Netskope
Netskope One is a cloud-native platform that offers converged security and networking services to enable your Secure Access Services Edge (SASE) and Zero Trust transformation. In addition to using the built-in Netskope plugin with Microsoft Security Copilot, you can incorporate other Netskope custom plugins. This article describes how to set up and use the built-in plugin for Security Copilot.
Note
This article contains information about third-party plugins. This is provided to help complete integration scenarios. However, Microsoft does not provide troubleshooting support for third-party plugins. Contact the third-party vendor for support.
Know before you begin
Integration with Security Copilot requires an API token. You'll need to take the following steps before using the plugin.
Get your Netskope API token. If you don't have one, follow the steps in Netskope's REST API v2 Overview.
Sign in to Microsoft Security Copilot.
Access Manage Plugins by selecting the Plugin button from the prompt bar.
Next to Netskope Reporting for Threat and Data Protection, select Set up.
In the Value field, paste Netskope API token.
Select Save.
Sample Netskope Reporting prompts
After the Netskope Reporting plugin is set up, you can use the following six capabilities with Security Copilot:
Get_audit_eventsGet_data_alertGet_data_applicationGet_data_infrastructureGet_data_networkGet_data_page
The following table provides examples of prompts to try:
| Capability | Example prompt |
|---|---|
| Retrieve a list of application events for a specific time frame and domain | show me Netskope DLP Alerts from 1724996122 and 1724997122 |
| Retrieve a list of security assessment alerts for a specific app | show me Netskope application events from 1724996122 and 1724997122 for user example@hotmail.com |
| Retrieve a list of page events for a specific user | show me Netskope page events for the last 15 minutes from user <IP> |
| Retrieve a list of page events for a specific user, domain, and traffic type | show me Netskope page events that occurred in the last 15 minutes from user <IP address> to domain <domain> that is user generated with the traffic type being web |
| Retrieve a list of alerts for the last 90 minutes that aren't yet acknowledged | show me Netskope alerts for the last 90 minutes and only show alerts that are not hacked |
Troubleshoot the Netskope plugin
Errors occur
If you encounter errors, such as Couldn't complete your request, or An unknown error occurred | Make sure the plugin is turned on. If the issue persists, sign out of Security Copilot, and then sign back in.
Prompts aren't invoking the correct capabilities
If prompts aren't invoking the correct capabilities, or prompts are invoking some other capability set, you might have custom plugins or other plugins that have similar functionality as the capability set you want to use.
Timestamp Support
To filter data to a specific time frame, this plugin requires timestamps in Epoch/UNIX format. To retrieve the relevant time frame in the correct format, use a service such as https://epochconverter.com or https://unixtime.org.
Provide feedback
To provide feedback, contact Netskope.