Viso Trust Plugin for Application Risk Exchange

Viso Trust Plugin for Application Risk Exchange

This document explains how to configure the Viso Trust integration with the Application Risk Exchange module of the Netskope Cloud Exchange platform. This plugin pushes the Applications to the Viso Trust platform and creates the relationships in the Viso Trust platform by grouping the applications together based on vendors.

Prerequisites

  • A Netskope tenant (or multiple, for example, production and development/test instances) that is already configured in Cloud Exchange.
  • A Netskope Cloud Exchange tenant with the Application Risk Exchange module already configured.
  • Viso Trust Platform Access, plus your Viso Trust Business Owner Email and Viso Trust URL.
  • Connectivity to the following host: Viso Trust platform URL (like https://dev.visotrust.com)
CE Version Compatibility

Netskope CE v4.2.0, v5.0.0

Plugin Scope

The Viso Trust plugin shares Application data (CCI Scores) to the Viso Trust Platform. It creates relationships on the Viso Trust platform with the tags as CCI Score of the Netskope application. You need the Viso Trust API Token, Viso Trust Business Owner Email and Viso Trust URL to configure the plugin.

Viso Trust Plugin Support
Type of data pushed Applications
Mappings
CCI Tags Mapping
Netskope CE CCI Viso Trust CCI
CCI Poor <=49
CCI Low >49 and <=59
CCI Medium >59 and <=74
CCI High >74 and <= 89
CCI Excellent >89
Mappings for Push (Netskope field – Viso Trust fields)
Netskope CE Fields Viso Trust Fields
name vendor
homepage steering domain/discovery domain
tags CCI Scores as levels based on the CCI Tags Mapping
businessOwnerEmail Viso Trust Business Owner Email

Note

As the applications are grouped based on the vendors and relationships are created for this vendor, the tags are created by calculating the average of all the apps in the vendor and finding the matching levels based on the CCI Tags Mapping.

Permissions

Permission to create API Keys on Viso Trust platform.

API Details
List of APIs used
API Endpoint Method Use Case
/api/v1/tags POST Validating connectivity while creating tags.
/api/v1/relationships/search GET Get existing relationships with the selected domains.
/api/v1/relationships POST Create a new relationship.
/api/v1/relationships PATCH Update an existing relationship.
Validate Connectivity

API Endpoint: /api/v1/tags
Method: POST
Headers:

Key Value
Authorization Bearer <API Token>
Content-Type application/json

Parameters:

{
  "tags": [
    ""
  ]
}

Sample API Response:

[ "Tag Name" ]
Get Existing Relationships

API Endpoint: /api/v1/relationships/search
Method: GET
Headers:

Key Value
Authorization Bearer <API Token>
Content-Type application/json

Parameters:

{
  "name": "Google",
  "domains": ["accounts.google.com"]
}

Sample API Response:

[
    {
        "assessments": [],
        "businessOwner": {
            "businessUnit": "Unassigned",
            "email": "tanushree.kurup@crestdatasys.com",
            "firstName": "Tanushree",
            "lastName": "Kurup"
        },
        "businessUnit": "Unassigned",
        "contextTypes": [],
        "createdDate": "2024-02-13T08:41:58.851279Z",
        "dataTypes": [],
        "description": null,
        "homepage": "accounts.google.com",
        "id": 673639651,
        "inherentRisk": "NO_CONTEXT",
        "isTransitional": true,
        "name": "Google",
        "potentialRisk": "NO_CONTEXT",
        "primaryContact": null,
        "recertificationDate": null,
        "recertificationType": "NONE",
        "residualRisk": "NO_CONTEXT",
        "status": "NOT_ONBOARDED",
        "subscribers": [],
        "tags": [
            "CCI Low"
        ],
        "updatedDate": "2024-02-13T08:42:00.251705Z"
    }
]
Create a New Relationship

API Endpoint: /api/v1/relationships
Method: POST
Headers:

Key Value
Authorization Bearer <API Token>
Content-Type application/json

Parameters:

{
  "name": "Google",
  "homepage": "accounts.google.com",
  "businessOwnerEmail": "tanushree.kurup@crestdatasys.com",
  "tags": [
    "CCI Low"
  ]
}

Sample API Response:

{
    "assessments": [],
    "businessOwner": {
        "businessUnit": "Unassigned",
        "email": "tanushree.kurup@crestdatasys.com",
        "firstName": "Tanushree",
        "lastName": "Kurup"
    },
    "businessUnit": "Unassigned",
    "contextTypes": [],
    "createdDate": "2024-02-13T08:41:58.851279Z",
    "dataTypes": [],
    "description": null,
    "homepage": "accounts.google.com",
    "id": 673639651,
    "inherentRisk": "NO_CONTEXT",
    "isTransitional": true,
    "name": "Google",
    "potentialRisk": "NO_CONTEXT",
    "primaryContact": null,
    "recertificationDate": null,
    "recertificationType": "NONE",
    "residualRisk": "NO_CONTEXT",
    "status": "NOT_ONBOARDED",
    "subscribers": [],
    "tags": [
        "CCI Low"
    ],
    "updatedDate": "2024-02-13T08:42:00.251705Z"
}
Update an Existing Relationship

