This has been one of my biggest challenges with Netskope. They started migrating to the v2 API over a year ago, yet there is still a large portion of the API that hasn't moved to v2 and there appears to be little movement that direction beyond the initial release.
The lack of movement to make everything available via v2 API makes any significant automation attempt a non-starter because the v1 API is fully unacceptable from a RBAC perspective.
We've turned down numerous third party deals, including even POC's of products that integrate with Netskope because of the API V1 requirement. It (API v1) is overly permissive and all data can be pulled from it. This puts a lot of focus on the integration vendor and in how they handle (and drop) data that isn't used. We can't even do POC's with it since we would likely want to cycle the API v1 secret after, but would then have to update all the other (trusted) sources we are integrated with.
@jpark124 Can you provide some use cases that you are looking to build with API V2 that you don't think you can do today?
There isn't a manage quarantine endpoint but an endpoint does exist in V2 (/api/v2/events/dataexport/alerts/quarantine) to list results of quarantine actions, maybe it has the information you are looking for but if not let me know and I'll see what I can find out.
@qyost V2 has continued to be improved by adding new capabilities that didn't exist in V1 and we will continue to add more to V2 this year so stay tuned. For example, these capabilities weren't possible in V1 or included in the original release of V2:
- One can interact with ATP, send files to Sandbox and review verdict
- List users confidence score which can then be shared with other 3rd parties that use user risk scores
- Input IOC hash and search for malicious detections and analysis results
- Get APP CCI information and add/update CCI Tags
- Manage Publishers for NPA
- Manage IPSec/GRE Tunnels
- Manage Private Applications
@myee wrote:
Can you provide some use cases that you are looking to build with API V2 that you
don't think you can do today?
What would I love to do via API
- Manage the policies themselves
- CRUD rules
- New policy sections
- Move rules
- CRUD Profiles of any type
- Manage and acknowledge alerts
- Manage administrative roles
- Manage administrative users
- Manage API tokens
- Manage Client Configuration profiles
- Manage Steering configurations
In reality, I want to manage my entire tenant configuration as code.
Also, audit logs of changes made via API could use some significant refinement and enhancement.
Hello @myee Thank you for your reply and context.
We are currently utilizing the Netskope integration via API (v1) to:
1. Get Quarantine List ( /api/v1/quarantine?op=get-files ) which looks like the v2 equivalent you listed ( /api/v2/events/dataexport/alerts/quarantine ) should cover
2. Add to Quarantine List ( /api/v1/quarantine?action=block&quarantine_profile_id=&file_id=&op=take-action )
3. Update a File Hash List ( /api/v1/updateFileHashList?name=&list=file_hash )
4. Allow from Quarantine List ( /api/v1/quarantine?action=allow&quarantine_profile_id=&file_id=&op=take-action )
We're really looking to update the File Hash List by name to add any new file hash IOCs using the v2 API so that we can scope down the permissions per customer request.
I understand if this is not possible now. Please let me know if Update File Hash List is under consideration. Thank you for your assistance and insight with this.
@myee Thank you for your response.
We're looking to utilize a v2 version of Update a File Hash List (/api/v1/updateFileHashList?name=name&list=hash&token=v1_token) to update a Filter Filter Profile with a new/requested hash/ioc
v2 would allow us to scope/pare down the permission to just this ( and a few others including update quarantine list) calls.
@jpark124 and @qyost Thanks very much for the detailed feedback. I am discussing all of your requests with the Product Manager for the API and will respond back when I have some information to share.
Yes, Please also include the Policies > Profiles > Custom Categories as a part of the feedback and discussions as well. Thank you!
@myee : It's been a few months, any updates to share?