Unanswered questions

Hello Team,We were trying to automate sending user invites over email which we are currently doing manually using as per below KB. Can Netskope team develope an API endpoint to send user invites over email.Sharing the documentation of the Netskope User Invite process which we are trying to automate but not able to find API endpoint to perform the task.https://docs.netskope.com/en/netskope-client-enrollment-using-email-inviteWe have also raised a Netskope case - 00643908

Team,We are facing an issue with GitHub access control, where we are unable to restrict access to Enterprise accounts only and block access through personal or external domains.During our investigation, we observed that the instance is identifying the user as IRIS_mansi.mittal instead of the corporate email address (mansi.mittal@irissoftware.com). Due to this, we are unable to apply the required controls based on the enterprise domain.We need assistance in understanding why the instance is capturing the username in this format and what configuration or solution can be implemented to enforce access only for Enterprise accounts while restricting personal or external accounts.Please help us with the recommended approach to resolve this issue.

In our environment, we found that M365 Copilot Cowork is not working when user’s connection is protected behind Netskope. Other customers using Netskope seems to be reporting the same issue as well.Microsoft’s documentation on network requirements for Copilot Cowork has been published here Cowork network endpoints (Frontier) | Microsoft Support and they cited requirements around supporting long-lived connection. Microsoft support has also shared an internal document that mentioned about the use of Server-Sent Events--which based on Internet research is not something SASE/SWG products support by default.Do you have a recommended configuration that we can use to make Copilot Cowork to work behind Netskope? Any plan to make this configuration to be part of the standard M365 policy from Netskope so that we don’t need to request a configuration change in our company? 

Hi all, just reposting this in the ZTNA channel.The script allows for automated deployment for Netskope Private Access Publishers in AWS using CloudFormation. I updated the script to support the latest publisher and Ubuntu version.https://github.com/Mitsj0l/Netskope-ZTNA-Publisher-AWS-CloudformationIf you are interested in this you might also want to checkout: Copy from the GIT:This repository contains:netskope-publisher.yaml netskope-parameters.json nsk-deployment.shThe deployment flow is:CloudFormation creates the AWS resources. User data downloads nsk-deployment.sh from S3. The script creates the Publisher in Netskope. The script retrieves the registration token and registers the Publisher. Optional post-registration steps can run automatically: Browser Access AnyApp enablement System update and publisher image upgrade sensitive artifact cleanup

Hello Everyone,Hope All are doing well.I have some query regarding SAML-Forward Proxy Secure Enrollment..We’ve successfully completed the integration of Netskope Forward Proxy with Microsoft Entra ID (SAML), and everything is functioning as expected.Configuration Summary Microsoft Entra ID Created Enterprise Application Completed SCIM Provisioning Verified user synchronization on Netskope Configured Single Sign-On (SAML) for Netskope Forward Proxy Netskope Configured SAML Forward Proxy and exchanged certificates successfully Tested the configuration using the SAML Forward Proxy test button — validation completed successfully ✅  Client Enrollment BehaviorAfter deploying the Netskope Client agent, users are prompted to authenticate using Microsoft Entra ID credentials via SAML. During the enrollment process, however, the configuration download fails, displaying an Enrollment Error message.To isolate the issue, we temporarily disabled Secure Enrollment under

Hello Everyone,I am currently working on a requirement to block the chat feature on X.com. I have attempted to restrict access by blocking relevant URLs and applying regex patterns; however, these approaches have not been successful.I also tried identifying the exact destinations used by X.com for its chat functionality, but was unable to pinpoint them.Could anyone please assist or share guidance on how to effectively implement this use case?Thank you in advance for your support.

Are their plans to fully support Linear (linear.app) as a steered app, so I can build real-time CASB DLP policies for it? Or, will you be supporting it as a NextGen CASB API app? Thx

Hello Everyone,I have a query regarding Netskope with Sensitivity Labels for Email DLP.We’ve successfully integrated Netskope with Sensitivity Label Integration so that all labels are published into Netskope. For Cloud and Web traffic, DLP enforcement is working perfectly with label‑based rules.Current Email DLP Setup Created DLP Entities, Rules, and Profiles for all labels: Public, Restricted, Secret, Top Secret. For Word documents, we extracted metadata via File → Info → Properties → Advanced Properties → Custom tab. And created a Regex Entity. Example: ClassificationContentMarkingHeaderText.*Restricted Used these regex entities in SMTP DLP policies. Real‑time protection policy adds headers for enforcement: X-Netskope-Action: Block This works fine for Word attachments  (Emails) — detection and enforcement trigger correctly. What I’ve Already Tested GUID‑based approach: Extracted GUIDs from the MIP portal and created a custom regex Entity for e.g.: MSIP_Label_4119f1cb-5a0c-41ad-

We are facing one issue where users are sharing google docs from external domains eg: gmail.com to nykaa.com, and nykaa.com users are able to access the google docs or sheets on which they can paste /write the sensitive information.So how do we block this transaction with Netskope

HI Team,We are currently receiving 24-hour scheduled reports for USB activity from Netskope; however, this does not fully meet our organization’s monitoring requirements.We would like to highlight a specific requirement from our end:• Whenever USB access is granted to any user, we need the ability to capture and receive activity details immediately (near real-time or on demand).• The report/log should include:o User detailso Device informationo Type of activity (Allow/Block/Alert)o Files accessed or transferredo Accurate timestamp of the activityAt present, while these activities are visible in the Alerts/Events section, the scheduled 24-hour reports do not provide complete visibility, especially for all actions (Allow/Alert/Block) in a timely manner.Therefore, we request you to:1. Validate this requirement from a product capability standpoint.2. Confirm whether real-time or near real-time reporting/export for USB (Device Control) activity is feasible.3. Advise on any configuration cha

After 4 months, is there any updates on Google search AI detection and how to practice a better protection method to prevent potential data breach with this interaction.  

