Netskope Help

New Features And Enhancements In Release 93.0.0

Here is the list of the new features and enhancements.

New Inline App Connector Support

Netskope extends support for Figma, a popular and collaborative graphics editor and prototyping tool used worldwide, and adds activity detection in the browser for the following:

  • Login Attempt

  • Login Successful

  • Logout

  • Login Failed

  • Upload

  • Download

  • Share

  • View

  • Unshare

  • Create

Remove The App Connectors For Defunct Apps

Deprecating and removing the following applications from the list of applications available for Real-Time Policy Enforcement:

  • Action Solutions AG

  • AgileBench

  • ClearSync

  • Cloudon

  • ContactChamp

  • Dealernet

  • Digitalbucket

  • DocLanding

  • GetDashboard

  • Goshido

  • Greenerbilling

  • GroupCamp

  • HomePipe

  • Kanbanery

  • Odysen

  • Oprius

  • TimeBridge

  • TrueShare

  • Wunderlist

  • Slideshark

Important

All these applications are defunct and are deprecated by the respective App providers.

DLP Support For Edit Activity

Salesforce app has DLP support enabled on Edit activity on the user interface (UI). Netskope no longer supports this and removed DLP support for Edit activity for Salesforce.

Support For Post Activity In Workplace

Netskope extends support for Post activity in the Workplace application and you can post text-based content in your Workplace application. You can configure real-time policies based on Post activities.

DLP Support For Create Activity

Netskope adds DLP support for Create activity in the ServiceNow application. This allows Create as an activity in a real-time policy with a DLP Profile applied to it.

Addition Of Secure Attributes In Netskope Session Cookies

HttpOnly and Secure attributes are added to netskope_info, netskope_check, and nsauth_session cookies as part of security enhancements.

App Connector Revamp

In this release, Netskope extends support for the HelloSign application by adding Login Attempt and Send activities as part of the app activities. Login Attempt is triggered when the user tries to log into the application. Send activity is triggered when the user tries to send a document.

Rename Activity for DocuSign

In this release, Netskope extends support for the DocuSign application by adding new activity called Rename that gets triggered for file rename activity navigation.

Turn On Flag For Puppeteer

Improvements in report resolution for downloaded PDF.

Regex Support For Element Of AWS Policies

Netskope IaaS CSA added support for regular expression checks over AWS policy documents of S3bucket, SNSTopic, SQSQueue, and SES.

After this change, all custom rules which are dependent on AWS policies such as "S3Bucket should not have BucketPolicy with [ Statement with [ ( Action has ( "s3:Delete*" ) or Action has ("S3:Delete*") or Action has ("S3:*") or Action has ("s3:*") ) and Effect eq "Allow" and Principal has ( "*" ) and Conditions len ( ) eq 0 ] ]" is now rewritten like "S3Bucket should not have BucketPolicy with [ Statement with [ ( Action with [ value like "(?i)s3:Delete" or value like "(?i)S3:\*" ] ) and Effect eq "Allow" and Principal with [ value eq "*" ] and Conditions len ( ) eq 0 ] ]".

This enhancement ensures no false negatives are reported for AWS policy documents of S3bucket, SNSTopic, SQSQueue, and SES.

Applications Moved to CASB Category

In this release, Netskope adds the following new CASB categories:

  • Advocacy Groups & Trade Associations

  • Arts

  • Auctions & Marketplaces

  • Business

  • Family & Parenting

  • File Converter

  • File Repositories

  • File/Software Download sites

  • Financial Aid & Scholarships

  • Financial News

  • Games

  • Government & Legal

  • Health & Nutrition

  • Hobbies Interests

  • Home & Garden

  • Insurance

  • Investors & Patents

  • Kids

  • Lifestyle

  • Nursing

  • Online Ads

  • Pets

  • Philanthropic Organizations

  • Photo Sharing

  • Religion

  • Science

  • Search Engines

  • Social & Affiliation Organizations

  • Sports

  • Technology

  • Telecommuting

  • Trading & Investing

  • Translation

  • Web Conferencing

In addition, Netskope also moved a few existing CCI applications to newly added categories since they fit there better, and also they were seen as re-cat requests. Following are the list of apps that moved to a new category:

