Scribd
Upload
97 views16 pages

Custom Netskope App Setup Guide

Uploaded by

victimying
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
97 views16 pages

Custom Netskope App Setup Guide

Uploaded by

victimying
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

Netskope - Custom BlueApp Instructions -

New
 Summary
 Step by Step Instruction
o 1. App Info
o 2. API Credentials
o 3. API Config
o 4. Mapping
o 5. Summary Fields
o 6. API Response
o 7. Preview

Summary
Step by Step Instruction
 Authorization type : API Key Auth
 How to get API Credentials : Consult Netskope Document and support
 API doc reference : [Link]
api/netskope-platform-rest-apis/get-alerts-data/ & [Link]
help/admin-console/rest-api/rest-api-v2-overview-312207/
 API Endpoint : [Link]

1. App Info
App Info:

App Name : Custom Netskope App


App Description (Optional) : NA
AlienApp Category : Alarm
Vendor (Optional) : Netskope
Device Type (Optional) : Other devices

Complete the dialogues as shown above. These details don’t impact the function of the app and
can be set up as you see fit.

2. API Credentials
API Credentials:

Auth Type : API Key Auth


Event URL : [Link]
Header Name => Netskope-Api-Token
Header Value => <put_your_header value_here>
Request Method => GET

 In the Params you have to enter the below value

start : timestamp_value_here (UNIX Epoch time)


end : timestamp_value_here (UNIX Epoch time)

Use the details above to populate the dialogues. Include the Header Name and Header Value
from your Netskope Events configuration.

3. API Config
API Config:

Pagination Type : Pagination


Pagination Param Name: INVALID_PAGE
Pagination Param Value: 0
Limit Param Name : limit
Limit Param Value : 5000
Total Count Response Path(Optional) : NA
Events Response Path(Optional) : result
Response Events Sort Order : Asc
Timestamp Filter Param Name : starttime
Timestamp Filter Param Value : timestamp_value_here (UNIX Epoch time)
Timestamp Filter Param Format : Timestamp (UNIX Epoch time)
Latest Event Timestamp Response Path: timestamp
Latest Event Timestamp Response Format : Timestamp (UNIX Epoch time)

 In the Params you have to enter the below value

endtime : $(date)
Use the details above to complete the dialogues.

