Configure 3rd-party Threat Exchange Plugins
Only admins and write-access users can configure 3rd-party Threat Exchange plugins. Threat Exchange comes with a library of supported plugins. Plugins can be easily configured to collect and share indicators related to file hashes of malicious software (malware) used in a Netskope DLP policy by following the plugin guide. Refer to the Threat Exchange Custom Plugin Developers Guide to understand how to build and upload a custom plugin.
You can also disable, enable, or delete existing plugin configurations. Threat Exchange can be configured with multiple plugins to the same system for different workflows from either the same Netskope tenant or multiple Netskope tenants.
Threat Exchange ONLY pulls the following IoC's when they are available:
Malicious file filehashes in MD5 or SHA256 format
URL: Depending on the nature of the plugin, these could be malicious URL, restricted URL, or allowed URL. The latter two would be for firewall, SWG, or CASB policy synchronization
IP addresses (CIDR): Depending on the nature of the plugin, these could be malicious IP, restricted IP, or allowed IP. The latter two would be for firewall, SWG, or CASB policy synchronization.