Skip to main content

Netskope Help

Analyze and report on using corporate credentials on non-sanctioned apps

To obtain a report on users using corporate credentials on non-sanctioned applications, the following query can be used in the query box in Skope IT > Alerts :

user like '<<Corporate domain>>’ and app-cci-app-tag neq 'Sanctioned'

This query will provide a list of users who are using corporate credentials to access unsanctioned applications. The results of this query will be displayed in the UI and can be exported for offline analysis.

To view the instances of the applications that were being accessed, select ‘Instance ID’ field from the list of options (gear box in the right corner).

vrp_inline_monitoring_use_case_9.jpg

To learn more: Skope IT Queries Library and Skope IT Query Language Search Examples