Github applications is showing browsing activity

  • 10 August 2023
  • 5 replies
  • 29 views

Badge +4

The requirement is :- User should able to access a corporate instance of Git-hub but not any other instance of git-hub.

 

I have created app instance for a corporate instance of Git-hub and configured the policy to allow all activities. 

 

2nd policy after that is to block all activities for the application Git-hub ( to match all other git-hub instances)

 

with this, I am not getting an expected result

When user is accessing corporate instance, Netskope is showing Browsing activity and getting blocked in 2nd policy.

I have checked the list of activities for app Git-hub but there is no Browsing activity mentioned

 

Any expert comments and guidance here pls...

 

 


5 replies

Userlevel 6
Badge +16

@kunalgandhi this is likely because Instance is not detected until an activity occurs in the app.  There is no instance to detect on the initial navigation (Browse) to Github.  Do you have activities selected in the second policy or is it set to Any?  If it's set to Any, change it to explicitly select all activities you want to block outside of your instance.  This will allow the initial navigation but block the activities if the users accesses an unsanctioned instance.  You can further mitigate accessing unsanctioned instances by blocking the Login if they aren't using your corporate domains (see below).  My Corporate Domains User Constraint is for any domain that doesn't match my corporate domains:

The below policy then blocks logins that don't match my corporate domains:

 

Badge +4

@sshiflett Thank you very much for looking into the and giving your input.


In 2nd policy, I explicitly selected all activities to block ( not Any)
When users access the corporate instance of Git-hub, 2nd policy is hitting and blocking as browsing activity is detected.

I like your approach of blocking the login when users are not using corporate domains.

I will try this.

Thank you again.

Userlevel 6
Badge +16

 something appears to be working incorrectly or perhaps additional configuration is required.  Browse should only be blocked when activities aren't selected when an application is selected.  Would you be able to provide a screenshot of the policy and one of the Alerts it generated?  You can crop out or obfuscate any sensitive data.  

Badge +4

@sshiflett ,

Thank you for looking into this.

 

Well, unfortunately I can't share the screenshot.

I am also surprised to see the browsing activities getting blocked.

 

Well, I have changed the approached and configure the policies as bellow :- 

 

Tagged corporate Git-hub instances as Sanctioned application.

Created 3 policies ( activities aren't selected in any policies)

1 – Allow corporate Git-hub instances ( activities aren't selected)

2 – Block Git-hub application which is tagged as Un-sanctioned application. ( all other instances of Git-hub)

3 – Allow Git-hub application

 

I have tested with personal git-hub, it is getting blocked by policy 2 which is expected behaviour.

I am going to test with corporate instance soon and will update you.

 

Badge +5

Check Application Events logged as Browse it's likely the user-agent is a cli based tool such as "git" for which Netskope will not be able to detect activity. If this is the case you may want to create a policy using Http Header regex for git to allow as needed to avoid the block.

Reply