Hello Folks,
Below you can find a recap of questions asked at the February office hours session and those sent in that we were not able to cover during the session. Feel free to comment and continue the discussion, as well as attend future sessions that can be found on the Community Events Calendar!
Q: We noticed that the community page looks different now. What happened?
A: We recently launched a new version of Netskope Community, and that is why you may have observed many changes in our community page. The URL remains the same, so you can still visit our community through https://community.netskope.com/. Advanced Analytics section is still located in the new community landing page, where you can access all the features like dashboard gallery, discussion board, and training resources.
We are still updating the new community page, so you may see additional changes in the upcoming weeks or months. In the meantime, please feel free to share any feedback and let us know if you have any questions!
Q: How to create a report that pulls a list of users, sorted by session count (high-low), for a filtered application?
A: We can create the report with Page Events. To return a user list by session count, we only need to add two fields to the visual: “User” and “# Sessions.” To view the results based on a particular application, add the “Application” field as a filter and select your preferred application name, e.g. Google Drive. You will then get a list of users with their corresponding session count in Google Drive.
To sort the list by session count, click the arrow button next to the “# Sessions” field. This will allow you to sort the data, either ascending or descending.
For more details about how to create a report or visual in Advanced Analytics, please check out our Training Resources Post.
Q: What are the top use cases that your customers are using Advanced Analytics to address?
A: One of the top use cases is about assessing the organization’s security posture and to understand how Netskope is protecting the organization. Our CASB & NG-SWG Operationalization Dashboards can help with this. These two dashboards help you maximize the ROI of your Netskope investment by highlighting ways to ensure you are using Netskope products to their full potential.
Another popular use case is about managing access to AI applications, which can be achieved using the AI Usage Dashboard in Netskope Library. An updated version of this dashboard can also be found here.
Q: What are some good reports for board reporting?
A: The CASB & NG-SWG Operationalization Dashboards mentioned above are good options. If you want to focus more on the big picture (e.g. high-level security overview) for board reporting, we recommend starting with the Cloud Risk Assessment - QBR and CISO Dashboard in Netskope Library.
Q: We're currently a CASB only customer. What value would adding SWG offer?
A: Netskope NG-SWG helps you monitor and control user access to the web, protect against web-based threats, and enforce security policies. It filters and inspects web traffic to ensure it meets your organization's security requirements. A typical use case with NG-SWG in Advanced Analytics is managing web traffic through SSL Inspection Rate.
More details about Netskope NG-SWG can be found here. If you have any questions or want to enable NG-SWG, please reach out to your account team.
Q: How can I share my Advanced Analytics dashboard with someone else?
A: There are two ways to do this: (1) Download and schedule the dashboard so the recipient will get a pdf or csv export. Always test the output by yourself to be sure of what will be sent. (2) Use the “Share with Executives” feature to share a live version of the dashboard. Please note that drilling is disabled for “Share with Executive” views, which prevents unauthorized views of detailed data. Here are helpful resources on each topic: Scheduling & Share with Executives.
Q: How can I access device data, and what is the retention?
A: If you are interested in device data, please reach out to your account team. We will then enable the data for your environment and share with you the Device Client Overview Dashboard. More information about device data can be found here.
NAA is enforcing device data retention based on your SKU, just like all the other data collections.
Q: What is the difference between different status fields in device data?
A: For client status in device data, there will be three different fields: “Client Status,” “Current Client Status,” and “Historical Client Status.”
“Client Status” shows the last updated Client status based on timestamp. It will change with the timestamp filter.
“Current Client Status” shows the current (real-time) Client status. It does not change with the timestamp filter.
“Historical Client Status” is the “change to” Client status. It is returned only when there is a change in Client status.
Q: What does the “null” Client status mean?
A: “Null” in Client status means the service is not active/activated for the device.
Q: How do we handle “false positives” on malware blocking?
A: If you sense that a particular malware alert is a false positive, please first lookup and get more details around the file hash value and see if other detection engines find the file as malicious. If there is no detection elsewhere, the best way is to raise a ticket with Netskope Technical Support for investigations on the file.
If the file is found to be clean and safe, the file hash will be whitelisted from Netskope’s backend. If it is impacting a larger audience, you can tentatively allowlist the file hash using a Custom Threat Protection profile.