Skip to content

netskopeoss/ta_cloud_exchange_plugins

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

342 Commits
Illumio
Illumio
 
 
Office365Endpoint
Office365Endpoint
 
 
SecLytics
SecLytics
 
 
alienvault
alienvault
 
 
amazon_security_lake
amazon_security_lake
 
 
anomali_threatstream
anomali_threatstream
 
 
api_sources
api_sources
 
 
arcsight
arcsight
 
 
aws_guardduty
aws_guardduty
 
 
aws_s3
aws_s3
 
 
aws_s3_events_alerts
aws_s3_events_alerts
 
 
aws_sqs
aws_sqs
 
 
azure_monitor
azure_monitor
 
 
azure_object_storage
azure_object_storage
 
 
azure_sentinel
azure_sentinel
 
 
azure_service_bus
azure_service_bus
 
 
beyondcorp
beyondcorp
 
 
carbon_black
carbon_black
 
 
chronicle_cls
chronicle_cls
 
 
cloudtrail
cloudtrail
 
 
commvault
commvault
 
 
crowdstrike
crowdstrike
 
 
crowdstrike_cre
crowdstrike_cre
 
 
crowdstrike_identity_protect
crowdstrike_identity_protect
 
 
crowdstrike_logscale
crowdstrike_logscale
 
 
cscc
cscc
 
 
cyberark_ure
cyberark_ure
 
 
cybereason
cybereason
 
 
datadog
datadog
 
 
digitalshadows
digitalshadows
 
 
disk
disk
 
 
elastic
elastic
 
 
elastic_ure
elastic_ure
 
 
external_website
external_website
 
 
extrahop
extrahop
 
 
feedly
feedly
 
 
github_dlp
github_dlp
 
 
google_cloud_storage_cls
google_cloud_storage_cls
 
 
halo_itsm
halo_itsm
 
 
harfanglab
harfanglab
 
 
ivanti_itsm
ivanti_itsm
 
 
jira_itsm
jira_itsm
 
 
kafka_cls
kafka_cls
 
 
ldap
ldap
 
 
log_rhythm
log_rhythm
 
 
logs_itsm
logs_itsm
 
 
mandiant
mandiant
 
 
mcas
mcas
 
 
mcas_cls
mcas_cls
 
 
microsoft_azure_AD
microsoft_azure_AD
 
 
microsoft_teams
microsoft_teams
 
 
microsoftdefender
microsoftdefender
 
 
mimecast
mimecast
 
 
mimecast_cre
mimecast_cre
 
 
misp
misp
 
 
notifier_itsm
notifier_itsm
 
 
okta_cre
okta_cre
 
 
palo_alto_networks_cortex_xdr
palo_alto_networks_cortex_xdr
 
 
palo_alto_networks_panorama
palo_alto_networks_panorama
 
 
proofpoint
proofpoint
 
 
proofpoint_cre
proofpoint_cre
 
 
qradar
qradar
 
 
rapid7
rapid7
 
 
secureworks
secureworks
 
 
security_advisor_cre
security_advisor_cre
 
 
security_scorecard
security_scorecard
 
 
sentinelone
sentinelone
 
 
servicenow
servicenow
 
 
servicenow_grc
servicenow_grc
 
 
servicenow_itsm
servicenow_itsm
 
 
skyhigh
skyhigh
 
 
solarwinds
solarwinds
 
 
sophos
sophos
 
 
stix_taxii
stix_taxii
 
 
syslog
syslog
 
 
third_party_trust_grc
third_party_trust_grc
 
 
thirdpartytrust
thirdpartytrust
 
 
threat_connect
threat_connect
 
 
tq_mw_netskope
tq_mw_netskope
 
 
trellix
trellix
 
 
trend_micro
trend_micro
 
 
viso_trust_are
viso_trust_are
 
 
webhook_cto
webhook_cto
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Netskope Cloud Exchange Plugins

An admin can configure plugins. Netskope Cloud Exchange (CE) comes with a library of supported plugins. In the case where the integration for desired product is not available, CE allows users to add their own Cloud Exchange plugin. Additionally, each plugin that is published as part of the CE has its own configuration guide that administrators can and should refer to.

