Skyhigh Plugin for Threat Exchange
Skyhigh Plugin for Threat Exchange
This document will provide the technical documentation required to configure the SkyHigh integration with the Cloud Threat Exchange module of the Netskope Cloud Exchange platform. This integration allows for the pulling of URLs and sharing them with Netskope.
Prerequisites
To complete this configuration, you need:
- A Netskope tenant (or multiple, for example, production and development/test instances) that is already configured in Cloud Exchange.
- A Netskope Cloud Exchange tenant with the Threat Exchange module already configured.
- Connectivity to the following host: SkyHigh expects a publically available URL that holds a flat file in Blue Coat format. Example:
Define category Blacklist1 1800covidx.com 18713279151.com End Define category Blacklist2 18statement.coronaviruspreppers.buzz 19covid-gouv12.com End
- Your Configuration Parameter. Reach out to Skyhigh for your Skyhigh CASB Published URL. Make sure you have access to the URL. It is assumed that the URL is publically available, so you do not need any extra permissions to pull data.
Skyhigh Plugin Support
| Fetched indicator types | URL(URLs, FQDN, IP Addresses) |
| Shared indicator types | Do not support sharing |
Performance Matrix
| Data Pulled | Time Taken |
|---|---|
| 1326 | 4 seconds |
| 11323 | 1 minute 39 seconds |
Workflow
- Configure the SkyHigh Plugin for Threat Exchange.
- Validate the Skyhigh plugin.
Click play to watch a video.
- In Cloud Exchange, go to Settings > Plugins.
- Search for and select the SkyHigh plugin box.
- Enter these parameters:
- Configuration Name: Unique name for the configuration.Sync Interval: Leave Default.Aging Criteria: Leave Default.Override Reputation: Leave Default.Enable SSL verification: Enable if SSL verification is required for communication.Use System Proxy: Enable if the proxy is required for communication.
- Click Next.
- Enter these parameters:
- SyHigh CASB Published URL: SkyHigh published URL endpoint from which you want to pull the data.Category: The type of comma-separated category from which you want to pull data. Keep it blank to pull all data from the file.
- SyHigh CASB Published URL: SkyHigh published URL endpoint from which you want to pull the data.Category: The type of comma-separated category from which you want to pull data. Keep it blank to pull all data from the file.
- Click Save.
- In Threat Exchange, go to Threat IoCs.
- If data is not being fetched from the platform, you can look at the logs in Cloud Exchange. In Cloud Exchange Select Logging. Look through the logs for errors.
