Netskope (API v2)
Netskope Pack.#
This Integration is part of theSupported versions
Supported Cortex XSOAR versions: 6.9.0 and later.
Netskope API v2 provides a powerful interface for managing and monitoring Netskope deployments. It enables users to retrieve alerts and events, manage URL lists, and control clients. With Netskope API v2, organizations can proactively respond to security threats, enforce web access policies, and efficiently administer their Netskope environment. This integration was integrated and tested with version 2 of the Netskope API.
#
Configure Netskope (API v2) on Cortex XSOARNavigate to Settings > Integrations > Servers & Services.
Search for Netskope (API v2).
Click Add instance to create and configure a new integration instance.
Parameter Description Required Server URL True Use system proxy settings False Trust any certificate (not secure) False API token Netskope API access token (make sure to generate token for the required endpoints). True First fetch timestamp First alert created date to fetch. e.g., "1 min ago","2 weeks ago","3 months ago". False Maximum incidents per fetch Maximum number of incidents per fetch. Default is 50. The maximum is 100. False Maximum events as incidents per fetch. Max value is 200. False Fetch Events Fetch events as incidents, in addition to the alerts. False Event types to fetch. The event types to fetch as incidents. False Alerts Query Free text query to filter the fetched alerts. For more information, visit Netskope documentation (https://docs.netskope.com/en/get-alerts-data.html\). False Events Query Free text query to filter the fetched events (if configured). For more information, visit Netskope documentation (https://docs.netskope.com/en/get-alerts-data.html\). False Incident type False Fetch incidents False Incidents Fetch Interval False Click Test to validate the URLs, token, and connection.
#
CommandsYou can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
#
netskope-alert-listRetrieve alerts generated by Netskope. Select desired alerts using the alert_type parameter. Mandatory inputs include start_time and end_time, or insertion_start_time and insertion_end_time (Please note that if end_time or insertion_end_time is not provided, it will default to the current date and time). Additionally, it is not permissible to supply a combination of the aforementioned options.
#
Base Commandnetskope-alert-list
#
InputArgument Name | Description | Required |
---|---|---|
start_time | Restrict events to those that have dates greater than the provided date string (for example "YYYY-MM-DDThh:mm", "1 min ago", "2 weeks ago"). When this argument is provided, the āend_timeā argument must be provided as well. . | Optional |
end_time | Restrict events to those that have dates less than or equal to the provided date string (for example "YYYY-MM-DDThh:mm", "1 min ago", "2 weeks ago"). When this argument is provided, the āstart_timeā argument must be provided as well. If start_time argument is provided and this argument is not - the default value will be set for now. | Optional |
insertion_start_time | Restrict events to those that were inserted to the system after the provided date string (for example "YYYY-MM-DDThh:mm", "1 min ago", "2 weeks ago"). When this argument is provided, the āinsertion_end_timeā argument must be provided as well. | Optional |
insertion_end_time | Restrict events to those that were inserted to the system before the provided date string (for example "YYYY-MM-DDThh:mm", "1 min ago", "2 weeks ago"). When this argument is provided, the āinsertion_start_timeā argument must be provided as well. If insertion_start_time argument is provided and this argument is not - the default value will be set for now. | Optional |
query | Free query to filter the alerts. For example, "alert_name like test". For more information, please visit Netskope documentation: https://docs.netskope.com/en/get-alerts-data.html. | Optional |
alert_type | Select alerts by their type. | Optional |
acked | Whether to retrieve acknowledged alerts or not. Possible values are: True, False. | Optional |
page | Page number of paginated results. Minimum value: 1. | Optional |
limit | The maximum number of records to retrieve. Default is 50. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