When building a plugin the following guildelines need to be followed.

CTE [Plugin Name] v[Plugin Version] Plugin Guide

Description

<Add a brief description regarding this plugin guide understanding.>

Prerequisites

  • List down all the prerequisites as bullet points.

Connectivity to the following hosts

CE Version Compatibility

Netskope CE version x, version y

Product name and version (If applicable)

Plugin Scope

< One-liner description for the plugin workflow>

Type of data supported

Fetched indicator types URL(Domains,URLs, IPv4, IPv6), SHA256, MD5
Shared indicator types URL(Domains,URLs, IPv4, IPv6), SHA256, MD5

Mappings

Add a one-liner description explaining the purpose/use of mapping

Severity Mapping

Netskope CE Severity Third-Party Severity
Field 1 xyzfield1
Field 2 xyzfield1

Pull Mapping

Netskope CE Fields Third-Party field
Field 1 xyzfield1
Field 2 xyzfield1

Push Mapping

Netskope CE fields Third-Party fields
Field 1 xyzfield1
Field 2 xyzfield1

Permissions

  • Permission needed 1
  • Permission needed 2

API Details

List of APIs used

API Endpoint Method Use case
API Endpoint GET/POST API purpose

API Endpoint name

**Parameters: **(add in tabular format)

Pull Data

Example:

**API Endpoint: **<api endpoint>

**Method: **GET/POST

Parameters: if any

API Request Endpoint:

<api request>

Sample API Response:

Xyz
ABC

Performance Matrix

Description mentioning how to refer to this performance matrix

Stack details Size: Large

RAM: 32 GB

CPU: 16 Cores

Indicators fetched from third-party product ~X per minute
Indicators shared with third-party product ~X per minute

User Agent

The user-agent added in this plugin is in the following format netskope-ce-<ce_version>-<module>-<plugin_name>-<plugin_version>

Workflow

Briefly list all the points needed for the plugin. Check the CTE ThreatConnect plugin guide hosted on the Netskope docs for reference. https://docs.netskope.com/en/netskope-help/integrations-439794/netskope-cloud-exchange/threat-exchange-module/configure-3rd-party-threat-exchange-plugins/threatconnect-plugin-for-threat-exchange/

Configuration on Netskope Tenant

Follow the steps provided in the below document to configure the Netskope Tenant:

https://docs.netskope.com/en/netskope-help/integrations-439794/netskope-cloud-exchange/get-started-with-cloud-exchange/configure-netskope-tenants/

Follow the steps provided in the below document to configure the URL List on Netskope Tenant:

https://docs.netskope.com/en/netskope-help/data-security/real-time-protection/custom-category/url-lists/

Follow the steps provided in the below document in order to configure the Netskope plugin on Cloud Exchange.

https://docs.netskope.com/en/netskope-help/integrations-439794/netskope-cloud-exchange/get-started-with-cloud-exchange/configure-the-netskope-plugin-for-threat-exchange/

Configuration on <Third party product name>

Obtaining configuration parameter

  • Rename the title appropriately.
  • Add steps instructing users on enabling some settings that are a prerequisite to configuring the plugin.
  • Add necessary screenshots.

Configuration on Netskope CE

[Plugin Name] Plugin configuration

  • Add detailed steps along with screenshots.

Adding Business Rule

  • Steps with proper Screenshots.

Adding SIEM Mapping/Sharing/Queue/Actions

  • Steps with proper Screenshots.

Validation

Validate the Pull

  • Steps to verify pulling from Netskope CE with Screenshots.
  • Provide screenshots of pulled data for all supported IOC types.
  • Add Steps to verify the data pulled from a third-party platform.

Validate the Push

  • Steps to verify sharing/data ingestion with Screenshots from CE to Third Party.
  • Provide screenshots of pushed data for all supported IOC types.

Troubleshooting

  • Unable to pull data from Third-Party
  • Unable to push data to Third-Party
  • Point 3

Limitation

  • Point 1(if any)
  • Point 2(if any)

About

No description, website, or topics provided.

Resources

Readme

License

BSD-3-Clause license
Activity
Custom properties

Stars

3 stars

Watchers

5 watching

Forks

13 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 9

Languages