API Endpoint: /api/v1/relationships
Method: PATCH
Headers: Value

Value Key
Authorization Bearer <API Token>
Content-Type application/json

Parameters:

{
  "id": "673639651",
  "name": "Google",
  "homepage": "accounts.google.com",
  "businessOwnerEmail": "tanushree.kurup@crestdatasys.com",
  "tags": [
    "CCI High"
  ]
}

Sample API Response:

{
    "assessments": [],
    "businessOwner": {
        "businessUnit": "Unassigned",
        "email": "tanushree.kurup@crestdatasys.com",
        "firstName": "Tanushree",
        "lastName": "Kurup"
    },
    "businessUnit": "Unassigned",
    "contextTypes": [],
    "createdDate": "2024-02-13T08:41:58.851279Z",
    "dataTypes": [],
    "description": null,
    "homepage": "accounts.google.com",
    "id": 673639651,
    "inherentRisk": "NO_CONTEXT",
    "isTransitional": true,
    "name": "Google",
    "potentialRisk": "NO_CONTEXT",
    "primaryContact": null,
    "recertificationDate": null,
    "recertificationType": "NONE",
    "residualRisk": "NO_CONTEXT",
    "status": "NOT_ONBOARDED",
    "subscribers": [],
    "tags": [
        "CCI High"
    ],
    "updatedDate": "2024-02-13T08:52:34.902966Z"
}
Performance Matrix

Here is the performance reading conducted by sharing 1000 Applications in each plugin lifecycle on a Large CE instance with these specifications.

Stack details Size: Large
RAM: 32 GB
CPU: 16 Cores
Applications shared to Viso Trust ~39 per minute
User Agent

The user-agent added in this plugin is in the following format:

netskope-ce-<ce_version>-<module>-<plugin_name>-v<plugin_version>

For example:

netskope-ce-5.0.0-are-viso-trust-v1.0.0

Workflow

  1. Get your Viso Trust API Token.
  2. Configure the Viso Trust plugin.
  3. Configure a Business Rule.
  4. Configure Sharing.
  5. Validate the plugin.

Click play to watch a video.

 

Get your Viso Trust Token

  1. Log in to your Viso Trust Platform.
  2. Click the Profile Icon on the top right.
  3. Click Profile.
  4. Select Expiration Period and select a time period.
  5. Click Generate token.
  6. Copy the token. It is needed to configure the plugin, and you won’t see it again.

Configure the Viso Trust Plugin

  1. In Cloud Exchange go to Settings > Plugins.
  2. Search for and select the Viso Trust box to configure the plugin.
  3. Enter and select these values:
    • Configuration Name: Unique name for the configuration.
    • Use System Proxy: Enable if the proxy is required for communication.

  4. Click Next.
  5. Enter these values:
    • Viso Trust URL: Your Base URL for the Viso Trust instance. For example: https://dev.visotrust.com/.
    • Viso Trust Business Owner Email: Your Viso Trust Business Owner email address.
    • Viso Trust API Token: Your Viso Trust API Token.

  6. Click Next.
  7. Select Company Name = Application Name in the Mapping Information. This is a mandatory selection in the Application Risk Exchange plugin, but for the Viso Trust plugin, these mappings are not acknowledged in the plugin.
  8. Click Save.

Configure an Application Risk Exchange Business Rule for Viso Trust

To share Applications fetched from Application Risk Exchange to the Viso Trust, you need to have a business rule that will filter out the Applications that you want to share. To configure a business rule, follow the below steps:

  1. In Application Risk Exchange, go to Business Rules and click Create New Rule.
  2. Add the filter according to your requirement in the rule, and then click Save.

Configure an Application Risk Exchange Sharing for Viso Trust

To share Applications from Application Risk Exchange to the Viso Trust platform, follow the below steps:

  1. In Application Risk Exchange, go to Sharing and click Add Sharing Configuration.
  2. Select the Source Configuration (Netskope ARE), a Business Rule, and the Destination Configuration (Viso Trust).
  3. Click Save.

Validate the Viso Trust Plugin

Validate the Pull

Pulled Applications will be listed on the Applications page.

To verify pulled logs on CE, go to Logging and search the logs (enter your Netskope ARE plugin name).

Validate the Push

To validate the push in CE, go to Logging and filter shared logs for the ARE Viso Trust plugin.

To check the ingested Applications on the platform, log in to Viso Trust and go to Third Parties > Relationships.

Troubleshooting

Not able to share Applications to Viso Trust

Check if the Application vendors are present or not. If the vendor is not present, then the applications will not be shared.

Check the Steering Domain and if Discovery Domain is not present, then the application will not be shared.

If the applications were previously shared, and there is no change in the CCI score, even then the applications will not be shared.
The logs for all of these cases will be available in the logging sections.

Share this Doc

Viso Trust Plugin for Application Risk Exchange

Or copy link

In this topic ...