Skip to main content

Netskope Help

Netskope Tenants

To leverage the primary modules to work with Netskope, you need to create a Netskope tenant in CE. Configured Netskope tenants are displayed on the Netskope Tenants page, and Admins can edit and delete configured tenants.

You need your Netskope tenant API token(s) to complete this procedure.

Obtain your v1 RESTful API token by following the steps in REST API v1 Overview CE uses v1 tokens for updating file hashes in Threat Exchange.

Important

A v1 token is required for adding a Netskope tenant in CE, but will not be used if an equivalent v2 endpoint is available.

Create a new v2 RESTful API token by following the steps in REST API v2 Overview. For v2 tokens, specific scopes need to be enabled. For more information, see V2 Endpoint Scopes.

When you have your token(s), copy them and then add a tenant to CE.

Add a Netskope Tenant
  1. Go to Settings and click Netskope Tenants. A list of configured Netskope tenants are displayed. There are Edit and Delete icons for each tenant in the Action column.

    image55.png
  2. Click Add Tenant.

  3. Enter parameters for these fields:

    Field

    Description

    Name

    Netskope tenant configuration name.

    Tenant Name

    Netskope tenant name.

    V1 API Token

    API token to authenticate the tenant.

    V2 API Token

    API token to authenticate the tenant.

    Alerts Filter

    Filters the incoming alerts.

    Initial Range

    Number of days to pull the data for initial run.

    System Proxy

    The system proxy configured in the Netskope tenant Settings.

    CE-Log-Shipper-Tenant.png
  4. When finished, click Save.

V1 Endpoint Permissions

REST API v1Endpoint

Permission

Log Shipper (CLS)

Ticket Orchestrator (CTO)

Threat Exchange (CTE)

User Risk Exchange (URE)

App Risk Exchange (ARE)

Notes

Token Generated and Not Expired

(all)

x

Required for sharing file hashes

V2 Endpoint Scopes

Create a V2 token with these endpoint scopes.

REST API v2 Netskope Endpoint

Privilege Level

Log Shipper (CLS)

Ticket Orchestrator (CTO)

Threat Exchange (CTE)

User Risk Exchange (URE)

App Risk Exchange (ARE)

Notes

/api/v2/events/data/alert

Read

o

o

CE 3.0-4.0; phasing out

/api/v2/events/data/application

Read

o

CE 3.0-4.0; phasing out

/api/v2/events/data/audit

/api/v2/events/data/infrastructure

Read

Read

o

o

CE 3.0-4.0; phasing out

CE 3.0-4.0; phasing out

/api/v2/events/data/network

Read

o

CE 3.0-4.0; phasing out

/api/v2/events/data/page

/api/v2/events/dataexport/events/alert

/api/v2/events/dataexport/events/application

Read

Read

Read

o

x

x

x

CE 3.0-4.0; phasing out CE 4.0+

CE 4.0+

/api/v2/events/dataexport/events/audit

Read

x

CE 4.0+

/api/v2/events/dataexport/events/connection

/api/v2/events/dataexport/events/incident

Read

Read

x

x

CE 4.0+

CE 4.0+

/api/v2/events/dataexport/events/infrastructure

Read

x

CE 4.0+

/api/v2/events/dataexport/events/network

Read

x

CE 4.0+

/api/v2/events/dataexport/events/page

/api/v2/policy/urllist/file

Read

Read + Write

x

x

CE 4.0+

CE 3.0+

/api/v2/policy/urllist

Read + Write

x

CE 3.0+

/api/v2/policy/urllist/deploy

Read + Write

x

CE 3.0+

/api/v2/incidents/uba/getuci

/api/v2/ubadatasvc/user/uci

Read + Write

Read + Write

x

x

CE 3.0+

CE 3.0+

/api/v2/services/cci/app

Read

x

CE 4.0+

/api/v2/services/cci/domain

/api/v2/services/cci/tags

Read

Read

x

x

CE 4.0+

CE 4.0+

"o" signifies this endpoint is being phased out.