Skip to main content
  • EN

The integration between Netskope CE CREV2 and CrowdStrike CNAPP (Cloud-Native Application Protection Platform) combines Netskope's ZTNA with CrowdStrike’s cloud workload protection capabilities to provide a seamless solution for securing cloud environments, particularly by enabling workload quarantine. Using this integration we can quarantine all the risky workloads via the Netskope CREv2

The workload quarantine feature ensures that in the event of a security incident or detection of a compromised workload by CrowdStrike CNAPP, the affected instance or service is quickly isolated from Netskope Tenant for the users, limiting the spread of threats across the cloud environment. This capability helps in rapid incident containment and response.

 

AD_4nXf6FsKYl01Q0v3ALFKCm6Pp1OLQ39FFypIPVmZ2ET2mv7H94mD-1KloGGRaUHZQzUu_2MbA6mFWSQxVaSa6cWcxKmFxbhlIslKFZy3HCjPR8Vv0Cr_CUuPCeaktubaskNVcLvMICIhUC_TXghju69pOdBUk?key=i7YWx_Sdfe-d9nKkblIgZg

Requirements

  • Cloud Exchange-5.1.0
    • Netskope Risk Exchange Plugin
    • CrowdStrike Cloud Protection Plugin
  • CrowdStrike CNAPP 
  • Netskope Tenant

 

Implementation

Configure the Netskope Risk Exchange Plugin

 

AD_4nXe-XA7WB3KdwkaLEM9oeQjbUm2CGEZ9l-hd9PzCxFuzHlr7beVdA5fmvF88snMsI69vGbZf_T5hUqhjFd-0z7kZbuWzET2ggNJdmGYW9nwDgD7u1L6JnRqRWJc-pA-gjr2GUSfqEksxQMhQwkf2o9Ylm0CR?key=i7YWx_Sdfe-d9nKkblIgZg

Configure the Entity Sources for the Netskope Risk Exchange plugin and click on save.

 

AD_4nXfUb9lX-nlVpkKhfY87kGuNw92XShdiPH_SYozf5pzmBYKgFoBxpnMdFE9yKoXLmr7wVoeALBQ_lpnkA2TYsYLFdylpIYGjQQFBoqdG6h_8rB4cWIBxP2bqsOn_DEHL-CzQScv2wyC2oqTB0OTyJpjYHRJC?key=i7YWx_Sdfe-d9nKkblIgZg


 

Configure the CrowdStrike Cloud Protection plugin

 

AD_4nXdZEJ6pdmy8Agye1gf1Iije3GhXDD_hru-ErQAcOAGeITn262KNnZhbkML2R7g5xYAFDkzCphkjAS_xiLPFjJYxDF5TxHDzAul42G4ll69zUvC-_u4TwrxJG3SpcHApA0FDeyndQmdDKNw_rLLQkpDX2WCE?key=i7YWx_Sdfe-d9nKkblIgZg









 

Create the API Client in CrowdStrike

 

AD_4nXcaMLkNpU3jf_5Ls9pKIjhkfJGld2nV2Jg_XDilyLJdQIm66Ttsj6DiDVk1simV5Qc7sZX9FpFBe9AFAQXY6GwPBKz-e5PXYXG120JmQ4miMhP4zS2fQiHlsKGqKzGx6VKGCcO0Mvh5yoEZYjOZtzlbbT0?key=i7YWx_Sdfe-d9nKkblIgZg

 

Configure parameters

AD_4nXfg-hByCNF23m1TUL4mIrJ-kN2eW6JUzfCAkDzRd8EPO4bUfVvUH4E111gcUK3550eYmg8CTnjPMiN13Rwi4IXM-Y93Oiv5ejDB3S46eiCPCK8ja5e-pZWxv2jKf-zxpI62sAKALrIlZp-diin8T_bQmw_r?key=i7YWx_Sdfe-d9nKkblIgZg

Configure Entity and click on save

 

AD_4nXd0Em8nvlyP0etudYvbmQqcDmb-576XgQqner-nNmRlYGUI6EOU5QGZ_WobkqSbDAdkgm9MpQQwT8FQxcwyeqL42JbUhyuP7N_KK7waN2lRrMG-WWbwpHUsVNfUJ5tndeeKjI4-BOlsPlmQcFXZQZg3ry0r?key=i7YWx_Sdfe-d9nKkblIgZg


 

After both the plugin configuration you can find the Indicator of misconfiguration in CrowdStrike Cloud Security.

 

AD_4nXfKVvxkuS0ESQeRBGhwuLg5zbezijMRxQIiyQcwezFE9_Q79TdqMDsPqRvO70EepCRHGterH9mcipekkoWXEgRZovFuASrBhck8q-lW9OAO_ZIG7TX3MtJBLx3wSKCHqlvUHiWzcR68yy_QTebvwqeljsR4?key=i7YWx_Sdfe-d9nKkblIgZg


 

All the fields in the Entity can be found under the Schema Editor. You can create new Entity with different fields or use the existing one.