Netskope.Alert._appsession_start | String | The timestamp marking the start of an application session. |
Netskope.Alert._category_id | String | The unique identifier for a category. |
Netskope.Alert._category_name | String | The name or label associated with a category. |
Netskope.Alert._category_tags | Number | Numeric tags or labels associated with the category. |
Netskope.Alert._content_version | Number | A numeric value representing the content version. |
Netskope.Alert._correlation_id | String | An identifier used for correlating events or data. |
Netskope.Alert._creation_timestamp | Number | The timestamp when the data or event was created. |
Netskope.Alert._ef_received_at | Date | The timestamp indicating when the event was received. |
Netskope.Alert._event_id | String | A unique identifier for the event. |
Netskope.Alert._forwarded_by | String | Information indicating the source responsible for forwarding the event. |
Netskope.Alert._gef_src_dp | String | The source data path for the event. |
Netskope.Alert._id | String | A unique identifier for the event or data. |
Netskope.Alert._insertion_epoch_timestamp | Number | Insertion timestamp. |
Netskope.Alert._nshostname | String | The hostname associated with Netskope. |
Netskope.Alert._raw_event_inserted_at | Date | The timestamp indicating when the raw event was inserted. |
Netskope.Alert._service_identifier | String | An identifier associated with a specific service. |
Netskope.Alert._session_begin | String | The timestamp marking the beginning of a session. |
Netskope.Alert._skip_geoip_lookup | String | A flag indicating whether GeoIP lookup should be skipped. |
Netskope.Alert._src_epoch_now | Number | A numeric value representing the source epoch. |
Netskope.Alert.access_method | String | Cloud app traffic can be steered to the Netskope cloud using different deployment methods such as Client (Netskope Client), Secure Forwarder etc. Administrators can also upload firewall and/or proxy logs for log analytics. This field shows the actual access method that triggered the event. For log uploads this shows the actual log type such as PAN, Websense, etc. |
Netskope.Alert.acked | String | Whether the user acknowledged the alert or not. |
Netskope.Alert.action | String | Action taken on the event for the policy. |
Netskope.Alert.activity | String | Description of the user-performed activity. |
Netskope.Alert.alert | String | Indicates whether the alert is generated or not. Populated as yes for all alerts. |
Netskope.Alert.alert_name | String | Name of the alert. |
Netskope.Alert.alert_type | String | Type of the alert. |
Netskope.Alert.app | String | Specific cloud application used by the user (e.g., app = Dropbox). |
Netskope.Alert.app_session_id | Number | Unique App/Site Session ID for traffic_type = CloudApp and Web. An app session starts when a user starts using a cloud app/site and ends once they have been inactive for a certain period of time (15 mins). Use app_session_id to check all the user activities in a single app session. app_session_id is unique for a user, device, browser, and domain. |
Netskope.Alert.appcategory | String | Application category as designated by Netskope. |
Netskope.Alert.appsuite | String | Information related to the suite of applications or software used. |
Netskope.Alert.browser | String | Shows the actual browser from where the cloud app was accessed. |
Netskope.Alert.browser_session_id | Number | Browser session ID. If there is an idle timeout of 15 minutes, it will time out the session. |
Netskope.Alert.category | String | A classification or grouping label for data or events. |
Netskope.Alert.cci | Number | Cloud Confidence Index, indicating the readiness and security of cloud applications. |
Netskope.Alert.ccl | String | "Cloud Confidence Level. CCL measures the enterprise readiness of the cloud apps taking into consideration those apps' security, auditability, and business continuity. Each app is assigned one of five cloud confidence levels: excellent, high, medium, low, or poor. Useful for querying if users are accessing a cloud app with a lower CCL." |
Netskope.Alert.connection_id | Number | Each connection has a unique ID. Shows the ID for the connection event. |
Netskope.Alert.count | Number | Number of raw log lines/events sessionized or suppressed during the suppressed interval. |
