Next Generation API Data Protection Inventory
Note
Currently, the Inventory page is available for Citrix ShareFile, GitHub, Google Drive, Microsoft 365 OneDrive (Commercial), Microsoft 365 SharePoint (Commercial), Microsoft 365 Yammer, Workday, and Zoom. New SaaS apps will be supported in due course.
The Next Generation API Data ProtectionInventory page provides deep insights on various entities supported by the SaaS apps. Administrators can use the personalized dashboard to perform ad hoc, real-time queries that can quickly group, filter, and drill-down on contextualized data and transactions across an enterprise organization’s cloud activities at a scale and granularity.
After your SaaS app account and Next Generation API Data Protection are set up on the Netskope tenant, the Next Generation API Data Protection inventory page is automatically populated with the relevant files, folders, user data, and entities.
Once you log in to the Netskope UI tenant, click API-enabled Protection > SAAS (NEXT GEN) > Inventory on the left navigation pane to view the inventory page.
The Inventory page includes the following entity types:
Users
The Users tab displays a list all users from the connected SaaS apps.
You can filter the data based on:
User name: Name of the user and email address.
App: Name of the connected SaaS app.
Instance: Name of the SaaS app instance configured under Settings > API-enabled Protection > SaaS > Next Gen.
App Suite: An application suite is a collection of multiple software applications that are designed to work together and complement each other to provide a comprehensive set of tools and functionalities for a specific purpose. For example, Google App, Office 365.
App Category: Type of SaaS app solution clubbed together. For e.g., Cloud Storage, Collaboration, Development Tool, HR, etc.
User Type: Exposure of the user i.e., internal, external.
User Status: Indicates the status of the user i.e., active, deleted, suspended, unspecified.
Resource ID: Resource ID is an unique ID to identify a resource (a file, folder, repository, user, etc.) in the system. It is generated by the corresponding SaaS apps. Including or excluding a specific resource to filter can be specified using Resource ID.
The Users tab displays the following data:
User name: Name of the user and email address.
App Suite: An application suite is a collection of multiple software applications that are designed to work together and complement each other to provide a comprehensive set of tools and functionalities for a specific purpose. For example, Google App, Office 365.
App: Name of the connected SaaS app.
Instance: Name of the SaaS app instance configured under Settings > API-enabled Protection > SaaS > Next Gen.
App Category: Type of SaaS app solution clubbed together. For e.g., Cloud Storage, Collaboration, Development Tool, HR, etc.
User Type: Exposure of the user i.e., internal, external.
Resource ID: Resource ID is an unique ID to identify a resource (a file, folder, repository, user, etc.) in the system. It is generated by the corresponding SaaS apps. Including or excluding a specific resource to filter can be specified using Resource ID.
User Status: Indicates the status of the user i.e., active, deleted, suspended, unspecified.
Last Modified Time: The date and time this entity got modified.
In addition, you can click the user name entry in the table to get a detailed view of the entity.
User Groups
The User Groups tab displays a list of all the user groups from the connected SaaS apps. An administrator can create users, groups, and assign users to a group in most of SaaS apps. Netskope retrieves these data from the SaaS apps.
In addition to the filters available in Users tab, you can filter the data based on:
Resource Name: Name of the user group.
The User Groups tab displays the following data:
Name: Name of the user group.
App Suite: An application suite is a collection of multiple software applications that are designed to work together and complement each other to provide a comprehensive set of tools and functionalities for a specific purpose. For example, Google App, Office 365.
App: Name of the connected SaaS app.
Instance: Name of the SaaS app instance configured under Settings > API-enabled Protection > SaaS > Next Gen.
App Category: Type of SaaS app solution clubbed together. For e.g., Cloud Storage, Collaboration, Development Tool, HR, etc.
Resource ID: Resource ID is an unique ID to identify a resource (a file, folder, repository, user, etc.) in the system. It is generated by the corresponding SaaS apps. Including or excluding a specific resource to filter can be specified using Resource ID.
Last Modified Time: The date and time this entity got modified.
In addition, you can click the name entry in the table to get a detailed view of the entity.
Content > Files
The Content > Files tab displays a list of all the file entities from the connected cloud storage SaaS apps.
Note
You can toggle between Content and Files drop-down. However, the Files tab is a subset of Content. What you see under the Files tab is the same as Content tab.
In addition to the filters available in Users and User Groups tabs, you can filter the data based on:
Resource Name: Name of the file.
File Type: Also known as a file format, refers to the structure and organization of data within a computer file. File types are identified by their file extensions, which are the three or four letters that follow the period in a file's name. For example, a file named "document.docx" has the file extension ".docx" indicating that it is a Microsoft Word document file type.
Exposure: The exposure of the file i.e.:
Public: Entities shared publicly.
External: Entities can be accessed by specific users outside of the organization.
Org-wide: Entities can be accessed by all users inside the organization.
Internal: Entities can be accessed by specific users inside the organization.
