Skip to main content

Netskope Help

Configure Threat Exchange Sharing with your Netskope Tenant

You need to get the sharing information from Threat Exchange to use later when setting up a profile in the Netskope tenant. This informationis in the Threat Exchange module when you created a file hash share with a Netskope tenant as the Destination Configuration. You must have a Threat Exchange plugin and a sharing rule in order to push file hash information (or URL/IP addresses) to your Netskope tenant.

image6.png

If you haven't already done so, create Threat Exchange sharing to use in your Netskope tenant. The Sharing configuration settings needed are:

  • Source configuration will be the plugin that provided the file hash.

  • Business rule will be the configured rule to be used to decide what data to share from the IoC database.

  • Destination configuration will be the plugin where the data is destined (different plugins have different abilities to ingest data from Threat Exchange).

  • Target dictates where the data will be stored in the destination system. In the Netskope tenant, the data is either pushed to a URL list or, in this workflow, a file hash list.

  • List Size specifies the maximum size of any file pushed by Threat Exchange. Netskope only supports a maximum file size of 8 MB to be sent via a single RESTful API (v1 only) or GUI upload workflows.

  • Default File Hash is no longer needed and can be ignored as of CE 3.1.

When finished, click Save.