4. Mapping
Raw Log Data

{
"_appsession_start": "yes",
"_category_id": "600",
"_category_name": "Generative AI",
"_category_tags": [
10001,
600,
600
],
"_content_version": 1X168XX6X8,
"_correlation_id": "fXX77XX8-7XXb-4XX6-8XX2-baXXebXXf3XX0",
"_creation_timestamp": 1XX7139XX2,
"_device_classification_ids": [
"0"
],
"_ef_received_at": 1XX71397XX5XX5,
"_event_id": "fbXX06ec-7XXc-4XXd-9XX3-32XXd6b56XX7",
"_forwarded_by": "mXg-rXXyer",
"_gef_src_dp": "UX-NXCX",
"_id": "5XXdb69XXb9fcd52XX9cb7",
"_insertion_epoch_timestamp": 1717139796,
"_nshostname": "dXXool1-X-egXxss",
"_raw_event_inserted_at": 1XX39788XX9,
"_service_identifier": "service-nsproxy",
"_session_begin": "1",
"_skip_geoip_lookup": "yes",
"_src_epoch_now": 1XX7125XX0,
"_streamid": 3,
"access_method": "Client",
"acked": "false",
"action": "block",
"activity": "Browse",
"alert": "yes",
"alert_name": "[Data Protection] Generative AI",
"alert_type": "policy",
"app": "Microsoft Copilot",
"app_session_id": 4XX6255XX396XX0,
"app_tags": [
"Consumer"
],
"appcategory": "Generative AI",
"browser": "Edge",
"browser_session_id": 5XX46897XX7906XX0,
"browser_version": "[Link]",
"category": "Generative AI",
"cci": 83,
"ccl": "high",
"connection_id": 1XX44XX419873XX0,
"count": 1,
"custom_device_classification": [
"not configured",
"not configured"
],
"device": "Windows Device",
"device_classification": "not configured",
"domain": "[Link]",
"dst_country": "US",
"dst_latitude": 4X.7XX6,
"dst_location": "Secaucus",
"dst_longitude": -7X.X6,
"dst_region": "New Jersey",
"dst_timezone": "America/New_York",
"dst_zipcode": "0XX94",
"dstip": "[Link]",
"dstport": 43,
"hostname": "MI5XX3264XXF",
"incident_id": 94XX520XX7100X0,
"ja3": "3dfXXd1d5319a9bXXa215b5efXXd",
"ja3s": "NotAvailable",
"managed_app": "no",
"netskope_pop": "US-NYC2",
"notify_template": "block_page.html",
"organization_unit": "",
"os": "Windows 10",
"os_family": "Windows",
"os_version": "Windows NT 10.0",
"other_categories": [
"All Categories",
"Generative AI"
],
"page": "[Link]",
"page_site": "Microsoft Copilot",
"policy": "[Data Protection] Generative AI",
"policy_id": "43XX889293D04AECF1XX37F 2024-05-30 [Link].348700",
"port": "4X3",
"protocol": "HTTPS/2",
"request_id": 2XX8807809XX00,
"severity": "unknown",
"site": "Microsoft Copilot",
"src_country": "US",
"src_latitude": 3X.7X3,
"src_location": "Laurinburg",
"src_longitude": -7X.4X6,
"src_region": "North Carolina",
"src_time": "Fri May 31 [Link] 2024",
"src_timezone": "America/New_York",
"src_zipcode": "2XX52",
"srcip": "[Link]",
"telemetry_app": "",
"timestamp": 1717139788,
"traffic_type": "CloudApp",
"transaction_id": 94XX65203XX10000,
"type": "nspolicy",
"ur_normalized": "abc@[Link]",
"url": "[Link]/work/api/v3/user/proactive/signin",
"user": "abc@[Link]",
"useragent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/[Link] Safari/537.36 Edg/[Link]",
"userip": "[Link]",
"userkey": "abc@[Link]"
}

Fields Mapping

"Event type" : ["alert_type"],


"Device external id" : ["incident_id"],
"Category id" : ["_category_id"],
"Event category" : ["_category_name"],
"Subcategory id" : ["_category_tags[0]"],
"Event name" : ["object"],
"Destination address" : ["dstip"],
"Source address" : ["srcip"],
"Source hostname" : ["hostname"],
"Source username" : ["user"],
"Customfield 3" : ["userip"],
"Event severity" : ["severity"],
"Request url" : ["url"],
"Transport protocol" : ["protocol"],
"Event action" : ["action"],
"User resource type" : ["type"],
"Source userid" : ["_event_id"],
"Destination process id" : ["transaction_id"],
"Domain name" : ["domain"],
"Device name" : ["device"],
"Event activity" : ["activity"],
"Request user agent" : ["useragent"],
"Policy" : ["policy_id"],
"Account name" : ["site"],
"Base event count" : ["count"],
"Customfield 0" : ["page"],
"Customfield 1" : ["alert"],
"Customfield 2" : ["_correlation_id"],
"Application" : ["app"],
"Content category" : ["appcategory"],
"Source location name" : ["src_location"],
"Device event category" : ["device_classification"],
"Source translated port" : ["port"],
"File id" : ["_id"],
"File create time" : ["timestamp"],
"External id" : ["connection_id"],
"File path" : ["file_type"],
"File hash md5" : ["md5"],
"Customfield 4" : ["title"],
"Customfield 5" : ["browser"],
"Customfield 6" : ["organization_unit"],
"Customfield 7" : ["dst_country"],
"Customfield 8" : [“dst_location"],

Use the table above as a guide - the left hand side is the new log data, and the right hand side
represents which USM key to drag it onto. Use the search bars above both sides to find the exact
matches. Once finished, click “next”.

