July 2024 Office Hours Recap

Hello Folks,

Below you can find a recap of questions asked at the July office hours session and those sent in that we were not able to cover during the session. Feel free to comment and continue the discussion, as well as attend future sessions that can be found on the Community Events Calendar!

Q: Are there any AI specific reports that are new in the last 2-3 months?

A: The updated AI Usage Dashboard. This dashboard displays AI usage within a customer environment and highlights any controls that are in place to manage AI traffic. A major update to this dashboard includes the Application Instance widget, which uses a Sankey chart to clearly illustrate the traffic flow of AI app usage. You can dive into the widgets for more detailed insights.

Q: Where is the data source of the AI Usage Dashboard residing?
A: The data for the AI Usage Dashboard is sourced from Application Events, which syncs data from Netskope Skope IT. For more information, you can refer to the Application Events Intro Doc.

Q: If I click on the data flow of the Sankey chart in the AI Usage Dashboard, what will I see?

A: Currently, Advanced Analytics doesn’t allow users to drill into the data flow of the Sankey chart. However, you can view the details in the table widget next to the Sankey chart. Alternatively, you can explore the Sankey chart by viewing it as a table, which will display the data details.

Q: Can we extract a visual report of a user’s data utilization for a period of 3 months?

A: Yes, you can use the User/Organization Unit Summary Dashboard in the Netskope Library for a general overview of data flow, including app activities, web traffic, data movement, and risky data movement over the period.

For a more in-depth investigation, the User Investigation Dashboard provides a comprehensive view of user behaviors and data flows, including details on SaaS identities, accessed applications, instances, activity performed, and resulting policy actions. You can also customize the User Stitching Sankey chart by removing unnecessary fields, adding timestamps to see when alerts are triggered, and switching the visual representation to a line chart for better insights.

Q: Is it possible to restrict access to a dashboard for specific users or user groups only?

A: Yes, you can move the dashboard to your personal folder to restrict access. Click on the three dots at the top right of the dashboard and select "Move". Then choose your personal folder, and the dashboard will be moved there, making it accessible only to you.

AD_4nXdHUlVpjlTueglr4vTMx7HtDT0q5K7u7gOCiEYwgbsFEcuTJAs19FAeo08938wDmt9rQjbFSbDxlg6FY3sp2c24aQTgMpRcEF0dbQ9pkjbllUY4EnHf--hAvBA18rx2Q0jENgHBzC9ZTVo_eF8cpYwg_YdR?key=NJAoyVjdbgiAYFc2ujtw0g AD_4nXeI9t7EhHIBrorU50RkVAxMGP0a_fee2zlDWqvtprs3xSqtTurhFvu1jvi2NOkUTjMeNwgga26ZV4PgouhdKXyOj_u7U5c4c4e-freZmr-8MlvMw20znkta-c5ilSFHzhGvhTyIYarFgIqh1t-izgcp0_WH?key=NJAoyVjdbgiAYFc2ujtw0g

Q: How to troubleshoot performance issues with Advanced Analytics?

A: If data loading takes too long, consider reducing the data volume, narrowing down the results with dashboard-level filters (such as time range, user group, or category), reducing the row limit, or limiting the number of widgets (recommendation is fewer than 15). If you experience issues with loading specific widgets ("trouble loading data"), reach out for assistance, and we can help you file a ticket. For further performance issue troubleshooting, refer to the provided link: Improving Dashboard Performance in Advanced Analytics

Q: Is there a dashboard for incident management?

A: Yes, you can refer to the DLP Incidents Status Monitoring Dashboard. This dashboard provides visibility into DLP incident status, specifically focusing on open and outstanding incidents, incidents created, and incident resolution times. It also includes widgets for top policies with open incidents. If there is a backlog of policies with a high number of incidents, you may want to drill down to review the policy. Additionally, policies with many "false positives" may need to be tuned for better accuracy.

Q: What future features are in the pipeline?

A: Future features in the pipeline include the SaaS Security Posture Management (SSPM) data and dashboard, which will provide a compliance summary of findings and configured instances with your SaaS security. This feature is currently available through Controlled GA, so you can reach out to your account representative to enable the data. Additionally, there will be a sharing folder feature, which will be particularly helpful when you want to conditionally share a folder with specific users in the tenant.

Q: How can I track, show, report, or search everything a user or source IP has interacted with through the NA proxy in one view?

A: You can use the Transaction Event - Activity Summary Dashboard in Netskope Library. This dashboard provides visibility into transaction events, pivoted on key attributes. It includes key metrics such as events breakdown by browser and device, top sites, hosts, and domains, traffic breakdown by users (summarized by HTTP method and byte traffic), and traffic breakdown by application. It's an excellent starting point for exploring user activity and web traffic through the NS proxy. Additionally, the Transaction Events Investigation Dashboard in Netskope Library offers detailed visibility into transaction events with filtering options, allowing you to explore specific web traffic details related to NS proxy traffic.

Q: Can I use Advanced Analytics to improve my security posture in relation to non-SSL inspected traffic?

A: Advanced Analytics provides visibility into non-SSL inspected traffic. The SSL Inspection Dashboard in Netskope Library is available to help you understand how much traffic in your environment is being bypassed and assess how well SSL inspection is operationalized. This dashboard includes details on hostnames/domains, events, and traffic without SSL inspection, with the ability to drill into specific events.

Q: Does Advanced Analytics provide visibility into Endpoint DLP?

A: Advanced Analytics only provides visibility into Endpoints DLP policies and alerts at this time. You can refer to the Endpoint DLP(EDLP) Policies Dashboard which provides detailed visibility into Endpoint DLP policies triggered based on the filter “Access Method = Endpoint and Endpoint Protection.”

We do have an Endpoint DLP data collection coming soon, which will provide detailed visibility into endpoint traffic such as USB device & printer usage. Feel free to share your use cases with your Netskope account representatives.

Q: How to view the total number of users connected to Netskope globally?

A: We can do this by pulling the field “# Users” in Advanced Analytics to see the total number of users connected to Netskope in your environment. You may get different numbers with different data collections since we are steering traffic from different sources for different data collections. For example:

Application Events: total count of users who have interactions with any applications
Transaction Events: total count of users who have generated web traffic