Netskope.Alert.device | String | Device type from where the user accessed the cloud app. It could be Macintosh Windows device, iPad, etc. |
Netskope.Alert.device_classification | String | Designation of the device as determined by the Netskope Client as to whether the device is managed or not. |
Netskope.Alert.domain | String | Domain value. This will hold the host header value or SNI or extracted from an absolute URI. |
Netskope.Alert.dst_country | String | Applicationās two-letter country code as determined by Maxmind or IP2Location Geodatabase. |
Netskope.Alert.dst_latitude | Number | Latitude of the application as determined by Maxmind or IP2Location Geodatabase. |
Netskope.Alert.dst_location | String | Applicationās city as determined by maxmind or IP2Location Geodatabase. |
Netskope.Alert.dst_longitude | Number | Longitude of the application as determined by Maxmind or IP2Location Geodatabase. |
Netskope.Alert.dst_region | String | Applicationās state or region as determined by Maxmind or IP2Location Geodatabase. |
Netskope.Alert.dst_timezone | String | Destination timezone. |
Netskope.Alert.dst_zipcode | String | Applicationās zip code as determined by Maxmind or IP2Location Geodatabase. |
Netskope.Alert.dstip | String | IP address where the destination app is hosted. |
Netskope.Alert.hostname | String | Host name. |
Netskope.Alert.incident_id | Number | A unique identifier for an incident or event. |
Netskope.Alert.ja3 | String | A field indicating JA3 information. |
Netskope.Alert.ja3s | String | A field indicating JA3S information. |
Netskope.Alert.managed_app | String | Whether or not the app in question is managed. |
Netskope.Alert.managementID | String | Management ID. |
Netskope.Alert.netskope_pop | String | Netskope Point of Presence, related to network infrastructure. |
Netskope.Alert.notify_template | String | The template used for notifications or alerts. |
Netskope.Alert.nsdeviceuid | String | Device identifiers on macOS and Windows. |
Netskope.Alert.organization_unit | String | Organization units for which the event correlates to. This ties to user information extracted from Active Directory using the Directory Importer/AD Connector application. |
Netskope.Alert.os | String | Operating system of the host that generated the event. |
Netskope.Alert.os_version | String | Operating system version of the host. |
Netskope.Alert.other_categories | String | Additional categories or labels not specified elsewhere. |
Netskope.Alert.page | String | The URL of the originating page. |
Netskope.Alert.page_site | String | Information about the web page or site being accessed. |
Netskope.Alert.policy | String | Name of the policy configured by an admin. |
Netskope.Alert.policy_id | String | The Netskope internal ID for the policy created by an admin. |
Netskope.Alert.port | String | The network port used for communication. |
Netskope.Alert.protocol | String | The communication protocol or method used. |
Netskope.Alert.request_id | Number | Unique request ID for the event. |
Netskope.Alert.severity | String | Severity used by watchlist and malware alerts. |
Netskope.Alert.site | String | For traffic_type = CloudApp, site = app, and for traffic_type = Web, it will be the second-level domain name + top-level domain name. For example, in āwww.cnn.comā, it is ācnn.comā. |
Netskope.Alert.src_country | String | Userās countryās two-letter country code as determined by Maxmind or IP2Location Geodatabase. |
Netskope.Alert.src_latitude | Number | Latitude of the user as determined by Maxmind or IP2Location Geodatabase. |
Netskope.Alert.src_location | String | Userās city as determined by Maxmind or IP2Location Geodatabase. |
Netskope.Alert.src_longitude | Number | Longitude of the user as determined by Maxmind or IP2Location Geodatabase. |
Netskope.Alert.src_region | String | Source state or region as determined by Maxmind or IP2Location Geodatabase. |
Netskope.Alert.src_time | Date | A timestamp associated with the source or event. |
Netskope.Alert.src_timezone | String | Source timezone. Shows the long-format timezone designation. |
Netskope.Alert.src_zipcode | String | Source zip code as determined by Maxmind or IP2Location Geodatabase. |
Netskope.Alert.srcip | String | IP address of the source/user. |
