Netskope Global Technical Success (GTS)
Grok xAI - DLP on Activity 'Post'
Netskope Cloud Version - 129
Objective
Implement DLP on activity ‘Post’
Prerequisite
Netskope SWG or Next-Gen SWG license is required
Context
How to add DLP controls on activity ‘Post’ via Realtime protection policies
Do You Know?
- As of Aug 26, 2025, Netskope recognizes Grok xAI as a Cloud Application, but no pre-defined cloud app connector is available.
- Netskope Product Management is currently working on a product enhancement request that addresses the need for a predefined cloud app connector for Grok AI. At this time, there are no confirmed release timelines.
- In the interim, customers can utilize the Custom Cloud App connector to apply DLP controls to the ‘Post’ activity.
- To create a Custom Cloud App connector, it is essential to understand the behavior and traffic patterns of Grok AI. The following details outline the observed interactions and activities performed by the application -
i. When initiating an interaction with Grok AI (specifically referring to a chat session, not a file upload), the traffic is first redirected to https://grok.com/rest/app-chat/conversations/new
ii. This initial interaction is labeled as ‘New’.
iii. Upon this first interaction, Grok AI assigns a unique conversation ID to the session. Subsequent messages in the same conversation are labeled as ‘Responses’, and the traffic is redirected to https://grok.com/rest/app-chat/conversations/{conversation_id}/responses
For example:
https://grok.com/rest/app-chat/conversations/a33e6122-ddb4-444f-9ce3-8393303d1e8b/responses
Here, a33e6122-ddb4-444f-9ce3-8393303d1e8b is the dynamically assigned conversation ID for that particular chat session.
iv. The end-user chat messages can be found within the payload section of the HTTP traces. This is where the actual content of the user’s input is transmitted.
References
| Chat Conversation | |
| URL - 1st Transaction | |
| URL - 2nd Transaction | https://grok.com/rest/app-chat/conversations/{conversation_id}/responses |
Configuration
Step 1 - Create a custom cloud app connector for Grok AI
Path: Netskope Tenant UI >>> Security Cloud Platform >>> Traffic Steering >>> App Definition >>> Cloud & Firewall Apps >>> Cloud App
Note
a. Why ‘Upload’ and not ‘Post’?
With Netskope Custom Cloud App connector, DLP controls cannot be applied on the ‘Post’ activity, so we select ‘Upload’ instead to enforce the required policies.
b. Explanation of path /rest/app-chat/conversations/.+/responses
.+ is a regular expression designed to capture the conversation ID dynamically within the URL path.
Step 2: Realtime protection policy
Path: Netskope Tenant UI >>> Policies >>> Real-time Protection >>> New Policy
Note - I am using a custom DLP to detect the keyword PAN
Verification
- Access Grok xAI - Link
- Test 1 - Start a conversation with violated content
- Test 2 - Add the violated content in the subsequent conversation
Note - User Notification format used above Link
Author Notes
- This document will be revised once Netskope introduces a pre-defined cloud app connector for Grok xAI.
- With the pre-defined cloud app connector, there is no longer a need to create a custom category for Grok xAI.
Terms and Conditions
- All documented information undergoes testing and verification to ensure accuracy.
- In the future, it is possible that the application's functionality may be altered by the vendor. If any such changes are brought to our attention, we will promptly update the documentation to reflect them.
Notes
- This article is authored by Netskope Global Technical Success (GTS).
- For any further inquiries related to this article, please contact Netskope GTS by submitting a support case with 'Case Type – How To Questions'.
