Netskope Help

Validate the Microsoft Defender Plugin

In order to validate the integration you must have alerts generated on Microsoft Defender for Endpoint. Defender polling intervals were defined during plugin configuration.

  1. Go to Cloud Exchange and select Threat IoCs. You should see records from your Defender plugin. You can filter based on Source values to check both the Netskope and Defender plugins.

    image10.jpeg
  2. In the Netskope UI, go to Policies > File, select your custom File Profile, and click File Hash.

    image11.jpeg
  3. If data is not being brokered between the platforms, you can look at the audit logs in Cloud Exchange. In Cloud Exchange, go to Logging and look through the logs for errors.