5. Summary Fields
Select which fields you would like in the summary. See above as an example. This step is
completely at your discretion and doesn’t impact app operations. All log details will be available
in “Event Details”.

6. API Response
{
"ok": 1,
"result": [
{
"_appsession_start": "yes",
"_category_id": "6X0",
"_category_name": "Generative AI",
"_category_tags": [
10X01,
5X4,
60,
6X0
],
"_content_version": 17XX284XX6,
"_correlation_id": "91XXd551-dXX3-4xX9-bXX5-5eXX9e305XXb",
"_creation_timestamp": 1714019442,
"_ef_received_at": 1714019439872,
"_event_id": "e7XX6a70-0XXd-4XXa-9XXc-28e3xXbf1XX5",
"_forwarded_by": "mXg-relXyer",
"_gef_src_dp": "UX-DXW1",
"_id": "aXXe064bd862XX729e832",
"_insertion_epoch_timestamp": 1714019447,
"_nshostname": "dpXXol5-X-egXXss",
"_raw_event_inserted_at": 1714019440250,
"_service_identifier": "service-nsproxy",
"_session_begin": "0",
"_skip_geoip_lookup": "yes",
"_src_epoch_now": 1714001408,
"_streamid": 3,
"access_method": "Client",
"acked": "false",
"action": "block",
"activity": "Browse",
"alert": "yes",
"alert_name": "[Data Protection] Generative AI",
"alert_type": "policy",
"app": "Microsoft Copilot",
"app_session_id": 17XX31169XX45563XX4,
"app_tags": [
"Consumer"
],
"appcategory": "Generative AI",
"browser": "Edge",
"browser_session_id": 505XX10XX9688XX567,
"browser_version": "[Link]",
"category": "Generative AI",
"cci": 8X,
"ccl": "high",
"connection_id": 184XX1240854XX3920,
"count": 1,
"device": "Windows Device",
"device_classification": "not configured",
"domain": "[Link]",
"dst_country": "US",
"dst_latitude": 3X.7XX7,
"dst_location": "Dallas",
"dst_longitude": -96.8022,
"dst_region": "Texas",
"dst_timezone": "America/Chicago",
"dst_zipcode": "7X2X0",
"dstip": "[Link]",
"dstport": 43,
"hostname": "MIXX213XXK",
"incident_id": 20XX907645XX3060XX1,
"ja3": "cXX2e5a6aXX32fc4a9cccXX0546bc1X1",
"ja3s": "NotAvailable",
"managed_app": "no",
"netskope_pop": "UX-DXX1",
"notify_template": "bXXck_pXXe.html",
"organization_unit": "",
"os": "Windows 10",
"os_family": "Windows",
"os_version": "Windows NT 10.0",
"other_categories": [
"All Categories",
"Technology",
"Generative AI"
],
"page": "[Link]",
"page_site": "MiXXsoft CopXXot",
"policy": "[Data Protection] Generative AI",
"policy_id": "83XX7933B77AXX7CDCEF9CB024XX8 2024-04-18
[Link].619649",
"port": "4XX",
"protocol": "HTTPS/2",
"request_id": 282XX04064042XX2640,
"severity": "unknown",
"site": "Microsoft Copilot",
"src_country": "US",
"src_latitude": 3X.0X6,
"src_location": "Lewisville",
"src_longitude": -9X.9X6,
"src_region": "Texas",
"src_time": "Wed Apr 24 [Link] 2024",
"src_timezone": "America/Chicago",
"src_zipcode": "7XX67",
"srcip": "[Link]",
"telemetry_app": "",
"timestamp": 1714019439,
"traffic_type": "CloudApp",
"transaction_id": 20XX0764578306XX51,
"type": "nspolicy",
"ur_normalized": "abc@[Link]",
"url": "[Link]/work/api/v3/user/proactive/signin",
"user": "abc@[Link]",
"useragent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/[Link] Safari/537.36
Edg/[Link]",
