Updated on April 23, 2024

Improved Reporting on Malware Files in API Data Protection

Improved Reporting on Malware Files in API Data Protection

API Data Protection dashboard page now includes additional information about theMD5 checksum on malware as well as details if the malware was detected by Netskope or the SaaS application. Filtering capabilities on the newly available data is also added.

The current malware section on the API dashboard is now enhanced to provide more information about how Netskope calculates the malware count and provide more malware metadata such as MD5 checksum and Detection Type for files listed as malware on the dashboards’ file listing page.

As part of this enhancement, following changes are introduced:

The following screenshots and enhancements are taken from a Google Drive app instance. However, these enhancements are applicable for all supported storage apps.

Log in to the Netskope UI tenant, click API-enabled Protection > SAAS on the left navigation pane. The panel displays a list of apps. Click the desired app to view the app-specific dashboard statistics.

  • Added a tool-tip to explain how the malware count is calculated on the API-enabled Protection dashboard page.

    Api Data Protection Malware Count Tooltip.png

    How does Netskope calculate the malware file count on the API-enabled Protection dashboard?

    • The malware files count here only denotes the count of malware identified via API integrations to this specific SaaS application instance. Malware detected using other access methods are not included in this count.

    • For customers with threat protection enabled, the malware files count on the API-enabled Protection dashboard shows the combined malware files count from threats detected by the native SaaS app + threats detected by the Netskope threat engine.

    • For customers with no threat protection enabled, the malware files count on the API-enabled Protection dashboard shows the malware files count from threats detected by the native SaaS app only.

  • Renamed Malware File filter to Malicious. Added MD5 checksum and Detection Engine filters.

    The MD5 checksum and Detection Engine filters are available only when Malicious filter is set to Yes.
    Api Data Protection Md5 Detection Engine Filters.png

    The detection engine filter has the following sub-filters:

    • Native App

    • Netskope AV

    • Netskope Advanced Heuristic Analysis

    • Netskope Cloud Sandbox

    • Netskope Threat Intelligence

  • Added MD5 checksum of the identified malware file and Detection Engine fields on the File Details page

    The Classic API Data Protection interacts with the FastScan detection engine to retrieve scan results. Occasionally, when FastScan yields no detection, this outcome is relayed back to API Data Protection and the Detection Engine field displays it as Not Available on the File Details page. If no threats are detected, FastScan forwards the request to the DeepScan detection engine, which may provide a positive result, and subsequently displaying the detection engine on the Incidents > Malware and Skope IT > Alerts page.
    In a nutshell, in addition to the File Details page, check the Detection Engine value on the Incidents > Malware and Skope IT > Alerts page.
    Api Data Protection Md5 Detection Engine.png

    You can click the magnifying glass icon to lookup the incident. The page redirect to Incidents > Malware.

  • Added a tooltip to explain how the malware count is calculated on the Incidents > Malware page.

    Api Data Protection Incident Malware Count Tooltip.png
Share this Doc

Improved Reporting on Malware Files in API Data Protection

Or copy link

In this topic ...