Automating URL List Management for Remote Browser Isolation (RBI)

  • 14 September 2023
  • 0 replies
  • 86 views

Badge +5

Welcome to a project aimed at enhancing the ease of an analyst's experience. In this venture, I've taken automation to the forefront by simplifying how we add URLs to RBI_url list. This list is specifically meant for Remote Browser Isolation (RBI), ensuring that some questionable/suspicious sites can be accessed securely for investigation purposes.

 

At the heart of this effort is a Slack bot I've designed. This bot comes with the right permissions and a simple command. With this command, users can mention the URLs to be included in the RBI URL list. This whole process starts when the bot communicates with the Tines platform, where the real magic happens.

 

Using the Tines platform, we have simplified this process through automation by which these URLs are added to the RBI URL list seamlessly and securely. This automation eliminates the need to manually navigate to the tenant to upload URLs, streamlining and expediting the task.

 

Requirements:

  • Slack app (to get urls from the user and send it to tines webhook)
  • Tines platform (connection between slack app and the Netskope tenant)
  • Netskope tenant api token (using this api token to append the urls)

 

How automation is done:

1. Set Up the Slack App:

Begin by creating a Slack app and configuring it with the necessary permissions and scopes. It should align with the guidelines in the Slack API documentation. Once done, install the app into your workplace for seamless integration.

 

 

2. Slash Command Integration: 

Assign a slash command to your Slack app, specifying the Tines webhook URL as the request URL. This connection ensures a smooth flow of data between your Slack app and the Tines webhook.then give it a slash command and in the request url as the url mentioned in the Tines webhook’s url and save it.

 

3.  Initiate Tines Automation Story:

With your Slack app set up, it's time to embark on creating the Tines automation story. Start by incorporating a webhook action in the story. This action should host the webhook URL, which you'll later utilize in the request URL configuration for the Slack app's slash command.

 

4. User Interaction and Data Forwarding: 

Now that the groundwork is laid, your Slack bot can proficiently collect URLs from users and transmit them to the Tines webhook. Once the Tines webhook captures the URLs, advance the automation story by integrating event transform actions. These actions are tailored to execute tasks like Regex-based extraction, deduplication, and transforming URLs into text format.

 

5. URL Management and Deployment: 

After the URLs are meticulously transformed into text through event transformations, enhance the story with an HTTP request action. This action is crucial for appending the converted URLs to the desired URL list. Set the request URL to https://{tenant_name}.goskope.com/api/v2/policy/urllist/{urlist_ID}/append. Additionally, add another HTTP request action, configuring the request URL as https://{tenant_name}.goskope.com/api/v2/policy/urllist/deploy. This step ensures that any changes made to the URL list are effectively applied.

 

6. Incorporate API Tokens for Enhanced Security: 

While your Tines story is nearly complete, it requires a key element - the API token of your corporate tenant. Access your corporate tenant's settings, proceed to the "Tools" section, and select "REST API V2." Generate a new token, granting it endpoint permissions for /api/v2/policy/urllist and /api/v2/policy/urllist/deploy.

 

 

 

7.  Completing the Setup: 

After generating and acquiring API tokens, return to your Tines story. Integrate the acquired API tokens into the HTTP request action within the story. Specify these tokens in the headers section as Netskope-Api-Token.

 

How does this automation work?

 

Tines Workflow explanation:

1. Slack Interaction: 

    • Users initiated the process by using a specified slash command in Slack. This action triggered a message that contained one or more URLs.

2. Webhook Capture: 

    • The webhook, configured within the Tines platform, captured the messages generated by the Slack interactions.

3. Event Transformations: 

    • The Tines platform sequentially applied event transformations. The first transformation extracted URLs from the messages using regex, and the second transformation converted the list of URLs into a text format.

4. HTTP Requests: 

    • The platform used HTTP requests to interact with the corp's tenant system. The first HTTP request appended the extracted URLs to the tenant's URL list, and the second request applied the changes.

 

How to use this BOT :

Before adding URLs

 

  1. Go to slack, navigate to messages, and type the command /rbi_urllist 

  1. After typing the command, mention the URLs to be appended. If you are mentioning more than one URL, separate them with a “, ” then send the message .

  1. After sending the message, a success message will indicate that the URLs have been appended.

 

 After adding URLs 

 

This automation facilitates the process of appending URLs to the URL list, which we utilize for remote browser isolation. This can be achieved effortlessly using the Slack bot by employing the slash command and mentioning the desired URLs.


0 replies

Be the first to reply!

Reply