Netskope

Configure the action connector for Netskope.

In this guide, you will set up a trusted relationship between Radiant and Netskope to allow Radiant to run containment and remediation actions on Netskope.

Available actions

The following action is available after you set up the Netskope action connector. Keep in mind, additional permissions are required.

  • Block URLs

At the end of this configuration, you will provide Radiant Security with the following values:

  • API base URL

  • API token

  • URL List Name

Prerequisites

Obtain the Netskope API token

In this step, you will create the API Token on Netskope.

Important note: If an Expiration value is set for the token, update the token value on Radiant Security’s connector at the time of expiration to prevent disruptions in data collection.

  1. Log into the Netskope Console.

  2. Navigate to Settings > Tools > Rest API v2.

  3. At the top of the page, identify if the REST API is enabled. If it's not enabled, click the pencil icon and enable the toggle for REST API. Click Save to save the changes.

  4. Click New Token to create a new API Token.

  5. Under Token Name enter, RadiantActionConnector.

  6. Under Expire In, select 12 Months.

  7. Click Add Endpoint to select the API Endpoints that the Token is allowed to access:

    1. Select all entries that start with /api/v2/policy/urllist

  8. On Privilege, select Read and Write.

  9. Click Save. Copy the Token shown in the pop-up. Please note that this will be the only opportunity to copy the token so ensure you store it in a safe place.

Create and set up a blocklist

In this step you will create a URL List, a Custom Category and a Web Access Policy to block access to URLs and Domains contained on the URL List. This step is required even if you already have an URL List that is used to block URLs and Domains. Feel free to include the Radiant Security URL List on any existing Categories and Policies, but make sure that the list is created according to the documentation.

  1. Log into the Netskope Console.

  2. Navigate to Policies > Web > URL Lists.

  3. Click New URL List.

  4. Under URL List Name enter: RADIANT_SECURITY_BLOCK_URL_POLICY.

  5. Under URL Type, select Exact.

  6. Click Save.

  7. Click Apply Changes.

  8. Navigate to Policies > Web > Custom Categories.

  9. Click New Custom Category.

  10. Don't select any Categories on the first step, click Next.

  11. On the Exceptions/Inclusion step, click Inclusion and select the newly created URL List RADIANT_SECURITY_BLOCK_URL_POLICY.

  12. Click Save and Apply Changes.

  13. Enter a name for the Custom Category.

  14. Click Save Custom Category.

  15. Navigate to Policies > Real-Time Protection.

  16. Click New Policy > Web Access.

  17. Under Source, select any sources that should be blocked from accessing the Domains and URLs on the list.

  18. Under Destination, select the newly created custom category and all the activities that apply.

  19. Under Profile & Action, select Action: Block.

  20. Enter a name for the Policy.

  21. Click Add.

Add the action connector in Radiant Security

  1. Log in to Radiant Security.

  2. From the navigation menu, click Settings > Action Connectors and click + Add Connector.

  3. Search for and select Netskope API v2 option and then click Credentials.

  4. Under Credential Name, give the credential an identifiable name (e.g. Netskope Token).

  5. In the Tenant URL field, enter the URL you use to access the Netskope Console. For example: https://companyName.goskope.com

  6. In the API Token field, paste in the Netskope API Token that you generated in the previous section.

  7. Click Add Connector.

PreviousMicrosoft O365 (certificate)NextPalo Alto Networks PAN-OS

Last updated