Netskope.Alert.telemetry_app | String | Typically, SaaS app websites use web analytics code within the pages to gather analytic data. When a SaaS app action or page is shown, there is subsequent traffic generated to tracking apps such as doubleclick.net, Optimizely, etc. These tracking apps are listed if applicable in the Telemetry App field. |
Netskope.Alert.timestamp | Number | Timestamp when the event/alert happened. Event timestamp in Unix epoch format. |
Netskope.Alert.traffic_type | String | "Type of the traffic: CloudApp or Web. CloudApp indicates CASB and web indicates HTTP traffic. Web traffic is only captured for inline access method. It is currently not captured for Risk Insights." |
Netskope.Alert.transaction_id | Number | Unique ID for a given request/response. |
Netskope.Alert.type | String | Shows if it is an application event or a connection event. Application events are recorded to track user events inside a cloud app. Connection events show the actual HTTP connection. |
Netskope.Alert.ur_normalized | String | All lowercase user email. |
Netskope.Alert.url | String | URL of the application that the user visited as provided by the log or data plane traffic. |
Netskope.Alert.user | String | User email. |
Netskope.Alert.useragent | String | Browser HTTP user agent header. |
Netskope.Alert.userip | String | IP address of the user. |
Netskope.Alert.userkey | String | User ID or email. |
Netskope.Alert._client_timeout | Number | Information related to client timeouts. |
Netskope.Alert._dlp_backup_profile | String | Information related to DLP (Data Loss Prevention) backup profiles. |
Netskope.Alert._nsp_dur_back | Number | Duration information for NSP (Network Security Platform) on the back end. |
Netskope.Alert._nsp_dur_front | Number | Duration information for NSP on the front end. |
Netskope.Alert._nsp_retrans_back | Number | Retransmission information for NSP on the back end. |
Netskope.Alert._nsp_retrans_front | Number | Retransmission information for NSP on the front end. |
Netskope.Alert._nsp_rtt_back | Number | Round-trip time information for NSP on the back end. |
Netskope.Alert._nsp_rtt_front | Number | Round-trip time information for NSP on the front end. |
Netskope.Alert._resource_name | String | The name associated with a resource. |
Netskope.Alert._scan_source | String | Information indicating the source of a scan. |
Netskope.Alert._tenant_max_file_size | Number | The maximum file size allowed for a tenant. |
Netskope.Alert.all_policy_matches | String | Information related to policy matches. |
Netskope.Alert.browser_version | String | Browser version. |
Netskope.Alert.file_size | Number | Size of the file in bytes. |
Netskope.Alert.file_type | String | File type. |
Netskope.Alert.md5 | String | MD5 of the file. |
Netskope.Alert.object | String | Name of the object which is being acted on. It could be a filename, folder name, report name, document name, etc. |
Netskope.Alert.object_type | String | Type of the object which is being acted on. Object type could be a file, folder, report, document, message, etc. |
Netskope.Alert.web_universal_connector | String | Universal web connector information. |
#
Command example!netskope-alert-list start_time="2023-05-05 11:06" alert_type=policy limit=2
#
Context Example#
Human Readable Output#
Alert ListShowing page 1. Current page size: 2. |Alert Id|Alert Name|Alert Type|Severity|Action|Activity|Type|Category Name|Event Id|Domain|Dst Country|Policy|Port|Protocol|Md5|Timestamp| |---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---| | c3c98336e9d6807dd821b8dc | 365 block | policy | unknown | block | Browse | nspolicy | Collaboration | 724d1174-d78c-4197-8243-4fbd3644b192 | config.teams.microsoft.com | US | 365 block | 443 | HTTPS/1.1 | | 2023-06-25T01:24:36.000Z | | da711d311019f02d79ebc8f4 | 365 block | policy | unknown | block | Browse | nspolicy | Collaboration | 6827a5eb-de85-48af-8eae-6d3034084fd6 | config.teams.microsoft.com | AT | 365 block | 443 | HTTPS/1.1 | | 2023-06-25T02:24:36.000Z |
#
netskope-event-listGet events extracted from SaaS traffic. You may choose what events to receive with the event_type parameter. You must provide start_time and end_time, or insertion_start_time and insertion_end_time (Note that if end_time or insertion_end_time don't provided - it would be set with the now date time). Also, you cannot provide a combination of the options mentioned above.
