Hello Folks,
Below you can find a recap of questions asked at the April office hours session and those sent in that we were not able to cover during the session. Feel free to comment and continue the discussion, as well as attend future sessions that can be found on the Community Events Calendar!
Q: Can I get visibility into geolocation data in Advanced Analytics?
A: Absolutely. We have 3 main use cases on geolocation data:
- PoP Usage Dashboard: This dashboard provides insights into Netskope Host Points of Presence (PoPs) detected in your environment, along with users connected. It helps you identify un-allowed PoP usage.
- # Consecutive Days Outside a Specific Region Dashboard: This dashboard returns the number of consecutive days a user's source country is outside a designated region. Use this dashboard to monitor and manage sensitive data movement outside the user’s assigned region.
- Office Locations Dashboard: Use this dashboard to gain insights into whether individuals within your organization are working from their assigned office locations.
Q: I want to know the number of tools/apps/licenses used by users and the number of hours of use per tools/apps/licenses and users.
A: The Application Category Dashboard can help. This dashboard allows you to view the top-used applications, risky applications, application instance tags, policies and alerts triggered within each category. To view the time spent on each tool/app, the YouTube Activity Dashboard can help. It provides visibility into how much time has been spent on YouTube in your environment. The dashboard can be customized to return time spent on any other applications using widget or dashboard level filters.
Q: How to determine if an application is sanctioned/unsanctioned?
A: You can determine if an application is sanctioned vs. unsanctioned. To do this, navigate to the CCI section in Netskope UI and edit the “Sanctioned/Unsanctioned” tag for the application.
Q: What determines if an application is risky?
A: The Cloud Confidence Index (CCI) indicates the risk level of an application. Netskope applies multiple metrics to assess the CCI of an application, including Certificate and Standards, Data Protection, Access Control, Auditability, etc. More details can be found in the CCI section of Netskope UI.
Q: Is it possible to tag the application at instance level
A: Absolutely. Within the CASB Health Check Dashboard, the Application Risk Management section provides visibility into applications and instances that can be tagged accordingly.
Q: Is there a report for Netskope Client versions detected in my environment?
A: Yes. Our Device Client Overview Dashboard can help. The "Devices by Current Version" and "Device Events - Detailed View" widgets from the dashboard provide visibility into Netskope Client versions detected in your environment. For more details about the dashboard, please view this blog: Introducing Advanced Analytics Dashboard for Analyzing Corporate Devices.
Q: How can I group data in Advanced Analytics? E.g. If I need a dashboard that shows all uploads to cloud storage, how can I create the dashboard?
A: The Category Summary Dashboard in Netskope Library is a good starting point. The dashboard provides visibility into uploads to cloud storage applications. To group the data by application categories, use the “filter” and “pivot” features.
Q: I keep seeing duplicate data. How can I get rid of that redundancy?
A: There are a couple of scenarios to consider.
Case 1: Sometimes, including a Timestamp field in the columns can cause duplications. In such cases, try removing the Timestamp field from your analysis.
Case 2: If duplications are arising due to including both CCI Application Category and Other Category in the columns, you can use the Aggregate feature to create a list of unique values.
Q: Do I have visibility into threat analysis?
A: Yes. Threat protection dashboard in Netskope Library helps to identify the value Netskope adds for threat protection and provide details of the threats detected. You can customize the visualization by using features like filters.
Q: Can I get visibility into transaction events?
A: Yes. The Transaction Events Investigation Dashboard in Netskope Library provides visualization to the raw event data. You can use the dashboard level filter feature to specify the information you’re searching for.
Q:Can I monitor uploads to webmail?
A: Yes. The Application Category Dashboard helps you to view the top-used applications, risky applications, application instance tags, policies and alerts triggered within each category. To view the webmail usage in the dashboard, use the dashboard level filter to specify the Application Category.
Q: Can I address private access infrastructure?
A: The Private Application Overview in Netskope Library helps you operationalize NPA by allowing them to understand the critical applications that need to be accessible via NPA. It gives an overview of the application usage, users and locations. You can use this dashboard to identify imbalance and odds of private applications.