Application Name

Old Category

New Category

ACKO

Business Process Management

Insurance

Arts People

Business Process Management

Arts

CommunitySuite

Business Process Management

Financial Aid & Scholarships

Fundable

Business Process Management

Investors & Patents

GameSpot

Business Process Management

Games

HealthyChildren.org

Business Process Management

Family & Parenting

Hometalk

Business Process Management

Hobbies & Interests

The Bureau of Meteorology

Business Process Management

Government & Legal

WebMD

Business Process Management

Health & Nutrition

Forbes

Consumer

Financial News

garDsign

Consumer

Home & Garden

iStockPhoto

Consumer

Photo Sharing

Justdial

Consumer

Search Engines

Kayo Sports

Consumer

Sports

mywellness consumer

Consumer

Lifestyle

PDF Converter

Consumer

File Converter

Fidelity

Finance/Accounting

Trading & Investing

PetSitClick

Finance/Accounting

Pets

GoFundMe

Forums

Philanthropic Organizations

ATI Nursing Education

Knowledge Management

Nursing

eBay

Shopping

Auctions & Marketplaces

TinyTap

Social

Kids

New Transaction Log Fields

x-transaction-id and x-request-id are new transaction log fields that are available from this release.

Skip Retrying Of Failed Events In Collaborator

Reduces the number of notifications in case of multiple alerts from inline policy evaluation, by sending a single notification whenever a policy hit and regardless of the number of subsequent policy hits during any 30 minutes.

Reserved Application Name From API Gateway For Private App Creation

Netskope_Discovery_App is a reserved private app name. The administrator is not allowed to create a private app with this name.

Soft Limits For The Number Of Publishers

Each tenant can have up to 100 NPA Publishers. Contact Support to increase this limit for the tenant. The admin UI will display a warning when the number of Publishers exceeds 90% of the allowed limit.

Soft Limits For The Number Of Private Applications

Each tenant can have up to 1000 private application definitions. Contact Support to increase this limit for the tenant. The admin UI will display a warning when the number of private applications exceeds 90% of the allowed limit.

Enhancements to NPA policy updates

Netskope enhanced the NPA Cloud to support dynamic routing of traffic to Private Apps when Publishers reconnect. This enhancement reduces client and app reconnections by dynamically routing traffic to available publishers.

NPA API Gateway

With this release, you can automate NPA configurations using API with the following supported HTTP methods:

  • GET

  • POST

  • PUT

  • PATCH

  • DELETE

To learn more, go to Settings > Tools > REST API v2 in your Netskope tenant, and then click the API Documentation link.

MITRE ATT&CK Framework For Mapping Threat Behaviors In Sandbox Analysis

Observed behaviors in the cloud sandbox are mapped to the MITRE ATT&CK® framework for security teams to understand the scale and impact of an incident quickly and drive actionable mitigation measures. The MITRE ATT&CK framework < https://attack.mitre.org > is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations.

To learn more: Viewing Cloud Sandbox Analysis

Retrohunt API

Retrohunt API provides an API that allows you to query detections by hash (md5,sha256) if the file has been seen (whether malicious or benign) in traffic within the Netskope tenant. Additionally, a report can be retrieved for the detections and verdicts by the different engines.

To learn more, go to Settings > Tools > REST API v2 in your Netskope tenant, and then click the API Documentation link.

Steering API Security enhancement

Netskope enhanced the REST API calls from Netskope Agent to use AuthHeader for better security. Currently, this facility is behind a feature flag that is disabled by default.

In addition to documenting all new and improved features, here is the list of articles with key documentation updates: