Skip to main content

Netskope Help

Device Classification with Tanium for Windows

The Netskope and Tanium integration enables joint customers to leverage Tanium’s high-fidelity endpoint data and user-friendly natural language search capabilities to determine if an endpoint’s overall posture equates to compliant, safe, or managed. These endpoint posture dispositions, determined either one-time or on a recurring basis, would drive a decision to have Netskope treat that endpoint differently than a non-compliant, risky, or unmanaged device. Utilizing adaptive policy controls, the user of that non-compliant device may not be able to download or upload files while the device is in a risky posture, but can still perform basic functions, such as browsing the web, sending email, etc.

Once Tanium finds the device to be compliant again, it can flag the endpoint enabling Netskope to determine its new state, match against the compliant policy, and in this example, let the user again move files around, knowing that the user is making those decisions, not a potentially compromised host.  

Of course, users can’t benefit from Netskope’s protection capabilities if it isn’t deployed or up-to-date. Leveraging Tanium’s software management and configuration management capabilities, you can ensure that the latest Netskope steering client is deployed, installed, and active on managed hosts.

Here's an illustration of how Netskope and Tanium work together.

Tanium-Netskope-Integration.png

Click play to watch a video about the Netskope and Tanium integration.

 
Integrate Tanium with Netskope for Windows
  1. Create the following Saved Questions:

    Saved Question Name

    Tanium Question

    Netskope Installed Windows

    Get Computer Name from all machines with Installed Applications contains Netskope Client

    Netskope Not Installed Windows

    Get Computer Name from all machines with ( Is Windows contains true and all Installed Applications not contains Netskope Client )

    Netskope Managed Windows

    Get Computer Name from all machines with Registry Value Data[HKEY_LOCAL_MACHINE\SOFTWARE\Netskope\Provisioning,Managed] contains 1

    Netskope Unmanaged Windows

    Get Computer Name from all machines with Registry Value Data[HKEY_LOCAL_MACHINE\SOFTWARE\Netskope\Provisioning,Managed] contains 0

    Netskope Running Windows

    Get Computer Name from all machines with Running Service contains Netskope Client Service

    Netskope Stopped Windows

    Get Computer Name from all machines with Stopped Service contains Netskope Client Service

    Note

    These Saved Questions can be organized under a Dashboard and Category for browsing in Interact or Home.

  2. Create the following Packages:

    Package Name

    Package Command

    Netskope Health - Managed

    cmd /c ..\..\TPython\TPython netskope_tanium_3_0_0.py -ns -s enable

    Netskope Health - Unmanaged

    cmd /c ..\..\TPython\TPython netskope_tanium_3_0_0.py -ns -s disable -v 0

    Netskope Installer Windows

    cmd /c msiexec /I NSClient_addon-<your tenant>.goskope.com_###_.msi

    Note

    Please contact your Netskope or Tanium Account Manager for client installation and python script package files.

  3. Create Scheduled Actions for Managed and Unmanaged Policies:

    1. Using Interact and a targeting Question that results in managed, compliant, or safe, select Deploy Action and pick the package Netskope Health – Managed.

    2. Using Interact and a targeting Question that results in unmanaged, non-compliant, or risky, select Deploy Action and pick the package Netskope Health – Unmanaged.

    Note

    See the following for an example targeting Question based on Tanium Patch compliance: https://community.tanium.com/s/article/Use-Tanium-Patch-data-to-determine-if-systems-are-out-of-compliance-with-SLAs

  4. Optional: Using Interact, run a targeting Question for Netskope Agent installation. Select Deploy Action and pick the Netskope Installer package created in step #2

  5. This data can also be visualized in Tanium Trends. Please contact your Technical Account Manager (TAM) for details.

  6. In the Netskope tenant go to Settings > Manage > Device Classification, click New Device Classification Rule, and then select Windows.

    Enter these parameters:

    • Enter a Rule Name.

    • Under Classification Criteria, select Registry.

    • Select HKEY_LOCAL_MACHINE, enter \SOFTWARE\Netskope\Provisioning for Key, and enter managed for Value.

    • Select Reg_SZ and enter 1 for Data.

    image2.png
  7. Click Save. A match on that registry value constitutes managed.

    image1.png