Skip to main content

Cyware Orchestrate

Netskope

App Vendor: Netskope

App Category: IT Services

Connector Version: 1.1.0

API Version: 1.0.0

About App

Netskope app offers cloud-native solutions to businesses for data protection and defense against threats in cloud applications, cloud infrastructure, and the web.

Netskope app is configured with the Orchestrate application to perform the following actions:

Action Name

Description

Fetch Alerts

The action retrieves the alerts.

Fetch Quarantine Files

The action retrieves the quarantine files.

Download Quarantine File

The action downloads the quarantine files.

Quarantine File Action

The action allows or blocks the quarantine file.

Update File Hashlist

The action updates the file hashlist.

Update URL List

The action updates the URL list.

Get Events

This action retrieves events.

Configuration Parameters

The following configuration parameters are required for the Netskope app to communicate with the Netskope enterprise application. The parameters can be configured by creating instances in the app.

Parameter

Description

Field Type

Required/Optional

Comments

Tenant name

Enter the tenant name.

Example:

"alliance"

Text

Required

API Token

Enter the API token.

Password

Required

Action: Fetch Alerts

The action retrieves alerts.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Alert type

Enter the alert type to retrieve the alerts.

Example:

"anomaly"

Text

Optional

Allowed values:

  • anomaly

  • compromised credential

  • policy

  • legal hold

  • malsite

  • malware

  • dlp

  • security assessment

  • watchlist

  • quarantine

  • remediation

  • uba

Time period

Enter the time period in seconds.

Example:

86400

Integer

Optional

Extra params

Enter any extra parameters to fetch alerts.

Key Value

Optional

Allowed parameters:

  • alert_type

  • timeperiod

  • extra_params

  • query

  • acked

  • starttime

  • endtime

  • insertionstarttime

  • insertionendtime

  • limit

  • skip

  • unsorted

Example Request 

[
    {
        "alert_type": "anomaly"
    }
]
Action: Fetch Quarantine Files

This action retrieves the quarantine files.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Start time

Enter the start time in Unix epoch time.

Example:

1643291040

Integer

Required

End time

Enter the end time in Unix epoch time.

Example:

1643291040

Integer

Required

Example Request 

[
    {
        "start_time": 1643291040,
        "end_time": 1643291040
    }
]
Action: Download Quarantine File

This action downloads the quarantine files.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Quarantine profile ID

Enter the quarantine file ID.

Example:

"00189056BRRT"

Text

Required

File ID

Enter the file ID.

Example:

"017a56"

Text

Required

Example Request 

[
    {
        "quarantine_profile_id": "00189056BRTT",
        "file_id": "017a56"
    }
]
Action: Quarantine File Action

This action allows or block the quarantine file.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Quarantine profile ID

Enter the quarantine file ID to take an action.

Example:

"00189056BRRT"

Text

Required

File ID

Enter the file ID.

Example:

"017a56"

Text

Required

Action

Enter the action to perform on the quarantine file.

Example:

"allow"

Text

Required

Allowed values:

  • allow

  • block

Example Request 

[
    {
        "quarantine_profile_id": "00189056BRRT",
        "file_id": "017a56",
        "action": "allow"
    }
]
Action: Update File Hashlist

This action updates the file hashlist.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

File hashlist name

Enter the file hashlist name to update the file hashlist.

Example:

"sectest"

Text

Required

File hash list

Enter the file hash as a comma separated list.

Example:

"e28eb9739b6e84d0f796e3acc0f5b71e, e54eb9739b6e84d0f796e3acc0f5b71e"

Text

Required

Example Request 

[
   {
      "file_hashlist_name":"sectest",
      "file_hash_list":[
         "e28eb9739b6e84d0f796e3acc0f5b71e",
         "e54eb9739b6e84d0f796e3acc0f5b71e"
      ]
   }
]
Action: Update URL List

This action updates the URL list.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

URL List Name

Enter the URL list name to update.

Example:

"sample-url-netskope"

Text

Required

URL List

Enter the URLs as a comma-separated list.

Example:

"sampledomain.com, https://sampleurl.com"

Text

Required

Example Request 

[
   {
      "url_list":[
         "sampledomain.com",
         "https://sampleurl.com"
      ],
      "urllist_name":"sample-url-netskope"
   }
]