Inline App Connectors

Inline App Connectors

Netskope provides support real-time data security and threat protection for Cloud and Web Application traffic through Netskope Inline App Connectors for Real-Time security. Inline App connectors provide visibility into user activities based on the end user interaction with the Cloud Apps. Additionally for Cloud Apps which have both Enterprise and Commercial versions, the instance or accounts being accessed by users are also identified across the activities being performed. The Admin can translate this visibility into enforcement through Real-Time Policies.

Inline App Connector Types

Netskope provides several app connectors as defined below.

App-specific Connectors: Developed based on detailed traffic analysis for the various use cases of the application. These connectors are part of the content package deployed in all data centers. Netskope provides app-specific connectors for key Enterprise Cloud Apps out of the box. 

Universal Connector (UC): Netskope’s Universal Connector is developed based on a heuristic approach to identify the activities. The following activities are supported for the Universal Connector: Login Attempt, Login Successful, Login Failed, Logout, Formpost (with DLP/TSS Only), Upload, and Download. For the long tail of Cloud Apps Netskope leverages the Universal App Connector to provide best-effort activity detection of the specified activities.

Web Universal Connector: Netskope’s Web Universal Connector is also developed based on a heuristic approach to identify the activities. This is similar to a universal connector, with less activity support. Supported activities include: Browse, Login Attempt, Formpost (with DLP/TSS Only), Upload, and Download. The Web Universal Connector provides best-effort activity detection for Non-App or Web traffic specific activities.

Note: A formpost activity is when an HTTP client sends HTML with content type set to “multipart/form-data” or “application/octet-stream”. It is an HTTP POST request sent with the request body specifically formatted as a series of “parts,” separated with MIME boundaries.

Custom Connectors: Netskope provides an option to develop custom connectors through your account UI by providing the traffic definitions for the application. The traffic definitions can be recorded using a chrome browser extension tool into a JSON file. This JSON file, that has the app activities to traffic mapping and additional information, can be loaded through your account UI to create a custom connector. The custom connector definition is done through the Custom App configuration workflow. To learn more: Creating a Cloud App Definition

Inline App Connector Workflow

When traffic for a cloud app goes through Netskope, application events are generated based on the appropriate connector match as outlined in the workflow diagram below.

One activity which is not seen in a policy but is captured in Skope IT Events is “Browse,” which is the very first activity in the initial transaction when a Domain/URL is accessed, this is not captured as an event unless the Domain/URL/App (with Activities set to Any) is blocked by a policy.

Share this Doc
In this topic ...