Skyhigh Plugin for Threat Exchange

Skyhigh Plugin for Threat Exchange

This document will provide the technical documentation required to configure the SkyHigh integration with the Cloud Threat Exchange module of the Netskope Cloud Exchange platform. This integration allows for the pulling of URLs and sharing them with Netskope.


To complete this configuration, you need:

  • A Netskope tenant (or multiple, for example, production and development/test instances) that is already configured in Cloud Exchange.
  • A Netskope Cloud Exchange tenant with the Threat Exchange module already configured.
  • Connectivity to the following host: SkyHigh expects a publically available URL that holds a flat file in Blue Coat format. Example:
    Define category Blacklist1
    Define category Blacklist2
  • Your Configuration Parameter. Reach out to Skyhigh for your Skyhigh CASB Published URL. Make sure you have access to the URL. It is assumed that the URL is publically available, so you do not need any extra permissions to pull data.
Skyhigh Plugin Support
Fetched indicator typesURL(URLs, FQDN, IP Addresses)
Shared indicator typesDo not support sharing
Performance Matrix
Data PulledTime Taken
13264 seconds
113231 minute 39 seconds


  1. Configure the SkyHigh Plugin for Threat Exchange.
  2. Validate the Skyhigh plugin.

Click play to watch a video.


Configure the Skyhigh Plugin for Threat Exchange

  1. In Cloud Exchange, go to Settings > Plugins.
  2. Search for and select the SkyHigh plugin box.
  3. Enter these parameters:
    • Configuration Name: Unique name for the configuration.Sync Interval: Leave Default.Aging Criteria: Leave Default.Override Reputation: Leave Default.Enable SSL verification: Enable if SSL verification is required for communication.Use System Proxy: Enable if the proxy is required for communication.
  4. Click Next.
  5. Enter these parameters:
    • SyHigh CASB Published URL: SkyHigh published URL endpoint from which you want to pull the data.Category: The type of comma-separated category from which you want to pull data. Keep it blank to pull all data from the file.
  6. Click Save.

Validate the Skyhigh Plugin

  1. In Threat Exchange, go to Threat IoCs.
  2. If data is not being fetched from the platform, you can look at the logs in Cloud Exchange. In Cloud Exchange Select Logging. Look through the logs for errors.
Share this Doc

Skyhigh Plugin for Threat Exchange

Or copy link

In this topic ...