 

AD_4nXciDTGo7WIv2hQW74HD3doeWhxVJ9HjGprSyJ7u8I1OR3IIpu8L5IiVwNrV4r89zm_zjt6oo1JmNs-xfJB0eLB7y7YXYYo4MAnO2PbV68DnMczc3PY1gGSsZ_M0Ba111VIpf2YjG5rtGS7zlDrFtpMjYC02?key=i7YWx_Sdfe-d9nKkblIgZg

 

After all the configuration you will start seeing the records for different workloads being fetch with the risk associated with the workloads

 

AD_4nXecQw-xnvna7xWFUceH3NjtXJ_AVTzmS4XhD41BUvFcEOvWUAXQhCdjtdJPIFnVVhtNyHt34diFmYeuEU6J9DvSj8gEYiVvZhTdHGU79V3IAzQEChB6mfGRHYCML2zy6r9Z5YuVjz6hDuRnqGSjan4Cpi4?key=i7YWx_Sdfe-d9nKkblIgZg

 

Create the business rule for any High or Medium workload.

 

AD_4nXcwMDU1F8HOiEfE84ffktcrjjL5xGq-rujJS-IMu5UGi7x3mVqcf--6DZt_ZoFC_9pQtV3sstt1jHx_XH0fdkeGKNoIDNoznH6Ov-daVsGRZyLMv6bR-6XlTNp69fWqY3ZYKD9_PwQ4jYYTOOnY6aqpkNWP?key=i7YWx_Sdfe-d9nKkblIgZg

 

Currently the malicious workload is can be access as we haven’t taken the action or configure the action configuration

AD_4nXf39U2RR2BH8xzXHpGLvEHWewOhrR3_FHpmp7q6Zov--EZvmmkG71lv9JfElu-Zm210j0g_G7SPFch488jBcXk8qM-SQH32TkOnp8dsEHVl1k1eibzDJXKptYu1isda_6LGsoy-MDZP9rsHVLwN0t05XQG8?key=i7YWx_Sdfe-d9nKkblIgZg


 

Create action configuration for the workload quarantine. Additionally the Malicious Workload App I have already created in Netskope

 

AD_4nXeiijb_tevmpVhbvnaRl-8CyrRaEtOdKlfpvHS9xANEq31c4yMfKkZHJ5SDmZxOjnQBbHJA9SdvM4pgaT8FpMuLCkow6fb_jqZ5vJX0kKZYrbm1_71ELIXeTVZRTSFl9Wpf3UHk_qgiGxpShtMoEgU-TilF?key=i7YWx_Sdfe-d9nKkblIgZg


 

Before executing the action configuration. Let’s create the Private App policy in Netskope.

AD_4nXcL3uQvaBFaTWlegEozHArIbNX2EoQp4uCz-r6-4Q5y_fVj0fL8DfI0xQ6ImTJP0IzRFSds-cO93IdHlorLfhq3XCoyMARvVeBzSxOmzQo9VPpyfe-ikZWdN7y_7E7asFq5r5Tu60dIAALbo2f6PUlNZq2L?key=i7YWx_Sdfe-d9nKkblIgZg

 

Malicious Workload Private App before the Action configuration execution.

AD_4nXf6n9A-JesLsvOikWmS_5GD_tmENzUb1rargtIqIU1iL4U0UhZZds8QUyAFOtQbMK1ujZ0MZQGNroDq4rwTmdyoOrHDeGGpZYCH1Aol3Cy5ObCWmtSi5j9lCbZw9YDRaiRRaRz59_D1MIheyoFbeMwTSJ8O?key=i7YWx_Sdfe-d9nKkblIgZg


 

After the Action execution

 

AD_4nXfQZGyhazWyAxNpXj14-WGWWJL9J3Jzil7y5K-DvpF29QJTe8XNoVvK8srAR9uLU6BfrUfhhUQXjEjaGKJRF6_GkMnnD-o0BsX5oRBR1ojYFzfDAsaFdRh1xoWt8cfH7NCgPa5KE4oeuJcywHIP0QSz4Uo?key=i7YWx_Sdfe-d9nKkblIgZg

 

AD_4nXcfSztusxszYoJNn-POlYYGdO4oPmMymCGdJB-H75GMl8ks6ESW4PHg0xuIhz6sWys47tZJOAV8uzdJ3YZDeNsjLynlpnCUGnYaKnL9Jv0TgacZEgonPB-dLxaVQSTeKasR5RoxVfI1tYCsbvSo3P80fyBY?key=i7YWx_Sdfe-d9nKkblIgZg

 

Netskope client has started taking action on the Private App

 

AD_4nXd9PFzTm2OeTdM_9eroqORQfQ1c0xp8Q76bdWxUys6nGuzGp_3Gk02SqyNVGty_3sejfOgK11kARxKy3rFiH-dotJhWbvyTHVd9UX049set-EEFWQB2TVC8JzET-oQYXY8JDwbcCVV9cLusfppdfCt3lkU?key=i7YWx_Sdfe-d9nKkblIgZg

Security and business outcomes

Automate the process of quarantining  Malicious Workload. As soon as workloads are detected to be malicious by the CrowdStrike CNAPP, CloudExchange CREV2 can take the action of moving those workloads in the some different category or assigning with the tags which can help in taking the action of Blocking those app via the Netskope policy.

 

Be the first to reply!

Reply


Terms & ConditionsCookie settings