Hello Folks,
Below you can find a recap of questions asked at the June office hours session and those sent in that we were not able to cover during the session. Feel free to comment and continue the discussion, as well as attend future sessions that can be found on the Community Events Calendar!
Q: What are the benefits of using Advanced Analytics?
A: Advanced Analytics enables you to gain valuable insights and present them effectively to your leadership. It provides visibility into your environment, helping you understand how Netskope is protecting you. With Advanced Analytics, you can identify risks in your environment and learn how to address them. To get started, refer to Advanced Analytics Training Resources.
Q: How to accurately report on user activities with Advanced Analytics?
A: There are several ways to do this. One effective method is to utilize the Netskope Library dashboard resources. You can search “user” in the dashboard name search bar or select the “Users” tag.
The User Investigation Dashboard in the Netskope Library is particularly useful. This dashboard provides a comprehensive view of user activities and data flows in the environment. You can use the cross-filtering feature to select a user and delve into the specific activities of that user.
Q: How to use Advanced Analytics to review user activity on apps like Reddit?
A: You can use the Application Activity Summary Dashboard in the Netskope Library. This dashboard provides visibility into overall cloud usage in your organization for specific applications. To review user activity on Reddit, search for Reddit in the application filter. This will display app-related data movement, user activities, and alerts.
Q: Are there any use cases for transaction events?
A: Yes. Transaction events provide granular information about the web traffic in your environment. Here are two dashboards for transaction events:
Transaction Events Investigation Dashboard in Netskope Library: This dashboard provides visibility into transaction events with the ability to filter table results for granular data, such as URLs. You can filter for specific users to get detailed information about their web traffic & activities. For an overview of general user activities, refer to the User Investigation Dashboard.
Web Transaction SSL Errors Dashboard in Netskope Library: This dashboard offers insights into categories of SSL errors, including Client SSL Errors and Server SSL Errors. It can be used for troubleshooting SSL-related issues.
Q: How can I find more analytics dashboards? Is it all in the community resource?
A: There are two places where you can find more dashboards. The community resource is one of them. Additionally, you can find our predefined dashboards in the Netskope Library within Advanced Analytics.
Q: How to use Advanced Analytics to see false positives in alerts?
A: There are two dashboards you can use to identify false positives:
DLP Policies Dashboard in the Netskope Library: This is a DLP policy focused dashboard that gives an overview of DLP policies active in the tenant, how they are behaving, and offers information to help fine tune the policies. You can use the cross-filtering feature by clicking on a specific policy in the chart. This allows you to focus on policies with an extreme number of alerts triggered and identify the sources of false positives. This helps narrow down the scope and refine the policies.
DLP Incidents Status Monitoring Dashboard in the Netskope Library: This dashboard offers visibility into DLP incident statuses, including open and outstanding incidents, incidents created, and incident resolution times. The widgets below display the number of false positives for each policy. To effectively use this dashboard, ensure you are managing the incidents through the Netskope UI.
Q: Is there a view that can tell the reason why there was a bypass for DLP policies?
A: A bypass can occur if a file is password-protected or encrypted beyond SSL encryption. Advanced Analytics does NOT provide visibility into why the bypass happened, however, the DLP Policies Dashboard in the Netskope Library provides details about bypassed policies in your environment. Click on "bypass" in any chart to visualize related bypass actions in the dashboard.
Q: Are there any training resources for custom fields?
A: Yes. A tutorial on custom fields can be found in this training video. This article from Netskope Knowledge Portal could also help.
Q: How to use the list feature in AA?
A: You can use the list feature to get a list of unique values associated with a certain field. For example, you can create a custom field that lists all applications associated with each instance ID.
Links shared in the session:
Training Resources Post: https://community.netskope.com/dashboard-gallery-38/advanced-analytics-training-resources-5713?tid=5713&fid=38
Custom Field Training Video:
https://community.netskope.com/video-library-20/advanced-custom-fields-5794
SaaS Security Posture Management (SSPM) Dashboard: https://docs.netskope.com/en/netskope-help/data-security/saas-security-posture-management/saas-security-posture-management-reports/sspm-reports-using-advanced-analytics/
Risky Data Movement Dashboard: