepScan detection engine, which may provide a positive result, and subsequently displaying the detection engine on the Incidents > Malware and Skope IT > Alerts page.
In a nutshell, in addition to the File Details page, check the Detection Engine value on the Incidents > Malware and Skope IT > Alerts page.You can click the magnifying glass icon to lookup the incident. The page redirect to Incidents > Malware.
-
Added a tooltip to explain how the malware count is calculated on the Incidents > Malware page.