Explore the Dashboards
Both read and write access users can view the dashboards. The dashboards provide a high-level overview of each module and provide a view of overall user activity. The Home page has tabs for each of the enabled modules and provides system status information. The System Status dashboard appears by default as the home page after first logging into the Cloud Exchange.
System Status Dashboard
The System Status tab appears by default as the home page after first logging into the Cloud Exchange. The Service Status section shows all the services running on the system, with an appropriate Up and Down arrow based on active status. When the service is up, respective service status will have a green colored up arrow. When the service is down, respective service status will have a red colored down arrow.
Click the Refresh button in the top right corner to get the latest system and service status updates.
Warning Messages
If available disk space will reach below 35% then it will show following warning message in the UI. “You're running out of disk space on your host. The available disk space is {available_space}%. The new data pull from Netskope will be paused soon. Please free up your disk space or provide additional disk space to resume the pulling. Refer to the Netskope Cloud Exchange sizing recommendations.”
If available disk space will reach below 20% then the UI will display red banner warning with following message: “You're running out of disk space on your host. The available disk space ({available_space}%) is critically low. The new data pull from Netskope has been paused. You will have to free up the disk space or provision additional disk space to make the available disk space more than 35% of the total disk space to resume the pulling. Refer to the Netskope Cloud Exchange sizing recommendations.”
If the V2 API token has expired for the Netskope tenant, a red banner will appear with the following message: "The Netskope tenant API token has expired for <TENANT_NAME> generate the new token or re-issue the token and update the tenant configuration to resume communication between Netskope Tenant and Cloud Exchange."
If the V2 API token is revoked or deleted from the Netskope platform, or if the token does not have all the necessary privileges, the following error message will be displayed: "Netskope API token of <TENANT_NAME> has been revoked, deleted or has insufficient privileges to continue pulling alerts and events from Netskope. Please check the required privileges and ensure that your API token has the necessary permissions to access the required resources."
Note
After granting the necessary privileges to the API token, data pulling will resume, with a maximum delay of one hour.
When Cloud Exchange is unable to establish a connection with Netskope Analytics (https://reporting.netskope.tech), a yellow warning banner message will appear on the Cloud Exchange Settings Page with following message: “Unable to establish a connection with https://reporting.netskope.tech. Verify the network connectivity, proxy settings or firewall configurations to address the connectivity issues for enhanced product deployment and administration experience.”
Click the Log Shipper tab.
The Log Shipper Dashboard contains the following information:
Total Logs Sent to External Receiver: Based on the filter it shows the total number of logs sent.
All Time: Shows the total number of logs sent.
Last 10 Minutes: Shows total number of logs sent in the last 10 minutes.
Last 30 Minutes: Shows total number of logs sent in the last 30 minutes.
Last 60 Minutes: Shows total number of logs sent in the last 60 minutes.
Total WebTx Sent to External Receiver: Based on the filter it shows the WebTx bytes counts sent to sent to External receiver
All Time: Shows total number of webtx data sent in bytes.
Last 10 Minutes: Shows total number of webtx bytes count sent in the last 10 minutes.
Last 30 Minutes: Shows total number of webtx bytes count sent in the last 30 minutes.
Last 60 Minutes: Shows total number of webtx bytes count sent in the last 60 minutes.
Total Plugins: Shows the total number of configured plug-ins contributing ingestion of logs to CLS.
Logs WebTx Sent to External Receiver: Displays a pie chart showing the relative contribution of logs & webtx that were ingested
Plugin Status: Reflects the up (green up arrow) or down (red down arrow) state of configured plugins.
Click the Ticket Orchestrator tab to view overall user activity.
The Ticket Orchestrator Dashboard contains the following information:
Total Ticketing Sources: Shows the total number of configured and active plugins contributing ticketing events to Ticket Orchestrator.
Total Alerts Queried: Shows total active alerts in the Ticket Orchestrator database. Not every alert will create a ticket if the option to mute has been enabled.
Total Duplicate Alerts: Shows the number of duplicate alerts. Alerts that are shown here are being deduplicated automatically by Ticket Orchestrator.
Total Tickets Created: Shows the total number of tickets and/or notifications created by Ticket Orchestrator across all of the connected ticketing systems.
Overall Status Of Ticket: Shows the relative proportion of tickets in a pie chart.
Ticketing Sources Status: Shows the up (green up arrow) or down (red down arrow) state of configured plugins.
