Skip to main content

Netskope Help

Skyhigh Plugin for Threat Exchange

This document will provide the technical documentation required to configure the SkyHigh integration with the Cloud Threat Exchange module of the Netskope Cloud Exchange platform. This integration allows for the pulling of URLs and sharing them with Netskope.

Fetched indicator types

URL(URLs, FQDN, IP Addresses)

Shared indicator types

Do not support sharing

Performance Matrix

Data Pulled

Time Taken

1326

4 seconds

11323

1 minute 39 seconds

Prerequisites

To complete this configuration, you need:

  • A Netskope Tenant (or multiple, for example, production and development/test instances)

  • A Netskope Cloud Exchange tenant with the Threat Exchange module already configured.

  • Connectivity to the following host: SkyHigh expects a publically available URL that holds a flat file in Blue Coat format. Example:\

    Define category Blacklist1
    1800covidx.com
    18713279151.com
    End
    Define category Blacklist2
    18statement.coronaviruspreppers.buzz
    19covid-gouv12.com
    End
  • Your Configuration Parameter. Reach out to Skyhigh for your Skyhigh CASB Published URL. Make sure you have access to the URL. It is assumed that the URL is publically available, so you do not need any extra permissions to pull data.

Workflow
  1. Configure the SkyHigh Plugin for Threat Exchange.

  2. Validate the Skyhigh plugin.

Click play to watch a video.

 
  1. In Cloud Exchange, go to Settings > Plugins.

  2. Search for and select the SkyHigh plugin box.

    image1.png
  3. Enter these parameters:

    • Configuration Name: Unique name for the configuration.

    • Sync Interval: Leave Default.

    • Aging Criteria: Leave Default.

    • Override Reputation: Leave Default.

    • Enable SSL verification: Enable if SSL verification is required for communication.

    • Use System Proxy: Enable if the proxy is required for communication.

    image2.png
  4. Click Next.

  5. Enter these parameters:

    • SyHigh CASB Published URL: SkyHigh published URL endpoint from which you want to pull the data.

    • Category: The type of comma-separated category from which you want to pull data. Keep it blank to pull all data from the file.

      image3.png
  6. Click Save.

    image4.png
  1. In Threat Exchange, go to Threat IoCs.

    image5.png
  2. If data is not being fetched from the platform, you can look at the logs in Cloud Exchange. In Cloud Exchange Select Logging. Look through the logs for errors.

    image6.png