Netskope Help

API Data Protection now supports domain exclusion in policy wizards for Box, Dropbox, Google Drive, Microsoft Office 365 OneDrive, and SharePoint applications. This new feature, when enabled, excludes domains from a policy trigger. The All External Domains Except option is available as part of the API Data Protection policy wizard under Content > Specific Sharing Options.

API Data Protection now restricts access to internal users in the policy wizard for Microsoft Office 365 OneDrive and SharePoint applications. This new feature, when enabled, restricts file-sharing access to internal users only. This action removes any external user who has access to the file and removes any public link on the file. The Internal Users option is available as part of the API Data Protection policy wizard under Action > Restrict Access > Restrict Access Level.

The Mark as Allowed action enables you to:

It also provides input to Netskope to improve machine learning algorithms with the feedback for that user and activity.

The Network Location field in the Behavior Analytics Proximity policy is implemented as an exclusion criterion. In this release, the user interface(UI) is updated to clarify this behavior. The default value is None and no network locations are excluded by default.

In the past, Netskope supported 50 AWS services across all associated API traffic. With this release, there is parity and support for browser/console traffic across these 50 AWS services.

To learn more: 50 Services and Activities.

With this release, Netskope added a new coverage for the Google Form browser platform. A POST activity is detected whenever you fill and submit the Form.

In this release, Netskope adds a new coverage for Copy activity in the Atlassian Confluence browser platform. This generates an event whenever you use the Copy feature in Confluence.

Netskope now enables DLP support for Edit, Create, and Post activities in the SurveyMonkey browser application. You can now apply DLP policies for your content followed by DLP inspection.

The new app connector support for the Guidewire application on the browser platform allows you to detect the following activities:

In this release, Netskope added a new Asana app connector and activity detection on the browser platform for the following activities:

In this release, Netskope includes the following Japan-specific predefined data identifiers in DLP rules:

Netskope introduces an enhancement to the incident details displayed when multiple DLP profiles match in a Real-time Protection policy.

Whenever there are multiple DLP profile matches in a policy, the resulting incident lists all profiles that match along with their corresponding forensic information. There are no changes in terms of the action taken, the most restrictive action continues to be taken, and also reported in the incident details. In addition, each profile match results in a DLP alert.

In the current version of the product, in the event of multiple DLP profile matches, only the profile associated with the most restrictive action is reported in an incident. This enhancement provides a complete view of the types of data involved in an incident along with the corresponding forensic details.

You can now modify the entity to narrow down the search results associated with that entity while creating a custom or data entity.

The entity modifier includes the ability to add conditions to include or exclude specific keywords or regexes. You can find this feature under Advanced Options as part of the Create Entity UI for creating custom entities. The options to modify the entity include the following conditions that you can add to the entity:

To learn more: DLP Entity.

In this release, Netskope introduces a new DLP bypass alert that is generated when an unknown file type is detected to be as encrypted by the ML-based encryption detection module in DLP.  DLP does not inspect such files. UEBA uses these bypass alerts to identify new and specific insider risk scenarios.

This release includes numerous payment card entities updates and improvements, including the Payment Card Numbers vendor/brand–specific entities. Some of the updates include:

In addition, Netskope added the following 15 new payment card entities (including support for the Mir and RuPay networks):

Defunct Card Numbers (all) - Use this entity to match obsolete numbers. This allows a single convenient entity rather than having to OR each of the following seven together manually:

Domestic Card Numbers (all) - Consists of the following new entities:

Even though only the entities are updated, it affects the rules and profiles that use these entities and have either fewer or more matches due to overall changes to IIN ranges, formatting, and other support.

Finally, this release also improves all predefined PAN-related Rules (both US and International), and all Finance and PCI–related profiles. Similarly, this also improves custom rules that utilize the predefined Payment Card Numbers entities.

You can now select AWS S3 or Google Cloud Storage as a destination to store incident forensics. To enable this for your tenant, select the Forensics checkbox on the Instance Settings page. Afterward, you can create a forensics profile using AWS or Google Cloud Storage to make this profile active for the tenant.

You can now set up granular data loss prevention (DLP) policies using the UI to focus scans on critical parts of the cloud infrastructure. Granular policy controls include container-level attributes like bucket name, tags, region, and access. You can also build policies using object-level attributes like name, key, content type, extension, and so on.

This feature provides granular controls for malware scanning. Using attributes at the container and object levels, users can set coarse or fine-grained malware policies across their GCP and AWS accounts.

The benefits of using this granular policy feature include:

In this release, Netskope modified the logic for instance_id extraction for the Confluence and Jira application. Now, instance_ids are based on your Confluence and Jira domains respectively rather than the from_user variable. For example, if you have < netskope.atlassian.net > as your domain, then you get Netskope as instance_id even though login from_user is "user@netcracker.com".

In this release, a new field x-transaction-id is added to the end of each transaction event. The transaction ID is also included in the application event and can be used to identify the transaction associated with the application event.

You can now have a single entry (*.domain. com) instead of two entries (*.domain. com and domain.com) in a URL list to derive a custom category. You can use the custom category in various places such as policy. If you create other configurations where domain names are accepted directly (such as policy), you need to specify two separate entries to match subdomains as well as the domain itself. Future changes include other Netskope subsystems to merge *.domain.com and domain.com.

Netskope introduces a new RBI template policy in the admin console for Real-time Protection policies. The RBI template assists customers in:

With this release, the Netskope client steers NPA DNS traffic over both UDP and TCP. This does not require any additional configuration beyond configuring the Publisher DNS capability for the associated private apps.

The CN and SAN entries of a cert must be Fully Qualified Domain Names (or wildcard of an FQDN). The UI verifies and rejects if the CN and SAN entries are incorrect.

NPA now supports APIs for publisher and application management to streamline operations. These APIs enable administrators to automate the process of configuring (publishing) private applications as well as management of publisher instances. The APIs offered have parity to the Netskope UI. In other words, administrators can execute the same operations using the Netskope UI or APIs.

To learn more: Private Access REST APIs

Authenticated username (email) from SAML assertion (part of the NPA authentication cookie) gets added to browser access requests to private apps. The username is encoded in Base64 encoding format. Username gets added using 'X-Authenticated-User' HTTP header in HTTP request towards private-app.

You can apply system-level and publisher image updates under the Upgrade menu, at the same time or separately.

In this release, Netskope enhanced the NPA Publisher to support NAT mode transmission of traffic to private apps. This enhancement reduces port consumption and increases throughput, resulting in an improved private app access experience.

In this release, Netskope enhanced the NPA Cloud to support the dynamic routing of traffic to private apps when publishers reconnect. This enhancement reduces client and app re-connections by dynamically routing traffic to available publishers.

The new command option in nsdiag -r <URL> displays the URL performance statistics like connect time, look-up time, and so on. For example, the command: ./nsdiag -r www.google.com, displays the following statistics:

Use Skope IT > Users option to clear the user's browser access authentication information. As a result, the user needs to authenticate again to access the private app.

The Mark as Safe functionality allows you to add specific files to a selected file profile. The DLP and Threat Protection use the file profile to allow the inclusion or exclusion of specific files based on the different attributes of a file. With this release, the Mark as Safe option is renamed as Add to File Profile to reflect the functionality more accurately.

To learn more: About Malware.

In this release, the Reject action is renamed to Block making it consistent with the signature action on the flow, i.e it results in the blocking of the affected flow.

To learn more: Creating a Signature Override.

The Netskope Adapter (NS Adapter) has been tested to ensure compatibility with the current cloud platform. Its version number has been updated to confirm this compatibility. No other changes have been made to the NS Adapter in this release.