Axonius Documentation
Start typing to search…

Netskope

Netskope Security Cloud provides threat protection for cloud services, websites, and private applications.

Asset Types Fetched

  • Devices, Users, Application Extensions, Admin Managed Extensions, User Initiated Extensions, Application Add-Ons, Groups, Application Extension Instances, Admin Managed Extension Instances, User Initiated Extension Instances, Application Add-On Instances, Application Keys, SaaS Applications

Before You Begin

Ports

  • TCP port 80/443

Authentication Method

  • API Token

Permissions

If using API V2, the following permissions are required:

  • Devices:

    • Recommended: /events/datasearch/clientstatus

    • If you have a PDEM license, the following API endpoints are optional (the above endpoint is still recommended):

      • /api/v2/adem/userlist
      • /api/v2/adem/users/device/getlist
      • /api/v2/adem/users/device/getdetails

Users and SaaS Applications/User Extensions (at least one of the below listed endpoints is required):

  • events/dataexport/events/alert
  • events/dataexport/events/application
  • events/dataexport/events/audit
  • events/dataexport/events/connection
  • events/dataexport/events/incident
  • events/dataexport/events/infrastructure
  • events/dataexport/events/network
  • events/dataexport/events/page
  • events/dataexport/events/endpoint

Connecting the Adapter in Axonius

To connect the adapter in Axonius, provide the following parameters:

Required Parameters

  1. Netskope Domain - The hostname of the Netskope server.
  2. API Token - Specify your account API key or an API token you have created.


Optional Parameters

  1. Verify SSL - Select whether to verify the SSL certificate offered by the host supplied in Netskope Domain. For more details, see SSL Trust & CA Settings.
  2. HTTPS Proxy - A proxy to use when connecting to Netskope Domain.

To learn more about common adapter connection parameters and buttons, see Adding a New Adapter Connection.

Advanced Settings

📘

Note:

Advanced settings can either apply to all connections for this adapter, or to a specific connection. Refer to Advanced Configuration for Adapters.

  1. Fetch mobile devices (required, default: True) - Choose whether to fetch mobile devices in addition to standard devices.
  2. Fetch users from alerts less than X hours old (required, default: 0) - Set a number of hours to fetch alerts triggered by users created in the number of hours defined in the field. Note that the default value for this field is 0. If you do not enter a value in this field no users are fetched.
  3. Fetch user UCI scores - Select this option to fetch user UCI scores. This setting only works when using the V2 API. Note that the API key must have read access to the /api/v2/incidents/uba/getuci API endpoint.
  4. Fetch the last seen date from events - By default (when this option is not selected) Axonius fetches the last seen date for this adapter from the 'last_event/timestamp' field. When you select this option it populates the Last Seen field with the latest event brought by the /api/v1/events endpoint with access_method equals access_method eq Client and type equals application
  5. Do not ingest duplicates - Select this option so that the adapter will ignore assets with the same NS Device UID if any were ingested previously during the same fetch.
  6. Use API V2 - Select this option to fetch data using the API V2.
📘

Note:

To be able to fetch devices from API V2, you need to generate an API key with access to specific API endpoints. For more information, see Required Permissions below.

A PDEM license is required in order to use the ADEM endpoints in API V2. If you do not have this license, you can continue using API V1 to fetch device data.

Due to the structure of the API V2 endpoints, the device data is fetched in a time window. The adapter uses the "Ignore devices that have not been seen by the source in the last X hours" setting to define this window. If the setting is not configured it uses a default window of 10 days.

  1. Ignore SaaS Applications Repository and parse all applications (Only for accounts with SaaS Management capabilities) - Select this option to ignore the SaaS Applications Repository and parse all apps found by the Netskope adapter.
  2. Fetch device os from sorted events - Select this option to fetch the device OS data from sorted events.
  3. Fetch users/groups from SCIM API (V2 only) - Select this option to fetch users and groups from the SCIM API when using the API V2.
📘

Note

To learn more about Adapter Configuration tab advanced settings, see Adapter Advanced Settings.

Updated 1 day ago