#
Base Commandnetskope-event-list
#
InputArgument Name | Description | Required |
---|---|---|
event_type | Select events by their type. Available types: page,application,audit,infrastructure,network. Possible values are: page, application, audit, infrastructure, network. | Required |
query | Free query to filter the events. For example, "app eq Dropbox". For more information, please visit Netskope documentation: https://docs.netskope.com/en/get-events-data.html. | Optional |
start_time | Restrict events to those that have dates greater than the provided date string (for example "YYYY-MM-DDThh:mm", "1 min ago", "2 weeks ago"). When this argument is provided, the āend_timeā argument must be provided as well. | Optional |
end_time | Restrict events to those that have dates less than or equal to the provided date string (for example "YYYY-MM-DDThh:mm", "1 min ago", "2 weeks ago"). When this argument is provided, the āstart_timeā argument must be provided as well. If start_time argument is provided and this argument is not - the default value will be set for now. | Optional |
insertion_start_time | Restrict events to those that were inserted to the system after the provided date string (for example "YYYY-MM-DDThh:mm", "1 min ago", "2 weeks ago"). When this argument is provided, the āinsertion_end_timeā argument must be provided as well. | Optional |
insertion_end_time | Restrict events to those that were inserted to the system before the provided date string (for example "YYYY-MM-DDThh:mm", "1 min ago", "2 weeks ago"). When this argument is provided, the āinsertion_start_timeā argument must be provided as well. If insertion_start_time argument is provided and this argument is not - the default value will be set for now. | Optional |
page | Page number of paginated results. Minimum value: 1. | Optional |
limit | The maximum number of records to retrieve. Default is 50. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
Netskope.Event._appsession_start | String | Netskope event application session start. |
Netskope.Event._category_id | String | Netskope event category ID. |
Netskope.Event._category_name | String | Netskope event category name. |
Netskope.Event._category_tags | Number | Netskope event category tags. |
Netskope.Event._content_version | Number | Netskope event content version. |
Netskope.Event._correlation_id | String | Netskope event correlation ID. |
Netskope.Event._creation_timestamp | Number | Netskope event creation timestamp. |
Netskope.Event._ef_received_at | Date | The timestamp indicating when the event was received. |
Netskope.Event._event_id | String | Netskope event event ID. |
Netskope.Event._forwarded_by | String | Netskope event forwarded by. |
Netskope.Event._gef_src_dp | String | The source data path for the event. |
Netskope.Event._id | String | Netskope event ID. |
Netskope.Event._insertion_epoch_timestamp | Number | Netskope event insertion epoch timestamp |
Netskope.Event._nshostname | String | The hostname associated with Netskope. |
Netskope.Event._raw_event_inserted_at | Date | The date the Netskope raw event was inserted. |
Netskope.Event._service_identifier | String | Netskope event service identifier. |
Netskope.Event._session_begin | String | The timestamp marking the beginning of a session. |
Netskope.Event._skip_geoip_lookup | String | Netskope event skip GeoIP lookup. |
Netskope.Event._src_epoch_now | Number | A numeric value representing the source epoch. |
Netskope.Event.access_method | String | Netskope event access method. |
Netskope.Event.action | String | Netskope event action. |
Netskope.Event.activity | String | Netskope event activity. |
Netskope.Event.alert | String | Netskope event alert. |
Netskope.Event.app | String | Netskope event app. |
Netskope.Event.app_session_id | Number | Netskope event app session ID. |
Netskope.Event.appcategory | String | Netskope event app category. |
Netskope.Event.appsuite | String | Netskope event app suite. |
Netskope.Event.browser | String | Netskope event browser. |
Netskope.Event.browser_session_id | Number | Netskope event browser session ID. |
Netskope.Event.category | String | Netskope event category. |
