Netskope Security V2

netskope v2 api the netskope security v2 connector enables seamless integration with the netskope platform, allowing for the automation of security monitoring and event management netskope security v2 is a comprehensive cloud security solution that provides visibility and real time data and threat protection when accessing cloud services, websites, and private apps from anywhere, on any device the netskope security v2 connector for swimlane turbine enables users to automate the retrieval and management of security events, audit logs, application and network events, and url lists directly within the swimlane platform by integrating with netskope security v2, swimlane turbine users can enhance their security posture with streamlined incident response, improved threat detection, and enriched security event context, all while minimizing manual intervention prerequisites to effectively utilize the netskope security v2 connector within swimlane turbine, ensure you have the following api key authentication with the necessary parameters url endpoint for the netskope security v2 api api key unique identifier to authenticate requests to netskope security v2 capabilities this connector provides the following capabilities ingest events manage url lists action setup for even ingestion actions, you will need to provide either start time and end time , or insertion start time and insertion end time you can use relative datetimes for these inputs relative datetime format for the current time now any other time (+/ )(integer) (milliseconds|seconds|minutes|days|weeks|months|years) examples now 1 months +3 days 123 seconds configurations api key authentication authenticates using an api key configuration parameters parameter description type required url a url to the target host string required netskope api token api key string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions get alerts fetches a list of alerts from netskope security v2, providing an overview of detected security incidents endpoint url api/v2/events/data/alert method get input argument name type required description parameters type string optional parameters for the get alerts action parameters acked string optional parameters for the get alerts action parameters query string optional parameters for the get alerts action parameters limit number optional parameters for the get alerts action parameters offset number optional parameters for the get alerts action parameters starttime number optional parameters for the get alerts action parameters endtime number optional parameters for the get alerts action parameters insertionstarttime number optional parameters for the get alerts action parameters insertionendtime number optional parameters for the get alerts action input example {"parameters" {"starttime" 1611091927,"endtime" 1671474727,"limit" 1}} output parameter type description status code number http status code of the response reason string response reason phrase ok number output field ok result array result of the operation result category id string unique identifier result category tags array result of the operation result correlation id string unique identifier result ef received at number result of the operation result enriched boolean result of the operation result event id string unique identifier result forwarded by string result of the operation result gef src dp string result of the operation result id string unique identifier result insertion epoch timestamp number result of the operation result raw event inserted at number result of the operation result service identifier string unique identifier result session begin string result of the operation result skip geoip lookup string result of the operation result access method string http method to use result acked string result of the operation result action string result of the operation result activity string result of the operation result alert string result of the operation result alert id string unique identifier result alert name string name of the resource output example {"ok" 123,"result" \[{" category id" "string"," category tags" \[]," correlation id" "string"," ef received at" 123," enriched"\ true," event id" "string"," forwarded by" "string"," gef src dp" "string"," id" "string"," insertion epoch timestamp" 123," raw event inserted at" 123," service identifier" "string"," session begin" "string"," skip geoip lookup" "string","access method" "string"}]} get application events retrieve event data for applications from netskope security v2, including user activity and security incidents endpoint url api/v2/events/data/application method get input argument name type required description parameters query string optional parameters for the get application events action parameters limit number optional parameters for the get application events action parameters offset number optional parameters for the get application events action parameters starttime number optional parameters for the get application events action parameters endtime number optional parameters for the get application events action parameters insertionstarttime number optional parameters for the get application events action parameters insertionendtime number optional parameters for the get application events action input example {"parameters" {"query" "string","limit" 123,"offset" 123,"starttime" 123,"endtime" 123,"insertionstarttime" 123,"insertionendtime" 123}} output parameter