Netskope Security V1

the netskope connector uses the netskope api to manage events, alerts, reports, and policies prerequisites the netskope connector requires a tenant instance and an api token capabilities the netskope connector provides the following capabilities acknowledge anomalies get reports data ingest alerts ingest events update url list update file hash list configurations netskope v1 authentication netskope v1 authentication configuration parameters parameter description type required url a url to the target host string required token api token string required actions get alerts returns alerts generated by netskope, including policy, dlp, and watch list alerts endpoint url api/v1/alerts method post input argument name type required description starttime string required time value endtime string required time value query string optional parameter for get alerts type string optional type of the resource acked boolean optional parameter for get alerts timeperiod number optional parameter for get alerts insertionstarttime string optional time value insertionendtime string optional time value limit number optional parameter for get alerts skip number optional parameter for get alerts unsorted boolean optional parameter for get alerts output parameter type description status code number http status code of the response reason string response reason phrase status string status value msg string output field msg data array response data example \[ { "status code" 200, "response headers" { "content type" "application/json", "date" "thu, 01 jan 2024 00 00 00 gmt" }, "reason" "ok", "json body" { "status" "active", "msg" "string", "data" \[] } } ] get events returns events extracted from saas traffic and or logs endpoint url api/v1/events method post input argument name type required description starttime string required time value endtime string required time value query string optional parameter for get events type string required type of the resource timeperiod number optional parameter for get events insertionstarttime string optional time value insertionendtime string optional time value limit number optional parameter for get events skip number optional parameter for get events unsorted boolean optional parameter for get events output parameter type description status code number http status code of the response reason string response reason phrase status string status value msg string output field msg data array response data id string unique identifier insertion epoch timestamp number output field insertion epoch timestamp access method string http method to use app string output field app appcategory string output field appcategory bypass reason string response reason phrase bypass traffic string output field bypass traffic category string output field category cci number output field cci ccl string output field ccl connection id number unique identifier count number count value domain string output field domain dst country string output field dst country dst geoip src number output field dst geoip src dst latitude number output field dst latitude dst location string output field dst location dst longitude number output field dst longitude dst region string output field dst region dst timezone string output field dst timezone example \[ { "status code" 200, "response headers" { "content type" "application/json", "date" "thu, 01 jan 2024 00 00 00 gmt" }, "reason" "ok", "json body" { "status" "active", "msg" "string", "data" \[] } } ] update a file hash list updates the file hash list with the values provided this replaces the existing values with the new values, so include the existing values you want to keep in the list endpoint url api/v1/updatefilehashlist method post input argument name type required description name string required name of the resource list string required parameter for update a file hash list output parameter type description status code number http status code of the response reason string response reason phrase status string status value msg string output field msg example \[ { "status code" 200, "response headers" { "server" "nginx", "date" "mon, 16 jan 2023 16 48 02 gmt", "content type" "application/json; charset=utf 8", "content length" "69", "connection" "keep alive", "set cookie" "ci session=zez1nlubs48iyoswkv9tfr%2cyjmtsq4mv; path=/; secure; httponly, ci sess ", "expires" "thu, 19 nov 1981 08 52 00 gmt", "cache control" "no store, no cache, must revalidate", "pragma" "no cache", "content security policy" "connect src 'self' http // 3gl net mapbox com ; default src 'self' blob http ", "x frame options" "deny, deny", "x xss protection" "1; mode=block", "x content type options" "nosniff", "strict transport security" "max age=31536000; includesubdomains" }, "reason" "ok", "json body" { "status" "success", "msg" "file filter profile updated successfully" } } ] get reports data returns the result of a report generated on one of the fields in the summarization database endpoint url api/v1/report method post input argument name type required description type string required type of the resource starttime string required time value endtime string required time value groupby string required parameter for get reports data query string optional parameter for get reports data timeperiod number optional parameter for get reports data limit number optional parameter for get reports data skip number optional parameter for get reports data output parameter type description status code number http status code of the response reason string response reason phrase status string status value msg string output field msg data array response data count number count value app string output field app example \[ { "status code" 200, "response headers" { "server" "nginx", "date" "mon, 16 jan 2023 16 24 00 gmt", "content type" "application/json; charset=utf 8", "content length" "139", "connection" "keep alive", "set cookie" "ci session=4kmfgxq7a%2chgjxxfkjhy655mfqxeldds; path=/; secure; httponly, ci sess ", "expires" "thu, 19 nov 1981 08 52 00 gmt", "cache control" "no store, no cache, must revalidate", "pragma" "no cache", "content security policy" "connect src 'self' http // 3gl net mapbox com ; default src 'self' blob http ", "x frame options" "deny, deny", "x xss protection" "1; mode=block", "x content type options" "nosniff", "strict transport security" "max age=31536000; includesubdomains" }, "reason" "ok", "json body" { "status" "success", "msg" "", "data" \[] } } ] update a url list updates the url list with the values provided this replaces the existing values with the new values, so include the existing values you want to keep in the list endpoint url api/v1/updateurllist method post input argument name type required description name string required name of the resource list string required parameter for update a url list output parameter type description status code number http status code of the response reason string response reason phrase status string status value msg string output field msg example \[ { "status code" 200, "response headers" { "server" "nginx", "date" "mon, 16 jan 2023 16 59 52 gmt", "content type" "application/json; charset=utf 8", "content length" "58", "connection" "keep alive", "set cookie" "ci session=zeueorbjlulzs7qgvtzgwpexaknz4w9a; path=/; secure; httponly, ci sessio ", "expires" "thu, 19 nov 1981 08 52 00 gmt", "cache control" "no store, no cache, must revalidate", "pragma" "no cache", "content security policy" "connect src 'self' http // 3gl net mapbox com ; default src 'self' blob http ", "x frame options" "deny, deny", "x xss protection" "1; mode=block", "x content type options" "nosniff", "strict transport security" "max age=31536000; includesubdomains" }, "reason" "ok", "json body" { "status" "success", "msg" "url list updated successfully" } } ] response headers header description example cache control directives for caching mechanisms no store, no cache, must revalidate connection http response header connection keep alive content encoding http response header content encoding content length the length of the response body in bytes 69 content security policy http response header content security policy connect src 'self' http // 3gl net mapbox com ; default src 'self' blob https //analytics alliances goskope com https //analytics alliances goskope com ; img src 'self' data mapbox com ;object src 'none'; script src 'self' 'unsafe inline' 'unsafe eval' blob http // 3gl net; style src 'self' 'unsafe inline' https //fonts googleapis com https //fonts googleapis com ; font src 'self' https //fonts gstatic com https //fonts gstatic com https //netdna bootstrapcdn com https //netdna bootstrapcdn com data ; content type the media type of the resource application/json; charset=utf 8 date the date and time at which the message was originated mon, 16 jan 2023 16 48 02 gmt expires the date/time after which the response is considered stale thu, 19 nov 1981 08 52 00 gmt pragma http response header pragma no cache server information about the software used by the origin server nginx set cookie http response header set cookie ci session=zez1nlubs48iyoswkv9tfr%2cyjmtsq4mv; path=/; secure; httponly, ci session=deleted; expires=thu, 01 jan 1970 00 00 01 gmt; max age=0; path=/; secure; httponly strict transport security http response header strict transport security max age=31536000; includesubdomains transfer encoding http response header transfer encoding vary http response header vary x content type options http response header x content type options nosniff x frame options http response header x frame options deny, deny x xss protection http response header x xss protection 1; mode=block