Threat Exchange Module
Threat Exchange Module
Threat Exchange is a rules-based engine for collecting and sharing indicators related to file hashes of malicious software (malware), file hashes of files used in Netskope DLP policy for absolute matching, or URLs used by plugged in systems for policy enforcement of restricted or allowed access.
Click play to learn how to set up Threat Exchange.
Threat Exchange Global Settings
Only write-access users can change Threat Exchange Global Settings. Go to Settings > Threat Exchange. If the same IoC value is reported from different sources, then based on the reconciliation criteria, Threat Exchange will decide which IoC metadata should be kept and which will be ignored.
Reconciliation Criterias
Possible Reconciliation Criterias include:
- Always Overrides: If this criteria is selected, the latest IoC metadata will be kept in case of IoC Duplication.
- Never Overrides: If this criteria is selected, the oldest IoC metadata will be kept in case of IoC Duplication.
- Highest Severity Source Override: If this criteria is selected, the highest severity source’s IoC metadata will be kept in case of IoC Duplication.
After selecting a criteria, click Save.
IoC(s) Retraction
To enable IoC retraction from Cloud Exchange:
- Go to Setting > Threat Exchange.
- Enable the IoC(s) Retraction toggle and enter the Retraction Interval.
- Click Save.
- Configure 3rd-party Threat Exchange Plugins
- View Configured Threat Exchange Plugins
- Update Configured Threat Exchange Plugins
- Manage Threat Exchange Business Rules and IoC Sharing
- Configure your Netskope Tenant for Threat Exchange File Hash Sharing
- Manage Tags
- Threat Exchange Custom Plugin Developers Guide
Articles
- Configure 3rd-party Threat Exchange Plugins
- Anomali ThreatStream XDR Plugin for Threat Exchange
- API Source Plugin for Threat Exchange
- AWS GuardDuty Plugin for Threat Exchange
- Carbon Black Plugin for Threat Exchange
- Commvault Plugin for Threat Exchange
- CrowdStrike Plugin for Threat Exchange
- Cybereason Plugin for Threat Exchange
- Digital Shadow Plugin for Threat Exchange
- ExtraHop Reveal(x) 360 Plugin for Threat Exchange
- Feedly Plugin for Threat Exchange
- GitHub Plugin for Threat Exchange
- HarfangLab Plugin for Threat Exchange
- Illumio Plugin for Threat Exchange
- Mandiant Plugin for Threat Exchange
- Microsoft Defender for Cloud Apps Plugin for Threat Exchange
- Microsoft Defender for Endpoint Plugin for Threat Exchange
- Microsoft Office 365 Endpoints Plugin for Threat Exchange
- Mimecast Plugin for Threat Exchange
- MISP Plugin for Threat Exchange
- Palo Alto Networks Cortex XDR Plugin for Threat Exchange
- Proofpoint Plugin for Threat Exchange
- Palo Alto Networks Panorama Plugin for Threat Exchange
- Rubrik Plugin for Threat Exchange
- Secureworks Taegis Plugin for Threat Exchange
- SecurityScorecard Plugin for Threat Exchange
- SentinelOne Plugin for Threat Exchange
- ServiceNow Plugin for Threat Exchange
- Skyhigh Plugin for Threat Exchange
- Sophos Plugin for Threat Exchange
- STIX/TAXII Plugin for Threat Exchange
- Trend Vision One Plugin for Threat Exchange
- ThreatConnect Plugin for Threat Exchange
- Trellix Plugin for Threat Exchange
- ThreatQ Plugin for Threat Exchange
- Web Page IoC Scraper Plugin for Threat Exchange
- View Configured Threat Exchange Plugins
- Update Configured Threat Exchange Plugins
- Manage Threat Exchange Business Rules and IoC Sharing
- Configure your Netskope Tenant for Threat Exchange File Hash Sharing
- Manage Tags
- Threat Exchange Custom Plugin Developers Guide