Netskope Security V2

netskope v2 api the netskope security v2 connector enables seamless integration with the netskope platform, allowing for the automation of security monitoring and event management netskope security v2 is a comprehensive cloud security solution that provides visibility and real time data and threat protection when accessing cloud services, websites, and private apps from anywhere, on any device the netskope security v2 connector for swimlane turbine enables users to automate the retrieval and management of security events, audit logs, application and network events, and url lists directly within the swimlane platform by integrating with netskope security v2, swimlane turbine users can enhance their security posture with streamlined incident response, improved threat detection, and enriched security event context, all while minimizing manual intervention prerequisites to effectively utilize the netskope security v2 connector within swimlane turbine, ensure you have the following api key authentication with the necessary parameters url endpoint for the netskope security v2 api api key unique identifier to authenticate requests to netskope security v2 capabilities this connector provides the following capabilities ingest events manage url lists action setup for even ingestion actions, you will need to provide either start time and end time , or insertion start time and insertion end time you can use relative datetimes for these inputs relative datetime format for the current time now any other time (+/ )(integer) (milliseconds|seconds|minutes|days|weeks|months|years) examples now 1 months +3 days 123 seconds configurations api key authentication authenticates using an api key configuration parameters parameter description type required url a url to the target host string required netskope api token api key string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions get alerts fetches a list of alerts from netskope security v2, providing an overview of detected security incidents endpoint url api/v2/events/data/alert method get input argument name type required description type string optional type of the resource acked string optional parameter for get alerts query string optional parameter for get alerts limit number optional parameter for get alerts offset number optional parameter for get alerts starttime number optional time value endtime number optional time value insertionstarttime number optional time value insertionendtime number optional time value output parameter type description status code number http status code of the response reason string response reason phrase ok number output field ok result array result of the operation category id string unique identifier category tags array output field category tags correlation id string unique identifier ef received at number output field ef received at enriched boolean output field enriched event id string unique identifier forwarded by string output field forwarded by gef src dp string output field gef src dp id string unique identifier insertion epoch timestamp number output field insertion epoch timestamp raw event inserted at number output field raw event inserted at service identifier string unique identifier session begin string output field session begin skip geoip lookup string output field skip geoip lookup access method string http method to use acked string output field acked action string output field action activity string output field activity alert string output field alert alert id string unique identifier alert name string name of the resource example \[ { "status code" 200, "response headers" { "content type" "application/json", "date" "thu, 01 jan 2024 00 00 00 gmt" }, "reason" "ok", "json body" { "ok" 123, "result" \[] } } ] get application events retrieve event data for applications from netskope security v2, including user activity and security incidents endpoint url api/v2/events/data/application method get input argument name type required description query string optional parameter for get application events limit number optional parameter for get application events offset number optional parameter for get application events starttime number optional time value endtime number optional time value insertionstarttime number optional time value insertionendtime number optional time value output parameter type description status code number http status code of the response reason string response reason phrase ok number output field ok result array result of the operation user space id string unique identifier user space name string name of the resource category id string unique identifier correlation id string unique identifier ef received at number output field ef received at event id string unique identifier forwarded by string output field forwarded by gef src dp string output field gef src dp id string unique identifier insertion epoch timestamp number output field insertion epoch timestamp raw event inserted at number output field raw event inserted at service identifier string unique identifier session begin number output field session begin access method string http method to use action string output field action activity string output field activity alert string output field alert app string output field app app category string output field app category appcategory string output field appcategory browser string output field browser example \[ { "status code" 200, "response headers" { "server" "nginx", "date" "mon, 19 dec 2022 18 41 35 gmt", "content type" "application/json", "transfer encoding" "chunked", "connection" "keep alive", "vary" "accept encoding", "ratelimit reset" "1", "x ratelimit remaining second" "3", "x ratelimit limit second" "4", "ratelimit limit" "4", "ratelimit remaining" "3", "x kong upstream latency" "438", "x kong proxy latency" "18", "via" "kong/2 8 1 2 enterprise edition", "content encoding" "gzip" }, "reason" "ok", "json body" { "ok" 1, "result" \[] } } ] get audit events retrieve a list of audit events from netskope security v2, including user activities and policy violations endpoint url api/v2/events/data/audit method get input argument name type required description query string optional parameter for get audit events limit number optional parameter for get audit events offset number optional parameter for get audit