[ 1 Connect Netskope with Devo SOAR ] [ 2 Actions for NetBIOS ] [ 2.1 Get Alerts Data ] [ 2.1.1 Input Field ] [ 2.1.2 Output ] [ 3 Release Notes ]

Netskope, a global cybersecurity leader, is redefining cloud, data, and network security to help organizations apply zero trust principles to protect data.

Connect Netskope with Devo SOAR

A connection needs to be saved to use NetBIOS integration.

Navigate to Automations > Integrations.
Search for Netskope.
Click Details, then the + icon. Enter the required information in the following fields.
Label: Enter a connection name.
Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).
Remote Agent: Run this integration using the Devo SOAR Remote Agent.
Tenant Name: Tenant name for the netskope API. Example: 'ip12345'.
Token: Token for the netskope API.
After you've entered all the details, click Connect.

Actions for NetBIOS

Get Alerts Data

This endpoint returns alerts generated by Netskope.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name	Description	Required

Input Name	Description	Required
Operation	Jinja-templated text containing operation for data iterator server-defined pagination (next,head,tail,resend,epoch-timestamp)	Required
Netskope Alert Service Type	Select the netskope service that has generated alert.	Required
Index	Jinja-templated text containing a unique name to identify a specific iterator.	Optional

Output

JSON containing the following items:

``` {json}{ "_id":"string" "access_method": "string" "acked":"false" "action":"Detection" "activity":"Download" "alert":"yes" "alert_name":"string" "alert_type":string"Malware" "app":"test app" "app_name":"test app" "app_session_id":"id" "appcategory":string"Security" "browser":string"MSIE" "category":string"Security" "cci":string"" "ccl":string"" "connection_id":int0 "count":int1 "detection_engine":string"Netskope Threat Intelligence" "device":string"Windows Device" "device_classification":string"managed" "dst_country":string"IN" "file_category":string"Archive and Compressed" "file_id":string"id" "file_name":string"name.cab" "file_size":int33163365 "file_type":string"application" "hostname":string"host" "incident_id":id "instance":string"" "local_md5":string"md5" "local_sha256":string"sha" "malware_id":string"mlware id" "malware_name":string"Gen.Malware.Detect.By.StHeur" "malware_profile":string"1" "malware_severity":string"high" "malware_type":string"Trojan" "managed_app":string"no" "md5":string"md5" "ml_detection":string"" }


## Get Events Data

This API call returns events extracted from SaaS traffic and or logs.

### Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

| Input Name                   | Description                                                                                                                                          | Required |
| :--------------------------- | :--------------------------------------------------------------------------------------------------------------------------------------------------- | :------- |
| Operation                    | [Jinja-templated](doc:jinja-template) text containing operation for data iterator server-defined pagination (next,head,tail,resend,epoch-timestamp). | Required |
| Netskope Events Service Type | Select the event type generated by netskope.                                                                                                         | Required |
| Index                        | [Jinja-templated](doc:jinja-template) text containing a unique name to identify a specific iterator.                                                 | Optional |

### Output

JSON containing the following items:


``` {json}{
"_id":string"id"
"access_method":string"API Connector"
"acting_user":string"user"
"activity":string"Introspection Scan"
"app":string"Microsoft Office 365 Sharepoint Online"
"assignee":string"None"
"destination_app":string"onedrive"
"destination_instance_id":string"id"
"dlp_incident_id":id
"dlp_match_info":[...]1 item
"dlp_parent_id":id
"dst_location":string"location"
"exposure":string"external"
"file_lang":string"hindi"
"file_path":string"path"
"file_size":int2565542
"file_type":string"application/vnd.openxmlformats-officedocument.spre ..."
"from_user":string"user@user.com"
"instance":string"instance"
"instance_id":string"id"
"md5":string"md5"
"object":string"monitoring_tracker.xlsx"
"object_id":string"id"
"object_type":string"File"
"owner":string"owner"
"severity":string"Critical"
"site":string"sites/JJmonitoring"
"status":string"new"
"timestamp":int1698623914
"title":string"monitoring_tracker.xlsx"
"true_obj_category":string"Spreadsheet"
"true_obj_type":string"Microsoft Excel 2007 XML"
}

Release Notes

v1.0.0 - Initial release with Get Alerts Data and Get Events Data actions.