Private: Entities can be accessed by the owner only.
File Owner: Name or email address of the owner of the file.
The Content > Files tab displays the following data:
Name: Name of the file.
App Suite: An application suite is a collection of multiple software applications that are designed to work together and complement each other to provide a comprehensive set of tools and functionalities for a specific purpose. For example, Google App, Office 365.
App: Name of the connected SaaS app.
App Category: Type of SaaS app solution clubbed together. For e.g., Cloud Storage, Collaboration, Development Tool, HR, etc.
Instance: Name of the SaaS app instance configured under Settings > API-enabled Protection > SaaS > Next Gen.
File Type: Also known as a file format, refers to the structure and organization of data within a computer file. File types are identified by their file extensions, which are the three or four letters that follow the period in a file's name. For example, a file named "document.docx" has the file extension ".docx" indicating that it is a Microsoft Word document file type.
File Size: The size of the file in bytes, kilobytes, or megabytes.
File Owner: Name or email address of the owner of the file.
Resource ID: Resource ID is an unique ID to identify a resource (a file, folder, repository, user, etc.) in the system. It is generated by the corresponding SaaS apps. Including or excluding a specific resource to filter can be specified using Resource ID.
Exposure: The exposure of the file i.e.:
Public: Entities shared publicly.
External: Entities can be accessed by specific users outside of the organization.
Org-wide: Entities can be accessed by all users inside the organization.
Internal: Entities can be accessed by specific users inside the organization.
Private: Entities can be accessed by the owner only.
Last Modified Time: The date and time this entity got modified.
In addition, you can click the name entry in the table to get a detailed view of the entity.
Content Collections
The Content Collections tab displays a list of folders from cloud storage apps and repositories from development tools apps (like GitHub). You can toggle between Content Collections, Folders, and Repository drop-down menu. The Content Collections tab displays a combination of folders and repositories of the connected SaaS apps. The Folders tab lists all the folders (collections of files) from the connected cloud storage SaaS apps. The Repository tab lists all the repositories (collections of commits) from the connected development tools SaaS apps.
In addition to the filters available in Users, User Groups, and Content tabs, you can filter the data based on:
Resource Type: Type of resource like a folder or repository.
The Content Collections, Folders, and Repository tabs displays the following data:
Name: Name of the SaaS app entity (folder, repository).
App Suite: An application suite is a collection of multiple software applications that are designed to work together and complement each other to provide a comprehensive set of tools and functionalities for a specific purpose. For example, Google App, Office 365.
App: Name of the connected SaaS app.
App Category: Type of SaaS app solution clubbed together. For e.g., Cloud Storage, Collaboration, Development Tool, HR, etc.
Instance: Name of the SaaS app instance configured under Settings > API-enabled Protection > SaaS > Next Gen.
Resource Type: Type of resource like a folder or repository.
Resource ID: Resource ID is an unique ID to identify a resource (a file, folder, repository, user, etc.) in the system. It is generated by the corresponding SaaS apps. Including or excluding a specific resource to filter can be specified using Resource ID.
Last Modified Time: The date and time this entity got modified.
The following data is specific to the Repository tab:
Owner: Name of the owner of the repository.
Repository URL: URL link of the repository.
Exposure: The exposure of the repository i.e.:
Public: Entities shared publicly.
Internal: Entities can be accessed by specific users inside the organization.
Private: Entities can be accessed by the owner only.
In addition, you can click the name entry in the table to get a detailed view of the entity.
Manual Remediation Actions
In addition to providing deep insights on various entities supported by the SaaS apps, you can take remediation action for certain types of entities in the SaaS app. The available remediation actions are as follows:
Important
Currently, the remediation actions are available under the Files tab only.
The Netskope UI performs the remediation action asynchronously. Users can only see a successful popup at the current time.
Change owner to a specific user: This action changes the owner of the file to a specific user. On clicking this option, the UI prompts you to enter the email address of the specific user. Click Proceed.
Restrict access to owner: This action restricts the access of the file to the owner only.
Restrict access to internal collaborators: This action restricts the access of the file to users within the organization and domains as defined under Settings > Administration > Internal Domains.
Restrict access to specific domains and internal collaborators: This action restricts the access of the file to selected domain(s) and internal collaborators as defined in the previous bullet item. On clicking this option, the UI prompts you to enter the domain profile name. Click Proceed.
Note
If you do not have a domain profile defined, click Manage Domain Profiles to create a new domain profile.
Revoke organization-wide sharing: This action removes any kind of organization-wide sharing links and access.
Revoke specific domains: This action removes access for users matching the specified domain profile. On clicking this option, the UI prompts you to enter the domain profile name. Click Proceed.
Note
If you do not have a domain profile defined, click Manage Domain Profiles to create a new domain profile.
The list of available remediation actions are determined by:
App capability check (same as in policy wizard).
Resource type check, currently only enabled for file type.
For bulk actions, only actions supported by all selections are enabled.