Creating a Cloud App Definition
When you create a Cloud App Definition and choose From Predefined App, Universal Connector, or Custom Connector, it takes precedence over any predefined apps with the same domain. If you choose Custom Connector, it takes precedence over other App Definitions, including any predefined app connectors with the same domains. For example, if you create a custom connector for the LinkedIn app with all the app domains, all traffic for the app only hits the custom app connector.
The first step in this procedure only applies if you have Netskope Private Access. If so, you'll see Public Apps and Private Apps tabs on the App Definitions page; otherwise, you will not see the Public and Private Apps tabs. If you do not have Netskope Private Access, jump to step 2.
Click the Cloud Apps tab.
Click New App Definition Rule and select Cloud App.
Enter a meaningful app name in the Application Name field.
You can select the From Predefined App radio button if you are adding a custom URL and want to associate it with an existing application. Start typing the predefined application name in the Select Application search field, and the field will auto-populate with the predefined applications associated with your tenant. Traffic activity is determined based on the predefined app you select.
(Optional) You can select the Universal Connector radio button to associate it with a custom app definition. Traffic activity is determined based on the connector Netskope defines. Only limited activities are supported. Traffic activity with the universal connector is based on Netskope heuristics logic and a best-effort detection option. The universal connector can detect several activities for any cloud app (e.g., login, login out, form post, upload, download, and login successful).
Optionally, you can select the Custom Connector radio button if you want to create a custom app inline connector. You will define the mapping between traffic and activities. If you select this option, you must review the Add a Custom Connector and Plugin Installation sections below in this article.
Click Add App Activity to manually add activities or Import from File to import recorded app activities.
Click Add New Domain to add domains.
Note
Adding a custom app definition to an OU/Group steering configuration adds the custom app definition as managed in the OU/Group steering configuration and unmanaged in the default tenant configuration.
Enter the associated domain for the custom app definition. This must be a publicly available domain and URL. Do not include any internal domains and URLs that are not accessible from the Netskope proxy in the cloud.
Enter the path for each domain, like
/login
, etc.Click Add New Domains again to add more domains, if needed, or go to the next step.
Click Save to add the custom cloud app.
Plugin Installation
The prerequisite for creating custom connector app definitions is to install the Google Chrome extension (browser plugin). For security reasons Chrome only allows extension installation from the Chrome store. Since our extension is not developed for mass consumption but only for admins, it will not be published to the Chrome store. Therefore, you must be an admin to install Netskope's extension in Developer mode.
Go to Settings > Security Cloud Platform > Traffic Steering > App Definition, click New App Definition Rule, and then select Cloud App. Select the Custom Connector radio button under the Type section to access the extension plugin.
To install the Google Chrome extension:
Unzip the Netskope extension.
Go to
chrome://extensions/
and enable Developer mode in the top right corner of your browser.Click the Load unpacked extension button and provide a path for the Netskope extension directory.
All your custom applications are listed on this page with the following information:
Name of the custom application
Associated domains
Yes / No to indicate if the custom application is used in any steering configurations. You can safely delete a custom app definition if it's not used in any steering configurations or Real-time Protection policy.
Last modified date. You can sort in this column.
You can click the gears icon to customize the column view by unchecking any of the boxes to hide a column. By default, all columns are checked and visible.
Add a Custom Connector
You can create custom app definitions by using Netskope to tailor a custom app inline connector so that different activities selected by you can be detected and used for policy enforcement. You can choose and create one or many different custom inline connectors.
Note
You must contact Netskope Support to enable this feature for your tenant.
You will need to install a Chrome browser plugin. To get the plug-in, go to Google Webstore, or click the link in the Netskope UI after selecting Custom Connector. The plug-in is used to track usage of the custom application from the client side and record all the activities along with the associated URL information. Once the plugin is installed and the browser is refreshed / restarted you will see the Netskope App Activity Recorder icon in the upper right corner of your browser.
Click Start Recording to initiate the recording on the website where you would like to record app activities. To reduce noise, only requests from the active tab are recorded.
The entire recorded session should capture all the activities that are of concern. You can start and reset the recording by clicking the Netskope icon in the Active tab. Perform the activities you would like to record.
Click the Netskope icon in the active tab to view the recorded activities. Click the number to open the recorder window to view app activity details. Select activities for the records you need, and download them to a JSON file. The recorded saved files needs to be uploaded to your Netskope cloud tenant.
Go to Settings > Security Cloud Platform > Traffic Steering > App Definition, click New App Definition Rule, and then select Cloud App.
Enter a name, select Custom Connector, and then Import From File to add or replace your recorded files. When finished, click Create.
The Netskope platform parses the recorded file and makes it available for you to select as a custom app definition and enforce various policies. The following information is captured by the recording via the plugin:
Domain
HTTP method
URI path
URI params (key-value pairs)
Response code