Skip to main content

Netskope Help

Create a Next Generation SaaS Security Posture Rule

To create a Next Generation SaaS security posture rule:

  1. Log in to the Netskope tenant UI.

  2. Navigate to Policies > Security Posture. Then, click the Next Gen tab.

    The Security Posture page opens.

  3. Click theRules tab.

  4. Click New Rule.

    The New Custom Rule page opens.

  5. Under Rule Name, enter a rule name.

  6. Under Severity, select the rule severity from the drop-down list. The available options are Critical, High, Medium, and Low. Select the level of severity you want to assign to this rule.

  7. Under Definition, enter a rule definition using Netskope Governance Language (NGL). For information on NGL, see Custom Rules Using Netskope Governance Language.

    Note

    When you type a text inside the definition edit box, Netskope gives the NGL syntax along with auto suggestions for your reference.

    Alternatively, use the Import from Rule option to import and modify an existing rule.

    1. (Optional) On clicking Search In Inventory, Netskope searches this custom rule on the API-enable Protection > Security Posture (Next Gen) > Inventory page and lists the inventory impacted by this custom rule.

    2. Click Validate Definition to validate the rule and fix any syntax errors.

  8. Under the Category tab, specify the category, and sub-category. You can select from the following categories:

    • Compliance Standard: A compliance standard is a policy library of security best practices. It is organized into sections and controls. Each control is mapped to one or many rules. A rule includes Netskope Governance Language (NGL), a description of the rule, and a severity level.

      Note

      If you select the compliance standard category, specify:

      • Sub-Category: The name of the compliance standard, like CIS Benchmark v3.0.1, NIST-CSF, etc.

      • Section: The section of the document that describes the compliance standard.

      • Control: The section control of the document that describes the compliance standard.

    • Domain: In the context of Security Operations (SecOps), there are several well-known domains or categories that are commonly addressed to ensure a comprehensive security posture. These domains cover various aspects of security operations and help organizations in managing and responding to security incidents effectively.

    • MITRE ATT&CK: MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) is a globally recognized framework and knowledge base that helps organizations understand and categorize the tactics, techniques, and procedures (TTPs) used by cyber adversaries during various stages of a cyberattack.

    • Netskope Best Practices: These are Netskope-recommended rules for the supported SaaS apps.

  9. Click +Add to specify a new category that the rule must satisfy.

  10. (Optional) Under the Remediation tab and enter the manual remediation steps.

  11. (Optional) Under the Description tab and a short description of the custom rule.

  12. Click Save to save the rule.

    The rule is displayed in the Rules section of the Rules page.

  13. On the Security Posture page, click Apply Changes.