Solved

Integration of Netskope with SentinelOne XDR

  • 7 February 2024
  • 2 replies
  • 136 views

Hello Team,

 

Good Day.

I'm curious to know the setps or methods for integrating Sentinelone EDR and Netskope DLP solution for the Data analysis part.

As a part of my study on Endpoint Security, I feel DLP also play a major role in protection of Data at Endpoints as same as EDR. Seeking guidance here for the integration.

Thank you for the help.

 

Regards & Thanks,

icon

Best answer by Gary-Jenkins 15 March 2024, 17:11

View original

2 replies

Userlevel 3
Badge +15

If you go into the SentinelOne Singularity Marketplace page and search for Netskope you will see two available integrations.

  1. One direct integration, meaning S1 will make API calls to Netskope. This can trigger XDR Response Actions.
  2. Netskope API broker Cloud Exchange that will gather logs. 

We also have another one that shares threat information from Cloud Exchange.  https://docs.netskope.com/en/netskope-help/integrations-439794/netskope-cloud-exchange/threat-exchange-module/configure-3rd-party-threat-exchange-plugins/sentinelone-plugin-for-threat-exchange/ 

 

 

Userlevel 3
Badge +15

While I work to get the documents around this integration posted I wanted to add which Netskope API endpoints are needed for the Netskope threat enrichment and threat intel sharing integration. 

REST APIv2

/events/data/alert

/ubadatasvc/user/uci (read and write)

/api/v2/policy/urllist/deploy (read and write)

/api/v2/policy/urllist (read and write)

 

 

Reply