events starttime number optional time value endtime number optional time value insertionstarttime number optional time value insertionendtime number optional time value output parameter type description status code number http status code of the response reason string response reason phrase ok number output field ok result array result of the operation is netskope personnel boolean output field is netskope personnel type string type of the resource timestamp number output field timestamp user string output field user supporting data object response data data values array response data data type string response data severity level number output field severity level audit log event string output field audit log event organization unit string output field organization unit ur normalized string output field ur normalized ccl string output field ccl count number count value insertion epoch timestamp number output field insertion epoch timestamp id string unique identifier analyze result boolean result of the operation example \[ { "status code" 200, "response headers" { "server" "nginx", "date" "mon, 19 dec 2022 18 45 04 gmt", "content type" "application/json", "transfer encoding" "chunked", "connection" "keep alive", "vary" "accept encoding", "ratelimit reset" "1", "x ratelimit remaining second" "3", "x ratelimit limit second" "4", "ratelimit remaining" "3", "ratelimit limit" "4", "x kong upstream latency" "17", "x kong proxy latency" "16", "via" "kong/2 8 1 2 enterprise edition", "content encoding" "gzip" }, "reason" "ok", "json body" { "ok" 1, "result" \[], "analyze result" true } } ] get infrastructure events retrieve infrastructure related events from netskope security v2 for analysis and monitoring endpoint url api/v2/events/data/infrastructure method get input argument name type required description query string optional parameter for get infrastructure events limit number optional parameter for get infrastructure events offset number optional parameter for get infrastructure events starttime number optional time value endtime number optional time value insertionstarttime number optional time value insertionendtime number optional time value output parameter type description status code number http status code of the response reason string response reason phrase ok number output field ok result array result of the operation file name string name of the resource file string output field file analyze result boolean result of the operation example \[ { "status code" 200, "response headers" { "server" "nginx", "date" "mon, 19 dec 2022 18 47 03 gmt", "content type" "application/json", "content length" "48", "connection" "keep alive", "ratelimit remaining" "3", "ratelimit limit" "4", "x ratelimit remaining second" "3", "x ratelimit limit second" "4", "ratelimit reset" "1", "x kong upstream latency" "52", "x kong proxy latency" "21", "via" "kong/2 8 1 2 enterprise edition", "strict transport security" "max age=31536000; includesubdomains", "x frame options" "deny" }, "reason" "ok", "json body" { "ok" 1, "result" \[], "analyze result" false } } ] get network events retrieve network events from netskope security v2, providing insights into traffic patterns and security threats endpoint url api/v2/events/data/network method get input argument name type required description query string optional parameter for get network events limit number optional parameter for get network events offset number optional parameter for get network events starttime number optional time value endtime number optional time value insertionstarttime number optional time value insertionendtime number optional time value output parameter type description status code number http status code of the response reason string response reason phrase ok number output field ok result array result of the operation correlation id string unique identifier ef received at number output field ef received at event id string unique identifier forwarded by string output field forwarded by gef src dp string output field gef src dp id string unique identifier insertion epoch timestamp number output field insertion epoch timestamp raw event inserted at number output field raw event inserted at service identifier string unique identifier access method string http method to use action string output field action app string output field app appcategory string output field appcategory category string output field category cci number output field cci ccl string output field ccl client bytes number output field client bytes client packets number output field client packets count number count value device string output field device domain string output field domain example \[ { "status code" 200, "response headers" { "server" "nginx", "date" "mon, 19 dec 2022 18 49 08 gmt", "content type" "application/json", "transfer encoding" "chunked", "connection" "keep alive", "vary" "accept encoding", "ratelimit reset" "1", "x ratelimit remaining second" "3", "x ratelimit limit second" "4", "ratelimit limit" "4", "ratelimit remaining" "3", "x kong upstream latency" "2050", "x kong proxy latency" "16", "via" "kong/2 8 1 2 enterprise edition", "content encoding" "gzip" }, "reason" "ok", "json body" { "ok" 1, "result" \[] } } ] get page events fetches a list of page events from netskope security v2, providing insights into user activity and traffic events endpoint url api/v2/events/data/page method get input argument name type required description query string optional parameter for get page events limit number optional parameter for get page events offset number optional parameter for get page events starttime number optional time value endtime number optional time value insertionstarttime number optional time value insertionendtime number optional time value output parameter type description status code number http status code of the response reason string response reason phrase ok number output field ok result array result of the operation category id string unique identifier correlation id string unique identifier ef received at number output field ef received at event id string unique identifier forwarded by string output field forwarded by gef src dp string output field gef src dp id string unique identifier insertion epoch timestamp number output field insertion epoch timestamp nshostname string name of the resource raw