Recent Tickets: Shows the last 10 tickets Ticket Orchestrator created with the ITSM ticket ID, the Netskope alert type, the ticket status, and a link to browse to the ticket in the connected ITSM system. Only alerts that match a ticket flow will create a ticket.
Recent Alerts: Shows the list of ten (10) most recent alerts reported by the Netskope tenant, with alert name, the type of alert (one of 8 categories Netskope uses), and the associated event’s application category. For example, the widget shows that an alert matched a machine learning finding of an anomalous behavior associated with activity in a cloud storage SaaS application. Ticket Orchestrator is not a SIEM; more information can be found in the Netskope tenant Skope IT logs.
Threat Exchange is a rules-based engine for collecting and sharing indicators related to file hashes of malicious software (malware), file hashes of files used in Netskope DLP policy for absolute matching, or URLs used by plugged in systems for policy enforcement of restricted or allowed access.
The Threat Exchange Dashboard opens by default (when enabled) and contains the following information:
Total Threat Sources: Shows the total number of configured and active plugins contributing data to Threat Exchange.
Total Active Indicators: Shows the number of total active (not disabled) indicators in the Threat Exchange database.
Indicators Reported In Last 7 Days: Shows the number of active (not disabled) indicators delivered to Threat Exchange in previous days. This is a rolling count as of the time the dashboard is viewed.
Note
Although an indicator could have been recently obtained by Threat Exchange, no event will contribute to the count if the metadata timestamp delivered with the IoC entry is from a period earlier than seven days.
Indicators by Threat Sources: Shows the relative contribution, in record counts, from each connected plug-in to the entire active Threat Exchange database in a pie chart.
Threat Sources Status: Shows the up (green up arrow) or down (red down arrow) state of configured plugins.
Top 10 Active Indicators by External Hits: Shows the top 10 indicators that all of the plugins have matched against. For example, the value started with d7771 has been seen by all the non-Netskope connectors a total of 4903 times, indicating that it is appearing the most frequently in the customer IT stack.
Top 10 Active Indicators by Reputation: Shows the sorted count of the top 10 active indicators by reputation. Reputation is configured per plugin and is applied to all indicators received from that plugin, although API commands can be used to overwrite the setting for any given IoC entry. This metadata is only used for filtering purposes. Regardless of reputation, the last IOC update takes affect.
Note
If the Indicators are getting migrated, you will see this message in UI, "Migration procedure is currently under progress". There won't be any functionality issues as a result.
This message will be removed from the UI once the migration of indicators is completed.
Click the User Risk Exchange tab to view overall user activity.
The User Risk Exchange Dashboard contains the following information:
Total User Sources: How many vendor plugins have been configured and connected.
Total Users Fetched: How many users have been identified as having noteworthy risk scores.
Total Hosts Fetched: How many devices have been identified as having noteworthy risk scores.
Total Actions Performed: The total number of actions performed on hosts and by users.
Overall Status of Users: The relative proportion of users.
Overall Status of Hosts: The relative proportion of hosts.
Score Change Across Organization: The change in average of normalized score every 24 hours. Number below the line chart shows the change in average normalized score from yesterday.
Riskiest 10 Records by Weighted Score of Users: Riskiest 10 users among all those fetched.
Riskiest 10 Records by Weighted Score of Hosts: Riskiest 10 hosts among all those fetched.
Plugin Status: Indicates if the plugin is successfully polling the vendor’s system or not. The up (green up arrow) or down (red down arrow) indicates state of configured plugins..
The dashboard provides a high-level overview of the Application Risk Exchange (ARE) module to all users to give a bird’s eye view of overall activity. Click the Application Risk Exchange tab to view overall application activity.
The Application Risk Exchange Dashboard contains the following information:
Total ARE Configurations: Shows the total number of configured ARE plugins.
Total Active Applications: Count of the total applications in the ARE database.
Applications Reported In Last 7 Days: Count of applications delivered to ARE from the previous 7 days. It is a rolling count as of the time the dashboard is viewed.
Applications by CCL: Displays a pie chart showing the applications grouped by CCL, in record counts.
ARE Plugins Status: Reflects the up (green up arrow) or down (red down arrow) state of configured plugins.
Top 10 Applications with least CCI: Displays the top 10 applications with least CCI score from ARE database.
Recently Seen Applications (last 7 days): Displays the 10 latest seen applications from all the available plugins configured.