I am experiencing intermittent periods when I am unable to update incidents (In Progress/Resolved/False Positive) which last for hours at a time. Is it possible that another user making changes is causing this?

Hello.Netskope was installed to replace a competitor product and I have been having intermittent issues ever since. Sometimes the laptop can be up for days without issue - sometimes I have to reboot multiple times in a day. - I cannnot replicate this issue at will.After a reboot the laptop Non-Paged Pool is approximately 1.2GB - that looks high but I had no reason to look at this before the Netskope client was installed.Usually the first I am aware of an issue is in a Teams call - when it becomes unresponsive - but not every Teams call.When I look at the non-paged pool size it is up to about 26GB. at this point nothing much works and I have to Hard reset the laptop (Hold the power button down for 20 seconds),I have a higher end DELL laptop with 32GB of Physical memory installed (the standard is 16GB).I now find myself camped in Task Manager watching the value to see if it is rising - and rebooting the laptop before every important eams call, just in case.Using tools I cannot attribute

Question for the community…..Assuming we are blocking the following 2 categories (and of course blocking all of the known malicious)"Newly Observed Domain" "Newly Registered Domain"What is the opinion as to allowing “Uncategorized”?   I do understand that it is not impossible that a malicious link (in an email for example) could contain just an IP address (since all IP addresses generally are categorized as “Uncatgorized” by default) and therefore is an outlier risk (as uncommon this may be), but are there other known risks here I am not considering? The reason for the ask is that we have found that websites that are categorized by Netskope, on occasion at least, are legitimate business sites and thus have negative impact.  While we can add these to a custom policy that will allow access, it is a bit of a whack-a-mole exercise in futility since sites are added to this list all the time.

We are currently observing multiple “Compromised Website” alerts in Netskope for several local news websites and some insurance company websites that users frequently access.These appear to be legitimate websites, but Netskope is flagging them as compromised or malicious. We would like to understand: What threat intelligence source/classification is being used for these detections? Has anyone else experienced similar alerts with legitimate local news websites? Could this be related to shared hosting reputation or a temporary website compromise? What is the best approach to validate whether these are true positives or false positives? We are trying to determine whether the websites are genuinely compromised or if additional tuning/exclusions may be required.Any guidance or similar experiences would be appreciated. 

I would like to find out whether the Netskope POP IP addresses change frequently.We currently have a cloud-hosted application that only permits access from our organization’s public internet IP address. However, the monitoring TVs are connected to the same LAN as the User LAN and their traffic is routed through the Netskope tunnel.Due to this setup, the source public IP seen by the cloud application may become the Netskope tunnel IP instead of our normal internet public IP.Kindly advise on the following:Should we whitelist the Netskope tunnel/POP IP addresses on the cloud application side?Is there a way within the Netskope proxy configuration to bypass the Netskope tunnel for this specific application or traffic, so that it uses our normal public internet IP instead?If bypass is possible, what would be the recommended approach or best practice? 

Hello TeamI'm setting up the Log Shipper plugin in Cloud Exchange and I'm getting the error shown in the attached image. Steps taken:I've already updated the API token generated in the Netskope tenant (with the necessary permissions for integration with CE).I have verified connectivity between Cloud Exchange and the tenant.Despite this, the system won’t let me complete the plugin creation. Has anyone experienced a similar issue, or do you know if there are any additional settings in the Log Shipper configuration that I should check?Best regards :)

From the investigation:The primary application itself is not being blocked. During the session workflow, the application initiates requests to external third-party tracking/analytics domains. Netskope identifies the traffic under the application context, but the actual blocked request is towards a third-party analytics/tracking endpoint. The current policy categorizes the request under a risk/control policy and blocks it, resulting in a user-facing warning/interstitial.Requirement:Allow the application workflow to continue without user interruption. Avoid broadly allowing all third-party tracking traffic globally. Maintain the existing security posture and policy controls.Questions:What is the recommended Netskope approach for handling embedded third-party analytics/tracking requests initiated from applications?  embedded third party urls are connect.facebook.net/log/error , facebook.com/tr & www.facebook.com/privacy_sandbox/pixel/register/trigger/ Is there a best practice to suppr

Hi there,Currently Netskope has a process to encrypt the forensic data collected via DLP incidents. However once encrypted this data can the only ever be accessed the netskope, which prevents legal investigations or ever migrating this data away from netskope.Therefore there should either be a way for user to bring their own keys for this encryption, so it can also be managed separately or have a break glass process so in the need of accessing outside netskope it is possible.Thanks