⚙️ Introducing the Netskope MCP Server (Netskope Hosted Technology Preview): The Evolution of Context-Aware Security

The Netskope Model Context Protocol (MCP) server was initially introduced as a self-hosted prototype, marking a significant first step in integrating Netskope’s rich security context directly into Large Language Model (LLM) workflows. This initial version demonstrated the power of the concept, enabling pioneering users to run a Docker image and establish a vital link between their LLM agents and the Netskope platform.

Today, we are announcing the Netskope MCP Server Hosted Version in Technology Preview, building upon the capabilities of the initial prototype while dramatically simplifying deployment and adoption.

📈 Enhanced Accessibility: Zero Infrastructure, Immediate Value

We have moved from a "bring your own infrastructure" model to a fully managed service, eliminating the overhead of self-management. The benefits are clear:

• No Containers Required: We have eliminated the need for local Docker execution or complex infrastructure setup.
• Instant Connection: Access is provided via a direct, secure hosted URL, allowing for immediate integration with your AI agents.
• Streamlined Adoption: This hosted approach accelerates the path to leveraging context-aware AI, allowing security teams to focus on insights rather than maintenance.

🌉 Context is Control: Unlocking LLM Potential

The Netskope One MCP Server functions as the critical link that empowers leading LLMs to access, understand, and act upon the vast security data and controls within the Netskope platform. By equipping foundation models with this context, organizations can integrate crucial security insights—from your Netskope environment and beyond—directly into sophisticated analysis and management workflows.

Architecture: How It Works

The MCP server acts as an intelligent bridge sitting between your AI Client (such as Claude Desktop or Gemini CLI) and the Netskope platform.

• Input: The server accepts tool calls from the AI Client in the MCP protocol.
• Processing: It translates these requests into specific API calls—executing JQL queries, SCIM actions, or policy updates against the Netskope tenant.
• Return: The server returns the output from the Netskope Platform back to the LLM Client.
• Finalized Output: Your LLM Client then uses the data coming from the Netskope Platform to form a human-readable summary or results for you.

Below is an overview of the comprehensive toolset available through the MCP Server API:

🛠️ Comprehensive Netskope API Toolset

The MCP Server exposes a powerful set of tools, organized for clear utility and efficient LLM operation. The hosted server acts as a comprehensive toolkit for security operations, exposing over 60 tools organized into key API categories:

• Events API: Search alerts, incidents, application usage, and network traffic using 13 specialized tools.
• Incidents API: Manage DLP incidents, retrieve forensics, and analyze User Confidence Index (UCI) scores.
• Services & Policy API: Assess app risk (CCI), tag applications, and deploy URL filtering policies.
• Users API (SCIM): Provision and manage users and groups using SCIM 2.0 standards.
• Documentation Search: A dedicated tool to search official Netskope guides and release notes directly from your AI chat.

The tool list is evolving; please refer to the user guide hosted at https://mcp-preview.goskope.com/ for the latest supported tools.

You can further experiment with it in a demo environment and configure the MCP Server for other API collections as well, e.g. platform, policies, etc. For more information, refer to the command line arguments to the docker image given below. 

See the Netskope MCP server in action

• Perform user risk investigation to prioritize alerts
• Investigate a DLP incident and generate an executive summary
• Perform client version analysis to inform remediation

💡 The Power of "Prompts"

Beyond individual tools, the server introduces 7 Specialized Prompts. These are pre-built, multi-step workflows that orchestrate multiple tool calls to perform complex tasks automatically. These prompts are also evolving; please refer to the user guide hosted at https://mcp-preview.goskope.com/ for the latest supported prompts.

• Application Activity Analysis: Analyze SaaS usage patterns, Cloud Confidence Index (CCI) scores, and policy adherence.
• Incident Analysis: A comprehensive workflow for deep DLP incident investigations.
• Insider Risk Analysis: Multi-vector user risk analysis spanning UBA, DLP, and malware alerts.
• Security Posture Report: Automate the generation of detailed HTML security posture reports.
• Client Version Analysis: Analyze non-compliant Netskope Client Versions deployed in your organization that are running versions older than the Golden Release.

🚀 Getting Started: Connecting Claude Desktop and Gemini CLI

Connecting to the hosted preview is streamlined through the use of a secure hosted URL.

Step 1: Obtain Your Credentials To connect, you will need three items:

• Tenant URL: Your organization's Netskope tenant (e.g., mytenant.goskope.com).
• API Bearer Token: Generated from your Netskope admin console (ensure the token has the right permissions to invoke the Netskope Tools).
• Access Code: A unique 6-character security code required for the hosted URL path.

Step 2: Configuration The Hosted MCP Server supports leading LLM agents including Anthropic Claude Desktop and Gemini CLI.

Option A: Claude Desktop Setup To integrate the MCP server with Claude Desktop, you need to add the server configuration to your claude_desktop_config.json file. Use the following JSON snippet:

JSON

{
  "mcpServers": {
    "netskope": {
      "command": "npx",
      "args": [
        "mcp-remote",
        "https://mcp-preview.goskope.com/{tenant_name}/{access_code}/mcp",
        "--header",
        "Authorization: Bearer ${NETSKOPE_API_TOKEN}"
      ]
    }
  }
}

Note: Ensure you replace {tenant_name} and {access_code} with your specific details, and set the NETSKOPE_API_TOKEN environment variable on your system.

Client setup instructions may vary, and support for additional clients is expanding. Please refer to the user guides and best practices here: https://mcp-preview.goskope.com/.

⏭️ Next Steps

The Netskope MCP server represents a significant leap forward in bringing deep, actionable security context into generative AI workflows.

Please note: As a Technology Preview, this hosted version is intended for evaluation and demonstration environments, not for production deployment. This is covered under the Netskope Development Materials and Test Agreement. Please reach out to support@netskope.com or your account representative for more information on this.

We invite you to experience the simplified integration and advanced capabilities of this hosted service. If you have not done so already, please request access to the Technology Preview here: https://www.netskope.com/lp-try-the-netskope-mcp-server