type description status code number http status code of the response reason string response reason phrase ok number output field ok result array result of the operation result user space id string unique identifier result user space name string name of the resource result category id string unique identifier result correlation id string unique identifier result ef received at number result of the operation result event id string unique identifier result forwarded by string result of the operation result gef src dp string result of the operation result id string unique identifier result insertion epoch timestamp number result of the operation result raw event inserted at number result of the operation result service identifier string unique identifier result session begin number result of the operation result access method string http method to use result action string result of the operation result activity string result of the operation result alert string result of the operation result app string result of the operation result app category string result of the operation result appcategory string result of the operation result browser string result of the operation output example {"status code" 200,"response headers" {"server" "nginx","date" "mon, 19 dec 2022 18 41 35 gmt","content type" "application/json","transfer encoding" "chunked","connection" "keep alive","vary" "accept encoding","ratelimit reset" "1","x ratelimit remaining second" "3","x ratelimit limit second" "4","ratelimit limit" "4","ratelimit remaining" "3","x kong upstream latency" "438","x kong proxy latency" "18","via" "kong/2 8 1 2 enterprise edition","content encoding" "gzip"},"reason" "ok","json body" { get audit events retrieve a list of audit events from netskope security v2, including user activities and policy violations endpoint url api/v2/events/data/audit method get input argument name type required description parameters query string optional parameters for the get audit events action parameters limit number optional parameters for the get audit events action parameters offset number optional parameters for the get audit events action parameters starttime number optional parameters for the get audit events action parameters endtime number optional parameters for the get audit events action parameters insertionstarttime number optional parameters for the get audit events action parameters insertionendtime number optional parameters for the get audit events action input example {"parameters" {"query" "string","limit" 123,"offset" 123,"starttime" 123,"endtime" 123,"insertionstarttime" 123,"insertionendtime" 123}} output parameter type description status code number http status code of the response reason string response reason phrase ok number output field ok result array result of the operation result is netskope personnel boolean result of the operation result type string type of the resource result timestamp number result of the operation result user string result of the operation result supporting data object response data result supporting data data values array response data result supporting data data type string response data result severity level number result of the operation result audit log event string result of the operation result organization unit string result of the operation result ur normalized string result of the operation result ccl string result of the operation result count number result of the operation result insertion epoch timestamp number result of the operation result id string unique identifier analyze result boolean result of the operation output example {"status code" 200,"response headers" {"server" "nginx","date" "mon, 19 dec 2022 18 45 04 gmt","content type" "application/json","transfer encoding" "chunked","connection" "keep alive","vary" "accept encoding","ratelimit reset" "1","x ratelimit remaining second" "3","x ratelimit limit second" "4","ratelimit remaining" "3","ratelimit limit" "4","x kong upstream latency" "17","x kong proxy latency" "16","via" "kong/2 8 1 2 enterprise edition","content encoding" "gzip"},"reason" "ok","json body" {" get infrastructure events retrieve infrastructure related events from netskope security v2 for analysis and monitoring endpoint url api/v2/events/data/infrastructure method get input argument name type required description parameters query string optional parameters for the get infrastructure events action parameters limit number optional parameters for the get infrastructure events action parameters offset number optional parameters for the get infrastructure events action parameters starttime number optional parameters for the get infrastructure events action parameters endtime number optional parameters for the get infrastructure events action parameters insertionstarttime number optional parameters for the get infrastructure events action parameters insertionendtime number optional parameters for the get infrastructure events action input example {"parameters" {"query" "string","limit" 123,"offset" 123,"starttime" 123,"endtime" 123,"insertionstarttime" 123,"insertionendtime" 123}} output parameter type description status code number http status code of the response reason string response reason phrase ok number output field ok result array result of the operation result file name string name of the resource result file string result of the operation analyze result boolean result of the operation output example {"status code" 200,"response