Configure Threat Exchange Sharing with your Netskope Tenant
You need to get the sharing information from Threat Exchange to use later when setting up a profile in the Netskope tenant. This informationis in the Threat Exchange module when you created a file hash share with a Netskope tenant as the Destination Configuration. You must have a Threat Exchange plugin and a sharing rule in order to push file hash information (or URL/IP addresses) to your Netskope tenant.
If you haven't already done so, create Threat Exchange sharing to use in your Netskope tenant. The Sharing configuration settings needed are:
Source configuration will be the plugin that provided the file hash.
Business rule will be the configured rule to be used to decide what data to share from the IoC database.
Destination configuration will be the plugin where the data is destined (different plugins have different abilities to ingest data from Threat Exchange).
Target dictates where the data will be stored in the destination system. In the Netskope tenant, the data is either pushed to a URL list or, in this workflow, a file hash list.
List Size specifies the maximum size of any file pushed by Threat Exchange. Netskope only supports a maximum file size of 8 MB to be sent via a single RESTful API (v1 only) or GUI upload workflows.
Default File Hash is no longer needed and can be ignored as of CE 3.1.
When finished, click Save.