Supported 3rd-party Plugins
A module-specific write-access user can create, enable, modify, or delete plugins. This section describes the 3rd-party plugins supported by Netskope Cloud Exchange.
In addition to the Netskope plugins, Cloud Exchange works with the following plugins which, as of version 4.1, are found in the Github repository and are pulled down by Cloud Exchange during initial installation, whenever the Cloud Exchange service is started or stopped, and whenever a write-access user responds to an "updates are available" prompt with a command to retrieve the new or updated plugins.
ArcSight
LogRhythm
AT&T AlienVault (using the default Syslog plugin)
Solarwinds (using the default Syslog plugin)
STIX/TAXII (most threat systems support creating a feed for CE to read, including Anomali)
API Source (Allows for categorization of data for identifying source and for subsequent filtering delivered to Threat Exchange via API)
Cybereason
ThreatQ
You can upload new plugins. After creating your custom plugin, follow these steps to upload your new plugin.
Go to Settings and click Plugins.
Click Add new Plugin, locate the ZIP or tar file for your custom plugin, and then click Upload. After successful validation, the newly added plugin is available under the supported plugins list for this CE instance only. Uploaded plugins are stored in the host file system.
If the core docker container is upgraded or reset, all your uploaded plugins will still remain with all the configurations.
On the Plugins page there's an option to search via plugin name.