New Features And Enhancements In Version 2.0.0
Here is the list of the new features and enhancements.
Major Improvements
The platform, Threat Exchange, has been renamed and is now known as Cloud Exchange.
Threat Exchange is now a module available under Cloud Exchange.
Ticket Orchestrator is a new module that has been added.
Ticket Orchestrator allows for the consumption of Alert data from Netskope and then provides the ability to Open ticket into Service Now, Jira, or send out notifications via Slack and other message mediums.
Plugin Support for Ticket Orchestrator
Netskope - Consumption of Alerts - able to filter alerts of interest.
Service Now - Supports both ITSM and SecOps modules in SNOW: there is a corresponding helper app within Service Now ITSM module.
Jira - Generate tickets into your projects.
Notifier (early access) - Send alerts to Slack, Email, PagerDuty and others.
When first logging into Cloud Exchange, both modules, Threat Exchange and Ticket Orchestrator, are disabled by default.
After initial configuration, the ability to enable or disable these modules can be found under Settings > General.
Updates can be performed by selecting Settings -> General from the lower left navigation pane.
Netskope Query reduction - With the addition of the Ticket Orchestrator module, query workflows were refactored to support query once, use many to reduce the queries made toward Netskope.
New Plugin Workflow: A Netskope Tenant is created under Settings, by selecting Plugins.
SSO Authentication Workflow
Upgrades can be performed in the UI under Settings -> General and clicking on the “Check for Updates” button.
GitHub Plugin Workflow - We are not able to connect to a GitHub repo for plugins. This allows for 3rd party plugins and will support the migration of Netskope Plugins to GitHub allowing for plugin upgrades to be removed from Core image Upgrades.
Quality of Experience Enhancements
Renamed and repositioned the Audit Log to Logging. The Logging link is now listed in the lower left of the primary navigation bar.
Table query persistence: When you look at the tables of data, when making a query, the query is remembered if you click away from the table.
Cloud Threat Exchange Plugins
Threat Plugins:
Mimecast - Learn and Share indicators with Mimecast (Sharing indicators with Mimecast does require an additional license from Mimecast, Bring your own Threat Intel (BYOTI))
Microsoft Defender for Endpoint - Learn indicators from Microsoft Defender for Endpoint.
Threat Quotient: Learn indicators from ThreatQ
MISP (early access): Learn and share indicators with MISP
Cybereason: Learn and Share indicators with Cybereason
Safe File Plugins:
GitHub DLP: Using this plugin, you are creating a SAFE file list. This plugin will scrape the files in a GitHub organization and create a file hash list. This File hash list can then be uploaded to Netskope for use in DLP policy.