Action Connector: Netskope

Set up the action connector for Netskope to enable one-click containment and remediation in Radiant Security.

Overview

The Netskope security cloud provides visibility and threat protection when accessing cloud services, websites, and private apps. It provides web filter, data loss prevention, zero trust access, and information protection services. This configuration integrates Netskope with Radiant Security in order to allow Radiant Security to run containment and remediation actions on Netskope.

To complete this configuration, you’ll need to complete the following steps:

Obtain the Netskope API token
Create and set up a blocklist
Add the action connector in Radiant Security

At the end of this configuration, you will provide Radiant Security with the following values:

API base URL
API token
URL List Name

Prerequisites

Admin user account

Obtain the Netskope API token

In this step, you will create the API Token on Netskope.

Important note: If an Expiration value is set for the token, update the token value on Radiant Security’s connector at the time of expiration to prevent disruptions in data collection.

1. Log into the Netskope Console.
2. Navigate to Settings > Tools > Rest API v2.
3. At the top of the page, identify if the REST API is enabled. If it's not enabled, click the pencil icon and enable the toggle for REST API. Click Save to save the changes.
4. Click New Token to create a new API Token.
5. Under Token Name, enter `RadiantActionConnector`.
6. Under Expire In, select 12 Months.
7. Click Add Endpoint to select the API Endpoints that the Token is allowed to access: Select all entries that start with /api/v2/policy/urllist
8. On Privilege, select Read and Write.
9. Click Save. Copy the Token shown in the pop-up. Please note that this will be the only opportunity to copy the token so ensure you store it in a safe place.

Create and set up a blocklist

In this step you will create a URL List, a Custom Category and a Web Access Policy to block access to URLs and Domains contained on the URL List. This step is required even if you already have an URL List that is used to block URLs and Domains. Feel free to include the Radiant Security URL List on any existing Categories and Policies, but make sure that the list is created according to the documentation.

Log into the Netskope Console.
Navigate to Policies > Web > URL Lists.
Click New URL List.
Under URL List Name enter: RADIANT_SECURITY_BLOCK_URL_POLICY.
Under URL Type, select Exact.
Click Save.
Click Apply Changes.
Navigate to Policies > Web > Custom Categories.
Click New Custom Category.
Don't select any Categories on the first step, click Next.
On the Exceptions/Inclusion step, click Inclusion and select the newly created URL List RADIANT_SECURITY_BLOCK_URL_POLICY.
Click Save and Apply Changes.
Enter a name for the Custom Category.
Click Save Custom Category.
Navigate to Policies > Real-Time Protection.
Click New Policy > Web Access.
Under Source, select any sources that should be blocked from accessing the Domains and URLs on the list.
Under Destination, select the newly created custom category and all the activities that apply.
Under Profile & Action, select Action: Block.
Enter a name for the Policy.
Click Add.

Add the action connector in Radiant Security

1. Log in to Radiant Security.
2. From the navigation menu, click Settings > Action Connectors and click + Add Connector.
3. Search for and select Netskope API v2 option and then click Credentials.
4. Under Credential Name, give the credential an identifiable name (e.g. `Netskope Token`). 5. In the Tenant URL field, enter the URL you use to access the Netskope Console. For example: `https://` 6. In the API Token field, paste in the Netskope API Token that you generated in the previous section.`companyName.goskope.com`
7. Click Add Connector.

We value your opinion. Did you find this article helpful? Share your thoughts by clicking here or reach to our Product and Customer Success teams at support@radiantsecurity.ai

Last updated: 2024-08-23