Skip to main content
  • EN

In working with the Netskope CASB, we’ve had analysts come up with the question “would this URL be blocked?”  I know we can go into Skope IT and do a URL Lookup to see what categories a URL is linked to and what policies “cover” it.  However, this doesn’t see to answer the fundamental question, “would it be blocked?”  

There is the simple solution of, “just try it”, which will provide the answer, but this has some obvious downsides.  And it seems that the Netskope system must know if a URL is blocked or not, it will block browsing to a URL afterall.  

Is there something I am missing in the interface which does this?  Or, is there a safe way to validate a URL from an analyst’s system, which doesn’t involve “ya, just try visiting a potentially malicious URL”?

Sadly Netskope does not have a “Policy Trace” function like that of a Palo Alto firewall.

 

You can only really do a manual category check and compare that against your policies.

 

However, even if there was a policy trace it would not really be able to determine if the site was malicious without scanning any files being fetched. So either way you would be relying on your threat detection policies in the same way as the “just try it” approach.

 

There are also 3rd party tools you can check against such as virustotal and URLhaus to determine if the site is known to be malicious before attempting to visit a site.

 

 

Badges Winner

Show all badges

Not finding what you're looking for?

Don't be shy and let us know about your challenge.

Ask your question here!
Terms & ConditionsCookie settings