In case you missed the latest webinar in our Inside Netskope series—where Netskope experts show you how we protect our users, applications, and data using our own cloud-based architecture—a recording and recap of our recent session on Automation of IOC Hunting and Continuous Monitoring using Cloud Threat Exchange can be found below. Feel free to comment and continue the discussion!
Watch on-demand
Q: Are new IOCs hunted against historic data? Or, only on new events after IOC is known?
A: Yes, that's the beauty of this workflow is that it's not just updating tools with new IOCs but it's looking to determine whether we've seen that IOC before. Once we know that it is an indicator of compromise, it looks back to see if anything has happened and alerts an analyst immediately as soon as it finds something.
Q: Can you integrate Cortex XDR with Netskope? If so, how?
A: Yes, via Cloud Exchange. Check out this doc for more information.
Q: Do you have SentinelOne Integration?
A: Absolutely! It's continually getting updated and improved.
Q: How does this compare to other SIEMs?
A: This can be done on any SIEM. All that we are doing in the SIEM is scheduling a search for performing a threat hunt. It is irrespective of the platform.
Q: Does your tool automatically detect the IOC's you have via API CASB?
A: We are taking all new IOCs and running searches against those, so it's not extracting something from the tool itself.
If the question is regarding whether these IOCs can be integrated with Netskope, the answer is yes definitely! We have threat monitoring folders/profiles that we create where we update the IOCs. For example, we have one profile for IP addresses and another for domains so we just append the IOCs into these profiles and it can be done via API.
Q: Can this also be used with a STIX/TAXII feed?
A: Yes, it can!
Some responses above contain roadmap items. These are intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Netskope’s products remains at the sole discretion of Netskope.