Netskope.Event.cci | Number | Netskope event Cloud Confidence Index. |
Netskope.Event.ccl | String | Netskope event Cloud Confidence Levels. |
Netskope.Event.connection_id | Number | Netskope event connection ID. |
Netskope.Event.count | Number | Netskope event count. |
Netskope.Event.device | String | Netskope event device. |
Netskope.Event.device_classification | String | Netskope event device classification. |
Netskope.Event.dom | String | Netskope event Document Object Model (DOM). |
Netskope.Event.dst_country | String | Netskope event destination country. |
Netskope.Event.dst_latitude | Number | Netskope event destination latitude. |
Netskope.Event.dst_location | String | Netskope event destination location. |
Netskope.Event.dst_longitude | Number | Netskope event destination longitude. |
Netskope.Event.dst_region | String | Netskope event destination region. |
Netskope.Event.dst_timezone | String | Netskope event destination timezone. |
Netskope.Event.dst_zipcode | String | Netskope event destination zip code. |
Netskope.Event.dstip | String | Netskope event destination IP. |
Netskope.Event.hostname | String | Netskope event host name. |
Netskope.Event.incident_id | Number | Netskope event incident ID. |
Netskope.Event.ja3 | String | A field indicating JA3 information. |
Netskope.Event.ja3s | String | A field indicating JA3S information. |
Netskope.Event.managed_app | String | Netskope event managed app. |
Netskope.Event.managementID | String | Netskope event management ID. |
Netskope.Event.netskope_pop | String | Netskope event Netskope POP. |
Netskope.Event.notify_template | String | Netskope event notify template. |
Netskope.Event.nsdeviceuid | String | Netskope event Netskope device UID. |
Netskope.Event.organization_unit | String | Netskope event organization unit. |
Netskope.Event.os | String | Netskope event operating system. |
Netskope.Event.os_version | String | Netskope event operating system version. |
Netskope.Event.other_categories | String | Netskope event other categories. |
Netskope.Event.page | String | Netskope event page. |
Netskope.Event.page_site | String | Netskope event page site. |
Netskope.Event.policy | String | Netskope event policy. |
Netskope.Event.policy_id | String | Netskope event policy ID. |
Netskope.Event.port | Number | Netskope event port. |
Netskope.Event.protocol | String | Netskope event protocol. |
Netskope.Event.request_id | Number | Netskope event request ID. |
Netskope.Event.severity | String | Netskope event severity. |
Netskope.Event.site | String | Netskope event site. |
Netskope.Event.src_country | String | Netskope event source country. |
Netskope.Event.src_latitude | Number | Netskope event source latitude. |
Netskope.Event.src_location | String | Netskope event source location. |
Netskope.Event.src_longitude | Number | Netskope event source longitude. |
Netskope.Event.src_region | String | Netskope event source region. |
Netskope.Event.src_time | Date | Netskope event source time. |
Netskope.Event.src_timezone | String | Netskope event source timezone. |
Netskope.Event.src_zipcode | String | Netskope event source zip code. |
Netskope.Event.srcip | String | Netskope event source IP. |
Netskope.Event.telemetry_app | String | Netskope event telemetry app. |
Netskope.Event.timestamp | Number | Netskope event timestamp. |
Netskope.Event.traffic_type | String | Netskope event traffic type. |
Netskope.Event.transaction_id | Number | Netskope event transaction ID. |
Netskope.Event.type | String | Netskope event type. |
Netskope.Event.ur_normalized | String | All lowercase user email. |
Netskope.Event.url | String | Netskope event URL. |
Netskope.Event.user | String | Netskope event user. |
Netskope.Event.useragent | String | Netskope event user agent. |
Netskope.Event.userip | String | Netskope event user IP. |
Netskope.Event.userkey | String | Netskope event user key. |
#
Command example!netskope-event-list event_type=page start_time="10 days ago" limit=2
#
Human Readable Output#
Event ListShowing page 1. Current page size: 2. No entries.
#
netskope-url-list-updateUpdate the URL List with the values provided. please note that this command overrides the list.
