Threat Exchange Module

Threat Exchange Module

Threat Exchange is a rules-based engine for collecting and sharing indicators related to file hashes of malicious software (malware), file hashes of files used in Netskope DLP policy for absolute matching, or URLs used by plugged in systems for policy enforcement of restricted or allowed access.

Click play to learn how to set up Threat Exchange.

 

Threat Exchange Global Settings

Only write-access users can change Threat Exchange Global Settings. Go to Settings > Threat Exchange. If the same IoC value is reported from different sources, then based on the reconciliation criteria, Threat Exchange will decide which IoC metadata should be kept and which will be ignored.

Reconciliation Criterias

Possible Reconciliation Criterias include:

  • Always Overrides: If this criteria is selected, the latest IoC metadata will be kept in case of IoC Duplication.
  • Never Overrides: If this criteria is selected, the oldest IoC metadata will be kept in case of IoC Duplication.
  • Highest Severity Source Override: If this criteria is selected, the highest severity source’s IoC metadata will be kept in case of IoC Duplication.
TE-Global-Settings.png

After selecting a criteria, click Save.

IoC(s) Retraction

To enable IoC retraction from Cloud Exchange:

  1. Go to Setting > Threat Exchange.
  2. Enable the IoC(s) Retraction toggle and enter the Retraction Interval.
  3. Click Save.

Articles

Share this Doc

Threat Exchange Module

Or copy link

In this topic ...