New Features and Enhancements In Release 95.0.0

Adv UEBA incidents show Data Loss Prevention(DLP) policy violations (detections) along with User Confidence Index (UCI) impact for the detection.

Editing a POST message activity is now modified to POST instead of EDIT activity. DLP support is also added for the same.

With this release, Netskope extends its support for the Send activity in API. This release do not support to_user and Netskope plans to provide support in the upcoming releases.

The new feature support for Microsoft O365 Outlook Notes section includes the following:

DLP Inspection Support: The DLP engine inspects the data while editing the notes and takes necessary actions.

Limitation: While uploading a file, the engine does not display the name of the file, but displays alert with the important details.

With this release, Netskope moves the Esign section coverage and supported activities to the Adobe Sign application.

Netskope now revamps Amazon Drive app connector signature and supports the following activities:

Removed the support for the following activities:

With this release, Netskope remapped Amazon.com to Amazon Personal Login application. As the Amazon Drive application comes under Amazon Personal App suite, it is mandatory to steer Amazon Personal Login and Amazon Drive applications in the steering configuration to detect all the supported activities.

With this release, you can perform DLP and Threat Inspection for the files uploaded to Box (>100 MB) and Dropbox application( > 4 MB)

Added Matched Username as an attribute value that allows you to report matched corporate domains for compromised credentials.

Netskope updates the application category for the LinkedIn application from Social to Professional Networking.

With this release, Netskope updates the coverage for Adobe Sign application activity covered through the Adobe App Suite. This release also includes the DLP support for the Upload activity.

Updated the application categories to File Converter in App Info for the following CCI apps:

This release includes support for more than 30 additional file types accessible through DLP file filter. The following lists a few of the file types:

Email DLP now includes support for the full SMTP UTF-8 standard for email addresses. This means email addresses seen by the SMTP proxy can include non-US characters.

App detect now supports Alert action for response header processing and the list of supported actions are:

The Page Events section now includes the Other Category field that displays the list of all categories present in the URL. Earlier only the primary category was available in Page Events. TheApplication Events already include the Other Category field.

With this release, you can exclude users, user groups, and organizational units when configuring the Source field in Real-time Protection policies.

To learn more: Real-time Protection Policies

Input checking prevents configuring private apps with the following IP ranges:

The enhanced filtering of Page Events in Skope IT allows to filter page events by action using the predefined filter in the + Add Filter menu.

This enables to filter isolation events easily (action: isolate) and combine them with additional filters. Prior to this change, users had to use the advanced search capability to build a query to filter page events by action. This enhancement allows you to identify the pages sent to Netskope RBI for web isolation by selecting the predefined filter for action, with value ‘isolate’.

For Compromised Credentials page in Incidents, you can now send email notifications to users or admins using Edit Email Notification popup dialog in the row action. The row action is displayed at the end of each row (‘…’ icon). You can customize the email templates by editing the popup dialog using a default template. At the same time, you can reset the default template any time using the Edit template popup dialog.

Netskope adds a new search and filter field called Incident ID in real-time (inline) malware detections and policy actions. Use Incident ID to filter and search events and alert data to uniquely identify malware detections and policy blocks. New real-time (inline) detections contain both transaction_id and incident_id.

To learn more: About Malware and About Alerts.

The standard threat protection now comes with standard sandbox and heuristics detections that provides positive detection. This can provide additional corroboration by the advanced threat engines for a detection in standard threat protection. For detailed forensics analysis and reports an advanced Threat Protection license is required.

Netskope uses a defense in depth approach using adv Machine Learning, heuristics and other advanced engines to complement sandbox observed behaviors and detections. The new API for Direct File Submission provides a mechanism to retrieve sandbox observed behaviors and forensic analysis, mapped to MITRE TTPs in a detailed report for SOC analysts to research malware. These detections are also available in the tenant and shown as access method API.

In addition to documenting all new and improved features, here is the list of articles with key documentation updates: