Netskope Security V1

the netskope connector uses the netskope api to manage events, alerts, reports, and policies prerequisites the netskope connector requires a tenant instance and an api token capabilities the netskope connector provides the following capabilities acknowledge anomalies get reports data ingest alerts ingest events update url list update file hash list configurations netskope v1 authentication netskope v1 authentication configuration parameters parameter description type required url a url to the target host string required token api token string required actions get alerts returns alerts generated by netskope, including policy, dlp, and watch list alerts endpoint url api/v1/alerts method post input argument name type required description parameters starttime string required parameters for the get alerts action parameters endtime string required parameters for the get alerts action parameters query string optional parameters for the get alerts action parameters type string optional parameters for the get alerts action parameters acked boolean optional parameters for the get alerts action parameters timeperiod number optional parameters for the get alerts action parameters insertionstarttime string optional parameters for the get alerts action parameters insertionendtime string optional parameters for the get alerts action parameters limit number optional parameters for the get alerts action parameters skip number optional parameters for the get alerts action parameters unsorted boolean optional parameters for the get alerts action input example {"parameters" {"starttime" "0000000000","endtime" "1673624111","query" "alert name like 'test'","type" "anomaly","acked"\ true,"timeperiod" 3600,"insertionstarttime" "1673624111","insertionendtime" "1673624111","limit" 10000,"skip" 4,"unsorted"\ false}} output parameter type description status code number http status code of the response reason string response reason phrase status string status value msg string output field msg data array response data output example {"status" "active","msg" "string","data" \["string"]} get events returns events extracted from saas traffic and or logs endpoint url api/v1/events method post input argument name type required description parameters starttime string required parameters for the get events action parameters endtime string required parameters for the get events action parameters query string optional parameters for the get events action parameters type string required parameters for the get events action parameters timeperiod number optional parameters for the get events action parameters insertionstarttime string optional parameters for the get events action parameters insertionendtime string optional parameters for the get events action parameters limit number optional parameters for the get events action parameters skip number optional parameters for the get events action parameters unsorted boolean optional parameters for the get events action input example {"parameters" {"starttime" "0000000000","endtime" "1673624111","query" "alert name like 'test'","type" "anomaly","timeperiod" 3600,"insertionstarttime" "1673624111","insertionendtime" "1673624111","limit" 10000,"skip" 4,"unsorted"\ false}} output parameter type description status code number http status code of the response reason string response reason phrase status string status value msg string output field msg data array response data data id string response data data insertion epoch timestamp number response data data access method string response data data app string response data data appcategory string response data data bypass reason string response data data bypass traffic string response data data category string response data data cci number response data data ccl string response data data connection id number response data data count number response data data domain string response data data dst country string response data data dst geoip src number response data data dst latitude number response data data dst location string response data data dst longitude number response data data dst region string response data data dst timezone string response data output example {"status" "active","msg" "string","data" \[{" id" "string"," insertion epoch timestamp" 123,"access method" "string","app" "string","appcategory" "string","bypass reason" "string","bypass traffic" "string","category" "string","cci" 123,"ccl" "string","connection id" 123,"count" 123,"domain" "string","dst country" "string","dst geoip src" 123}]} update a file hash list updates the file hash list with the values provided this replaces the existing values with the new values, so include the existing values you want to keep in the list endpoint url api/v1/updatefilehashlist method post input argument name type required description parameters name string required parameters for the update a file hash list action parameters list string required parameters for the update a file hash list action input example {"parameters" {"name" "aarav test final","list" "e28eb9739b6e84d0f796e3acc0f5b71e"}} output parameter type description status code number http status code of the response reason string response reason phrase status string status value msg string output field msg output example {"status code" 200,"response headers" {"server" "nginx","date" "mon, 16 jan 2023 16 48 02 gmt","content type" "application/json; charset=utf 8","content length" "69","connection" "keep alive","set cookie" "ci session=zez1nlubs48iyoswkv9tfr%2cyjmtsq4mv; path=/; secure; httponly, ci sess ","expires" "thu, 19 nov 1981 08 52 00 gmt","cache control" "no store, no cache, must revalidate","pragma" "no cache","content security policy" "connect src 'self' http // 3gl net mapbox com ; default src 'se get reports data returns the result of a report generated on one of the fields in the summarization database endpoint url api/v1/report method post input argument name type required description parameters type string required parameters for the get reports data action parameters starttime string required parameters for the get reports data action parameters endtime string required parameters for the get reports data action parameters groupby string required parameters for the get reports data action parameters query string optional parameters for the get reports data action parameters timeperiod number optional parameters for the get reports data action parameters limit number optional parameters for the get reports data action parameters skip number optional parameters for the get reports data action input example {"parameters" {"type" "application","starttime" "0000000000","endtime" "1673624111","groupby" "application","query" "alert type eq dlp","timeperiod" 3600,"limit" 3,"skip" 1}} output parameter type description status code number http status code of the response reason string response reason phrase status string status value msg string output field msg data array response data data count number response data data app string response data output example {"status code" 200,"response headers" {"server" "nginx","date" "mon, 16 jan 2023 16 24 00 gmt","content type" "application/json; charset=utf 8","content length" "139","connection" "keep alive","set cookie" "ci session=4kmfgxq7a%2chgjxxfkjhy655mfqxeldds; path=/; secure; httponly, ci sess ","expires" "thu, 19 nov 1981 08 52 00 gmt","cache control" "no store, no cache, must revalidate","pragma" "no cache","content security policy" "connect src 'self' http // 3gl net mapbox com ; default src 's update a url list updates the url list with the values provided this replaces the existing values with the new values, so include the existing values you want to keep in the list endpoint url api/v1/updateurllist method post input argument name type required description parameters name string required parameters for the update a url list action parameters list string required parameters for the update a url list action input example {"parameters" {"name" "2133213","list" "cedefaultpush io"}} output parameter type description status code number http status code of the response reason string response reason phrase status string status value msg string output field msg output example {"status code" 200,"response headers" {"server" "nginx","date" "mon, 16 jan 2023 16 59 52 gmt","content type" "application/json; charset=utf 8","content length" "58","connection" "keep alive","set cookie" "ci session=zeueorbjlulzs7qgvtzgwpexaknz4w9a; path=/; secure; httponly, ci sessio ","expires" "thu, 19 nov 1981 08 52 00 gmt","cache control" "no store, no cache, must revalidate","pragma" "no cache","content security policy" "connect src 'self' http // 3gl net mapbox com ; default src 'se response headers header description example cache control directives for caching mechanisms no store, no cache, must revalidate connection http response header connection keep alive content encoding http response header content encoding content length the length of the response body in bytes 139 content security policy http response header content security policy connect src 'self' http // 3gl net mapbox com ; default src 'self' blob https //analytics alliances goskope com ; img src 'self' data mapbox com ;object src 'none'; script src 'self' 'unsafe inline' 'unsafe eval' blob http // 3gl net; style src 'self' 'unsafe inline' https //fonts googleapis com ; font src 'self' https //fonts gstatic com https //netdna bootstrapcdn com data ; content type the media type of the resource application/json date the date and time at which the message was originated thu, 01 jan 2024 00 00 00 gmt expires the date/time after which the response is considered stale thu, 19 nov 1981 08 52 00 gmt pragma http response header pragma no cache server information about the software used by the origin server nginx set cookie http response header set cookie ci session=4kmfgxq7a%2chgjxxfkjhy655mfqxeldds; path=/; secure; httponly, ci session=deleted; expires=thu, 01 jan 1970 00 00 01 gmt; max age=0; path=/; secure; httponly strict transport security http response header strict transport security max age=31536000; includesubdomains transfer encoding http response header transfer encoding vary http response header vary x content type options http response header x content type options nosniff x frame options http response header x frame options deny, deny x xss protection http response header x xss protection 1; mode=block