ServiceNow Plugin for Threat Exchange
This document explains how to configure the ServiceNow Threat Intelligence Plugin integration with the Cloud Threat Exchange module of the Netskope Cloud Exchange platform. This integration allows for sharing of URLs and file hashes with Netskope that has been identified by ServiceNow.
A Netskope Tenant (or multiple, for example, production and development/test instances).
A Secure Web Gateway subscription for URL sharing.
A Threat prevention subscription for malicious file hash sharing.
A Netskope Cloud Exchange tenant with the Threat Exchange module already configured.
A ServiceNow instance with admin access
Create a custom File Profile.
Create a Malware Detection Profile.
Create a Real-time Protection Policy.
Create a Service Now user.
Configure a ServiceNow Plugin.
Configure sharing between Netskope and ServiceNow.
Validate the ServiceNow Plugin.
In the Netskope UI, go to Policies , select File , and click New File Profile.
Click File Hash in the left panel, select SHA256 from the File Hash dropdown list.
Enter a temporary value in the text field. Netskope does not support progressing without having a value in this field, and recommends entering a string of 64 characters that consists of the character
f. For example,ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff. This will have a very low possibility of matching a valid file format.
Click Next.
Enter a Profile Name and a Description. We recommend not having blank spaces in your profile name; use underscores for spaces.
Click Save.
To publish this profile into the tenant, click Apply Changes in the top right.