#
Base Commandnetskope-url-list-update
#
InputArgument Name | Description | Required |
---|---|---|
url_list_id | The URL list ID to update (use netskope-url-list-list command to get URL list ID). | Required |
name | The updated URL list name. | Required |
urls | The updated URL list items (For Exact - Enter URLs like .example.com, or IP addresses, separated by new line. For Regex - Enter URLs like ^client[0-9]\.google\.com , ^app\.slack\.com/./netskope, or ^google.com, separated by new line). | Required |
list_type | The updated URL list type. Possible values are: exact, regex. | Required |
deploy | Whether to deploy URL list changes or not. Default is False. Possible values are: True, False. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
Netskope.URLList.id | Number | Netskope URL list ID. |
Netskope.URLList.name | String | Netskope URL list name. |
Netskope.URLList.data.urls | String | Netskope URL list data URLs. |
Netskope.URLList.data.type | String | Netskope URL list data type. |
Netskope.URLList.data.json_version | Number | Netskope URL list data JSON version. |
Netskope.URLList.modify_by | String | Netskope URL list modify by. |
Netskope.URLList.modify_time | Date | Netskope URL list modify time. |
Netskope.URLList.modify_type | String | Netskope URL list modify type. |
Netskope.URLList.pending | String | Netskope URL list pending status. |
#
Command example!netskope-url-list-update url_list_id=11 name="QMASTERS list" urls="google.com" list_type=regex deploy=false
#
Context Example#
Human Readable Output#
URL List
Id Json Version Modify By Modify Time Modify Type Name Pending Type Urls 11 2 Tal New Token 2023-07-18 Edited QMASTERS list pending regex google.com
#
netskope-url-list-createCreate a new URL list.
#
Base Commandnetskope-url-list-create
#
InputArgument Name | Description | Required |
---|---|---|
name | The unique name for the URL list. | Required |
urls | The URL list items (For Exact - Enter URLs like .example.com, or IP addresses, separated by new line. For Regex - Enter URLs like ^client[0-9]\.google\.com , ^app\.slack\.com/./netskope, or ^google.com, separated by new line). | Required |
list_type | The URL list type. Possible values are: exact, regex. | Required |
deploy | Whether to deploy URL list changes or not. Default is False. Possible values are: True, False. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
Netskope.URLList.id | Number | Netskope URL list ID. |
Netskope.URLList.name | String | Netskope URL list name. |
Netskope.URLList.data.urls | String | Netskope URL list data URLs. |
Netskope.URLList.data.type | String | Netskope URL list data type. |
Netskope.URLList.data.json_version | Number | Netskope URL list data JSON version. |
Netskope.URLList.modify_type | String | Netskope URL list modify type. |
Netskope.URLList.modify_by | String | Netskope URL list modify by. |
Netskope.URLList.modify_time | Date | Netskope URL list modify time. |
Netskope.URLList.pending | String | Netskope URL list pending status. |
#
Command example!netskope-url-list-create name="New QMASTERS list" urls="xsoar.com,qmasters.com,google.com" list_type=regex deploy=false
#
Context Example#
Human Readable Output#
URL List
Id Json Version Modify By Modify Time Modify Type Name Pending Type Urls 12 2 Tal New Token 2023-07-18 Created New QMASTERS list pending regex xsoar.com,
qmasters.com,
google.com
#
netskope-url-lists-listGet all URL Lists or a specific by specifying the list ID.
#
Base Commandnetskope-url-lists-list
#
InputArgument Name | Description | Required |
---|---|---|
url_list_id | The URL list ID to get. | Optional |
pending | Get a list of only applied or pending URL lists. Possible values are: applied, pending. | Optional |
field | Comma separated data values to return in response call (for example: name, id, data, modify_by, modify_time, modify_type, pending). Defaults to all values. | Optional |
all_results | Whether to retrieve all results or not. Defaults is false. Possible values are: True, False. | Optional |
limit | The maximum number of records to retrieve. Default is 50. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
Netskope.URLList.id | Number | Netskope URL list ID. |
Netskope.URLList.name | String | Netskope URL list name. |
Netskope.URLList.data.urls | String | Netskope URL list data URLs. |
Netskope.URLList.modify_by | String | Netskope URL list modify by. |
Netskope.URLList.modify_time | Date | Netskope URL list modify time. |
Netskope.URLList.modify_type | String | Netskope URL list modify type. |
Netskope.URLList.pending | String | Netskope URL list pending status. |
#
Command example!netskope-url-lists-list
#
Context Example#
Human Readable Output#
URL List
Id Json Version Modify By Modify Time Modify Type Name Pending Type Urls 1 2 example@qmasters.co 2023-07-16T00:00:00.000Z Edited myList applied exact g.g 2 2 Tal New Token 2023-07-18T00:00:00.000Z Edited NewURLList applied regex google.com 4 2 Netskope REST API 2023-07-05T10:24:57.000Z Edited Tal-newURLlist applied exact google.com,
www.abc.com,
example.com,
lulu.com5 2 Netskope REST API 2023-07-05T00:00:00.000Z Created New URL list applied exact google.com,
example.com,
lulu.com6 2 Netskope REST API 2023-07-05T00:00:00.000Z Created New URL list 2 applied exact google.com,
example.com,
lulu.com8 2 Netskope REST API 2023-07-17T00:00:00.000Z Created NewNewURLlist applied regex xsoar.com,
qmasters.com9 2 Netskope REST API 2023-07-17T00:00:00.000Z Created NewNewURLlist1 applied regex xsoar.com,
qmasters.com
#
netskope-url-list-deleteDelete a URL list by the list ID.