event inserted at number output field raw event inserted at service identifier string unique identifier skip geoip lookup string output field skip geoip lookup src epoch now number output field src epoch now access method string http method to use app string output field app appcategory string output field appcategory bypass reason string response reason phrase bypass traffic string output field bypass traffic category string output field category cci number output field cci ccl string output field ccl example \[ { "status code" 200, "response headers" { "server" "nginx", "date" "mon, 19 dec 2022 18 50 47 gmt", "content type" "application/json", "transfer encoding" "chunked", "connection" "keep alive", "vary" "accept encoding", "ratelimit reset" "1", "x ratelimit remaining second" "3", "x ratelimit limit second" "4", "ratelimit limit" "4", "ratelimit remaining" "3", "x kong upstream latency" "734", "x kong proxy latency" "36", "via" "kong/2 8 1 2 enterprise edition", "content encoding" "gzip" }, "reason" "ok", "json body" { "ok" 1, "result" \[] } } ] get url list by id retrieves a specific url list from netskope security v2 using the unique identifier provided endpoint url api/v2/policy/urllist/{{id}} method get input argument name type required description id number required unique identifier output parameter type description status code number http status code of the response reason string response reason phrase id number unique identifier name string name of the resource data object response data urls array url endpoint for the request type string type of the resource json version number output field json version modify by string output field modify by modify time string time value modify type string type of the resource pending number output field pending example \[ { "status code" 200, "response headers" { "server" "nginx", "date" "mon, 19 dec 2022 18 54 33 gmt", "content type" "application/json; charset=utf 8", "content length" "251", "connection" "keep alive", "ratelimit reset" "1", "x ratelimit remaining second" "3", "x ratelimit limit second" "4", "ratelimit remaining" "3", "ratelimit limit" "4", "x xss protection" "0", "x netskope trid" "c55eud9rrs13cva465e0", "etag" "w/\\"fb goyynle56yfsbz0ly8ru3p8ddjc\\"", "content security policy" "default src 'self';base uri 'self';block all mixed content;font src 'self' https ", "x dns prefetch control" "off" }, "reason" "ok", "json body" { "id" 1, "name" "test1234567", "data" {}, "modify by" "api", "modify time" "2022 12 15t14 50 14 000z", "modify type" "edited", "pending" 0 } } ] patch url list apply patches to a specified url list in netskope security v2 using the list's id and action parameters endpoint url api/v2/policy/urllist/{{id}}/{{action}} method patch input argument name type required description id number required unique identifier action string required parameter for patch url list name string optional name of the resource data object optional response data urls array optional url endpoint for the request type string optional type of the resource output parameter type description status code number http status code of the response reason string response reason phrase id number unique identifier name string name of the resource data object response data urls array url endpoint for the request type string type of the resource json version number output field json version modify by string output field modify by modify time string time value modify type string type of the resource pending number output field pending example \[ { "status code" 200, "response headers" { "server" "nginx", "date" "mon, 19 dec 2022 19 01 30 gmt", "content type" "application/json; charset=utf 8", "content length" "251", "connection" "keep alive", "ratelimit remaining" "3", "ratelimit limit" "4", "x ratelimit remaining second" "3", "x ratelimit limit second" "4", "ratelimit reset" "1", "x frame options" "sameorigin, deny", "strict transport security" "max age=15552000; includesubdomains, max age=31536000; includesubdomains", "x download options" "noopen", "x content type options" "nosniff", "x permitted cross domain policies" "none" }, "reason" "ok", "json body" { "id" 1, "name" "test456795", "data" {}, "modify by" "api", "modify time" "2022 12 15", "modify type" "edited", "pending" 0 } } ] response headers header description example connection http response header connection keep alive content encoding http response header content encoding gzip content length the length of the response body in bytes 251 content security policy http response header content security policy default src 'self';base uri 'self';block all mixed content;font src 'self' https data ;frame ancestors 'self';img src 'self' data ;object src 'none';script src 'self';script src attr 'none';style src 'self' https 'unsafe inline';upgrade insecure requests content type the media type of the resource application/json; charset=utf 8 date the date and time at which the message was originated mon, 19 dec 2022 18 45 04 gmt etag an identifier for a specific version of a resource w/"fb thj3lya6fumbol97au3sfvcptky" expect ct http response header expect ct max age=0 ratelimit limit http response header ratelimit limit 4 ratelimit remaining http response header ratelimit remaining 3 ratelimit reset http response header ratelimit reset 1 referrer policy http response header referrer policy no referrer server information about the software used by the origin server nginx strict transport security http response header strict transport security max age=15552000; includesubdomains, max age=31536000; includesubdomains transfer encoding http response header transfer encoding chunked vary http response header vary accept encoding via http response header via kong/2 8 1 2 enterprise edition x content type options http response header x content type options nosniff x dns prefetch control http response header x dns prefetch control off x download options http response header x download options noopen x frame options http response header x frame options sameorigin, deny x kong proxy latency http response header x kong proxy latency 19 x kong upstream latency http response header x kong upstream latency 438 x netskope trid http response header x netskope trid c55f1j0ecgg30ik0b6fg x permitted cross domain policies http response header x permitted cross domain policies none