The Netskope App for Security Incident Responder is designed to simplify workflows for incident response teams when working with findings from Netskope by facilitating and automating ticket enrichment and investigating alerts generated inside Netskope. Through these improved workflows, security operations teams can:
-
Reduce time to respond to incidents and alerts through ticket creation automation and enrichment delivered by Netskope One
-
Usher in email or coaching to any user triggering on any type of alert, including those from API protections. This provides more choices on outcomes beyond a Allow or Block.
-
Investigate and respond from a single source of truth, with fewer alerts and operational costs to work with Netskope + ServiceNow
- Add an URL/IP/Domain from a Netskope Custom URL list.
-
Can add the added URL/IP/Domain under the specific incident.
-
Entries are periodically removed from the list in accordance with their expiration value.
-
All the categories of the alerts can be pulled from the Netskope.
-
Create a security incident based on any/one Netskope alert(Except DLP) pattern.
-
Fetch different applications and their corresponding CCI scores from Netskope.
-
Sandbox report requests can support the scanning for the .exe file upto 16 mb.
-
Filescan reports can be requested after completion of the scans.
-
Fetch the UCI scores for the different users on the basis of the UBA Alerts from Netskope
- Alerts can be mapped to any selected table from data ingestion profile configuration.
Provided support for Xanadu and Yokohama version compatibility.
Provided support to dynamically map the alerts to any table.
Netskope Tenant