headers" {"server" "nginx","date" "mon, 19 dec 2022 18 47 03 gmt","content type" "application/json","content length" "48","connection" "keep alive","ratelimit remaining" "3","ratelimit limit" "4","x ratelimit remaining second" "3","x ratelimit limit second" "4","ratelimit reset" "1","x kong upstream latency" "52","x kong proxy latency" "21","via" "kong/2 8 1 2 enterprise edition","strict transport security" "max age=31536000; includesubdomains","x frame options" "den get network events retrieve network events from netskope security v2, providing insights into traffic patterns and security threats endpoint url api/v2/events/data/network method get input argument name type required description parameters query string optional parameters for the get network events action parameters limit number optional parameters for the get network events action parameters offset number optional parameters for the get network events action parameters starttime number optional parameters for the get network events action parameters endtime number optional parameters for the get network events action parameters insertionstarttime number optional parameters for the get network events action parameters insertionendtime number optional parameters for the get network events action input example {"parameters" {"query" "string","limit" 123,"offset" 123,"starttime" 123,"endtime" 123,"insertionstarttime" 123,"insertionendtime" 123}} output parameter type description status code number http status code of the response reason string response reason phrase ok number output field ok result array result of the operation result correlation id string unique identifier result ef received at number result of the operation result event id string unique identifier result forwarded by string result of the operation result gef src dp string result of the operation result id string unique identifier result insertion epoch timestamp number result of the operation result raw event inserted at number result of the operation result service identifier string unique identifier result access method string http method to use result action string result of the operation result app string result of the operation result appcategory string result of the operation result category string result of the operation result cci number result of the operation result ccl string result of the operation result client bytes number result of the operation result client packets number result of the operation result count number result of the operation result device string result of the operation result domain string result of the operation output example {"status code" 200,"response headers" {"server" "nginx","date" "mon, 19 dec 2022 18 49 08 gmt","content type" "application/json","transfer encoding" "chunked","connection" "keep alive","vary" "accept encoding","ratelimit reset" "1","x ratelimit remaining second" "3","x ratelimit limit second" "4","ratelimit limit" "4","ratelimit remaining" "3","x kong upstream latency" "2050","x kong proxy latency" "16","via" "kong/2 8 1 2 enterprise edition","content encoding" "gzip"},"reason" "ok","json body" get page events fetches a list of page events from netskope security v2, providing insights into user activity and traffic events endpoint url api/v2/events/data/page method get input argument name type required description parameters query string optional parameters for the get page events action parameters limit number optional parameters for the get page events action parameters offset number optional parameters for the get page events action parameters starttime number optional parameters for the get page events action parameters endtime number optional parameters for the get page events action parameters insertionstarttime number optional parameters for the get page events action parameters insertionendtime number optional parameters for the get page events action input example {"parameters" {"query" "string","limit" 123,"offset" 123,"starttime" 123,"endtime" 123,"insertionstarttime" 123,"insertionendtime" 123}} output parameter type description status code number http status code of the response reason string response reason phrase ok number output field ok result array result of the operation result category id string unique identifier result correlation id string unique identifier result ef received at number result of the operation result event id string unique identifier result forwarded by string result of the operation result gef src dp string result of the operation result id string unique identifier result insertion epoch timestamp number result of the operation result nshostname string name of the resource result raw event inserted at number result of the operation result service identifier string unique identifier result skip geoip lookup string result of the operation result src epoch now number result of the operation result access method string http method to use result app string result of the operation result appcategory string result of the operation result bypass reason string response reason phrase result bypass traffic string result of the operation result category string result of the operation result cci number result of the operation result ccl string result of the operation output example {"status code" 200,"response headers" {"server" "nginx","date" "mon, 19 dec 2022 18 50 47 gmt","content type" "application/json","transfer encoding" "chunked","connection" "keep alive","vary" "accept