Cloud Exchange Module Descriptions

Log Shipper

Log Shipper regularly and persistently executes polls against the Netskope REST API gateway to extract raw JSON formatted event and alert logs and push a newly formatted version out to one or more receivers, configured as a plugin. It does this using a sophisticated algorithm to use a multi-threaded query engine, working within rate limits (4 queries/second), and handling error responses and datasets larger than its pagination limit (10,000 logs per response) in order to deliver all requested logs during initial seeding and near-real time activities.

Ticket Orchestrator

Ticket Orchestrator extracts alerts, and the fields in those alerts, generated by Netskope in response to user and system behaviors/discoveries, and creates tickets and/or notifications in 3rd-party ITSM/IR/collaboration systems to streamline incident response.

Threat Exchange

Threat Exchange is designed to streamline and automate the sharing of indicators found/blocked/sourced by one security or IT platform in defense of a specific customer to every other connected platform owned or used by the same customer that can leverage that data, to reduce the likelihood of success of attack.

Risk Exchange

Risk Exchange includes two workflows, User Risk Exchange and Application Risk Exchange, that create a single view into multiple connected systems risk values for individual users, devices, and applications.

With User Risk Exchange, as scores are consumed into a database, they are mapped to a normalized value range and can be weighted as needed to create a single score per user, and a daily average across all users/devices. By leveraging business logic, you can match individual scores, score combinations, or weighted scores as nested, ordered triggers to send notifications via Ticket Orchestrator plugins, and/or trigger one or more preconfigured orchestrated actions as made available in individual plugins.

Application Risk Exchange is an engine for collecting the application details from the application events of a Netskope tenant, and then sharing those with other Application Risk Exchange configured plugins.