Netskope Help

JA3 with JA3S fields are now available for Advanced Analytics (NAA), in the Application Events and Alerts Data Collection.

JA3 with JA3S is a method to fingerprint the TLS negotiation between a client and server. This combined fingerprinting can assist in producing higher fidelity identification of the encrypted communication between a specific client and its server. These fields are available for TLS decrypted traffic.

The new addition of SSL Decryption Dashboard allows you to see the inspection rate of all traffic sent to Netskope. In addition, you can review traffic and destinations not inspected, and assess whether there is a business reason to have content inspected for threats, intellectual property, or against specified standards.

The “CISO Dashboard - No Period Comparison” dashboard is a simplified version of the “CISO Dashboard” which requires only a single time range parameter to be applied. Note, period over period comparison dashboard filters are not included in this dashboard.

With this release, the 'Private App Tag' field is added to the Network Events data collection. To learn more: Private App Tags

API Data Protection has introduced a new file sharing option in the policy wizard for Cisco Webex Teams - 'All External Domains Except'. This new file sharing option provides users the ability to specify trusted external domains to be excluded from exposure determination and policy enforcement.

The Netskope tenant UI has disabled the restore, block, and encrypt actions on the Incidents > DLP page for files with 'require check out' option enabled in Microsoft Office 365 SharePoint Sites. In cases when 'require check out' is enabled, a copy of the file will be placed in quarantine, however, the original file will not be deleted.

API Data Protection dashboard page now includes additional information such as the MD5 checksum and detection engine details if the malware file was detected by Netskope or the SaaS application. Filtering capabilities on the newly available data is also added. To learn more: Improved Reporting on Malware Files in API Data Protection

Netskope has removed the Malware Instances table under Settings > Threat Protection > API-enabled Protection. Users can avail the same functionality to view or enable malware setting from Settings > API-enabled Protection > SaaS, view or enable the malware setting under Setup Instance.

Enhanced "From User" and "Instance Id" detection for Evernote browser-based access.

ChatGPT dedicated app connector is now available. With this admins can have full visibility and control over sharing of data to the application. The following activities are covered:

Enhanced Google Drive App to perform DLP for Edit when more than 50 bytes of data is added or pasted into Docs, Sheets or Slides. The primary use case is exfiltration through copy and paste of sensitive information.

Dedicated iManage app connector for browser-based access. Supports real-time policies for the  following activities:

The application category of the app Adobe Document Cloud is now changed from Collaboration to Business Process Management.

Updated the machine learning (ML)-based source code classifier. Incorporating new training data and additional features, higher accuracy and reduced rates of false positive occurrence is achieved.

CFW is now available for the China Data Center.

Endpoint DLP Printer Device Control is available. You can create policies to restrict or allow access to printers based on attributes of the printer or connection.

Printer Device Control events now display the Activity Type as Printer Setup.

Endpoint DLP Device Control policies allows administrators to select a custom user notification template. This helps administrators to display custom messages when devices are blocked.

Endpoint DLP Alerts display the violating application in the Application column.

Updated Transaction Event Field Format by:

Transaction Event fields x-cs-app-cci, x-cs-app-ccl, and x-cs-app-tags are filled with the following criteria:

GitHub app is now available on the Next Generation API Data Protection platform. Please note the following important points:

Added support for Android 11 on Chrome OS. To learn more: Netskope Client Supported OS and Platform.

Secured Device Classification logs when the Steering Hardening feature flag is enabled.

Introduced a feature flag AutoStart NSClient with Reboot/Relogin to override the user disabling Client after restart or logoff/login. When the flag is enabled and a user disables the Client, it automatically enables the Client after:

On the Device page, Unique Device ID is the combination of BIOS SN and Processor ID that can easily get duplicated with other Unique Device ID cloned by the virtual machine(VM) image.

 To have a real Unique Device ID, Machine GUID is added to generate a new Unique Device ID. Private Access Client will re-enroll to update Unique Device ID.

The Standard UEBA policies now support selecting custom applications in policy definition.

UEBA supports API-connected instances for predefined policies. With this enhancement, you can select or exclude both Inline and API-connected app instance at the same time for predefined policies.

Netskope added a new application and web category for Generative AI domains. This covers traffic to AI apps like ChatGPT, Google Bard, Jasper AI, etc.  

To learn more, see Category Definitions.

Netskope renamed the CTEP alert type in Skope IT to IPS.