"userip": "[Link]",
"userkey": "abc@[Link]"
},
.............................
.............................
.............................
.............................
{
"_appsession_start": "yes",
"_category_id": "6X0",
"_category_name": "Generative AI",
"_category_tags": [
10X01,
5X4,
6X0,
6X0
],
"_content_version": 17XX284XX6,
"_correlation_id": "c9XX35f-5XX8-4XX6-bXX8-1de1f536bXXa",
"_creation_timestamp": 1714022970,
"_ef_received_at": 1714022968223,
"_event_id": "d7XX687-XX2-4XX4-bXXb-3XX477XXa9Xb",
"_forwarded_by": "mXg-reXXyer",
"_gef_src_dp": "UXS-OX1",
"_id": "3cXX0f6af2dXX506efXX33",
"_insertion_epoch_timestamp": 1714022972,
"_nshostname": "dpXXol4-2-eXXss",
"_raw_event_inserted_at": 1714022968525,
"_service_identifier": "sXice-nsXXoxy",
"_session_begin": "1",
"_skip_geoip_lookup": "yes",
"_src_epoch_now": 1714008540,
"_streamid": 1,
"access_method": "Client",
"acked": "false",
"action": "block",
"activity": "Browse",
"alert": "yes",
"alert_name": "[Data Protection] Generative AI",
"alert_type": "policy",
"app": "Microsoft Copilot",
"app_session_id": 30XX4328971XX2,
"app_tags": [
"Consumer"
],
"appcategory": "Generative AI",
"browser": "Edge",
"browser_session_id": 30XX96386XX212X64,
"browser_version": "[Link]",
"category": "Generative AI",
"cci": 8X,
"ccl": "high",
"connection_id": 8XX99000XX76632XX0,
"count": 1,
"device": "Windows Device",
"device_classification": "not configured",
"domain": "[Link]",
"dst_country": "US",
"dst_latitude": 41.8XX74,
"dst_location": "Chicago",
"dst_longitude": -87.6XX18,
"dst_region": "Illinois",
"dst_timezone": "America/Chicago",
"dst_zipcode": "6X6X2",
"dstip": "[Link]",
"dstport": 4X3,
"hostname": "MXXCG0213XXN",
"incident_id": 55XX704427840XX782,
"ja3": "f2e9XX34a522cXX0e2e69b9XX69X1",
"ja3s": "NotAvailable",
"managed_app": "no",
"netskope_pop": "UX-OXD1",
"notify_template": "block_page.html",
"organization_unit": "",
"os": "Windows 10",
"os_family": "Windows",
"os_version": "Windows NT 10.0",
"other_categories": [
"All Categories",
"Technology",
"Generative AI"
],
"page": "[Link]",
"page_site": "Microsoft Copilot",
"policy": "[Data Protection] Generative AI",
"policy_id": "83EXX7933B77AXXD57CDCEF9CXX244F8 2024-04-18
[Link].61XX49",
"port": "4X3",
"protocol": "HTTPS/2",
"request_id": 28XX70XX00434948XX60,
"severity": "unknown",
"site": "Microsoft Copilot",
"src_country": "US",
"src_latitude": 40.0XX1,
"src_location": "Columbus",
"src_longitude": -82.9XX2,
"src_region": "Ohio",
"src_time": "Thu Apr 25 [Link] 2024",
"src_timezone": "America/New_York",
"src_zipcode": "4XX19",
"srcip": "[Link]",
"telemetry_app": "",
"timestamp": 1714022968,
"traffic_type": "CloudApp",
"transaction_id": 55XX704XX7840671XX2,
"type": "nspolicy",
"ur_normalized": "abc@[Link]",
"url": "[Link]/work/api/v3/user/proactive/signin",
"user": "abc@[Link]",
"useragent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/[Link] Safari/5X7.36
Edg/[Link]",
"userip": "[Link]",
"userkey": "abc@[Link]"
}
]
}

7. Preview

“Save and Close” to finalize app.

You might also like