#
Base Commandnetskope-url-list-delete
#
InputArgument Name | Description | Required |
---|---|---|
url_list_id | The URL list ID to delete (use netskope-url-list-list to get the URL list ID). | Required |
deploy | Whether to deploy URL list changes or not. Default is False. Possible values are: True, False. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
Netskope.URLList.id | Number | Netskope URL list ID. |
Netskope.URLList.name | String | Netskope URL list name. |
#
Command example!netskope-url-list-delete url_list_id=10
#
Context Example#
Human Readable OutputThe URL list 10 was deleted successfully
#
netskope-client-listGet information about Netskope SCIM users. The command provides a list of users who have been imported into the Netskope tenant through SCIM integration. Users imported through other methods, such as manual CSV import or manual creation, will not be included in the returned results.
#
Base Commandnetskope-client-list
#
InputArgument Name | Description | Required |
---|---|---|
filter | Filter the Netskope user by 'key eq value' template. For example: userName eq "someUserName" OR externalId eq "User-Ext_id". | Optional |
page | Page number of paginated results. Minimum value: 1. | Optional |
limit | The maximum number of records to retrieve. Default is 50. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
Netskope.Client.id | Number | Netskope client ID. |
Netskope.Client.name | String | Netskope client name. |
Netskope.Client.userName | String | Netskope client username. |
Netskope.Client.externalId | String | Netskope client external ID. |
Netskope.Client.active | Boolean | Netskope client activate. |
Netskope.Client.emails | String | Netskope client emails. |
#
Command example!netskope-client-list page=1 limit=2
#
Context Example#
Human Readable Output#
Client ListShowing page 1. Current page size: 2. |Client Id|User Name|Given Name|Family Name|Emails|Active| |---|---|---|---|---|---| | 6a4dbb07-f465-4a6c-8af2-1c84ced65010 | upn1 | first_name | last_name | email1@netskope.local | true | | f8d26597-e4a4-400d-a24b-40318a9e80e5 | upn2 | first_name1 | last_name1 | email11@netskope.local | true |
#
netskope-url-list-add
Update the URL list with the values provided. Note that this command appends the list.
#
Base Commandnetskope-url-list-add
#
InputArgument Name | Description | Required |
---|---|---|
url_list_id | The URL list ID to update (use netskope-url-list-list command to get URL list ID). | Required |
urls | The updated URL list items (For Exact - Enter URLs like .example.com, or IP addresses, separated by new line. For Regex - Enter URLs like ^client[0-9]\.google\.com , ^app\.slack\.com/./netskope, or ^google.com, separated by new line). | Required |
list_type | The updated URL list type. Possible values are: exact, regex. | Required |
deploy | Whether to deploy URL list changes or not. Possible values are: True, False. Default is false. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
Netskope.URLList.id | Number | Netskope URL list ID. |
Netskope.URLList.name | String | Netskope URL list name. |
Netskope.URLList.data.urls | String | Netskope URL list data URLs. |
Netskope.URLList.data.type | String | Netskope URL list data type. |
Netskope.URLList.data.json_version | Number | Netskope URL list data JSON version. |
Netskope.URLList.modify_by | String | Netskope URL list modify by. |
Netskope.URLList.modify_time | Date | Netskope URL list modify time. |
Netskope.URLList.modify_type | String | Netskope URL list modify type. |
Netskope.URLList.pending | Number | Netskope URL list pending. |