encoding","ratelimit reset" "1","x ratelimit remaining second" "3","x ratelimit limit second" "4","ratelimit limit" "4","ratelimit remaining" "3","x kong upstream latency" "734","x kong proxy latency" "36","via" "kong/2 8 1 2 enterprise edition","content encoding" "gzip"},"reason" "ok","json body" { get url list by id retrieves a specific url list from netskope security v2 using the unique identifier provided endpoint url api/v2/policy/urllist/{{id}} method get input argument name type required description path parameters id number required parameters for the get url list by id action input example {"path parameters" {"id" 1}} output parameter type description status code number http status code of the response reason string response reason phrase id number unique identifier name string name of the resource data object response data data urls array response data data type string response data data json version number response data modify by string output field modify by modify time string time value modify type string type of the resource pending number output field pending output example {"status code" 200,"response headers" {"server" "nginx","date" "mon, 19 dec 2022 18 54 33 gmt","content type" "application/json; charset=utf 8","content length" "251","connection" "keep alive","ratelimit reset" "1","x ratelimit remaining second" "3","x ratelimit limit second" "4","ratelimit remaining" "3","ratelimit limit" "4","x xss protection" "0","x netskope trid" "c55eud9rrs13cva465e0","etag" "w/\\"fb goyynle56yfsbz0ly8ru3p8ddjc\\"","content security policy" "default src 'self';base uri 'self' patch url list apply patches to a specified url list in netskope security v2 using the list's id and action parameters endpoint url api/v2/policy/urllist/{{id}}/{{action}} method patch input argument name type required description path parameters id number required parameters for the patch url list action path parameters action string required parameters for the patch url list action name string optional name of the resource data object optional response data data urls array optional response data data type string optional response data input example {"json body" {"name" "test456795","data" {"urls" \["www test com"],"type" "exact"}},"path parameters" {"id" 1,"action" "append"}} output parameter type description status code number http status code of the response reason string response reason phrase id number unique identifier name string name of the resource data object response data data urls array response data data type string response data data json version number response data modify by string output field modify by modify time string time value modify type string type of the resource pending number output field pending output example {"status code" 200,"response headers" {"server" "nginx","date" "mon, 19 dec 2022 19 01 30 gmt","content type" "application/json; charset=utf 8","content length" "251","connection" "keep alive","ratelimit remaining" "3","ratelimit limit" "4","x ratelimit remaining second" "3","x ratelimit limit second" "4","ratelimit reset" "1","x frame options" "sameorigin, deny","strict transport security" "max age=15552000; includesubdomains, max age=31536000; includesubdomains","x download options" "noopen"," response headers header description example connection http response header connection keep alive content encoding http response header content encoding gzip content length the length of the response body in bytes 251 content security policy http response header content security policy default src 'self';base uri 'self';block all mixed content;font src 'self' https data ;frame ancestors 'self';img src 'self' data ;object src 'none';script src 'self';script src attr 'none';style src 'self' https 'unsafe inline';upgrade insecure requests content type the media type of the resource application/json date the date and time at which the message was originated thu, 01 jan 2024 00 00 00 gmt etag an identifier for a specific version of a resource w/"fb goyynle56yfsbz0ly8ru3p8ddjc" expect ct http response header expect ct max age=0 ratelimit limit http response header ratelimit limit 4 ratelimit remaining http response header ratelimit remaining 3 ratelimit reset http response header ratelimit reset 1 referrer policy http response header referrer policy no referrer server information about the software used by the origin server nginx strict transport security http response header strict transport security max age=31536000; includesubdomains transfer encoding http response header transfer encoding chunked vary http response header vary accept encoding via http response header via kong/2 8 1 2 enterprise edition x content type options http response header x content type options nosniff x dns prefetch control http response header x dns prefetch control off x download options http response header x download options noopen x frame options http response header x frame options sameorigin, deny x kong proxy latency http response header x kong proxy latency 36 x kong upstream latency http response header x kong upstream latency 52 x netskope trid http response header x netskope trid c55eud9rrs13cva465e0 x permitted cross domain policies http response header x permitted cross domain policies none x ratelimit limit second http response header x ratelimit limit second 4 x ratelimit remaining second http response header x ratelimit remaining second 3 x xss protection http response header x xss protection 0