Skip to main content

In Netskope we can integrate CrowdStrike in two ways: one way is Integration using Cloud exchange. and another way is integrating CS under Settings> Threat Protection> CS (EDR).

So, what is difference between these two ways and which one is more effective?

 

The Cloud Exchange integration is the current recommended method of integration. The direct integration in the UI (is legacy) and has been phased out and is not available or shouldn’t be for new tenants. You get more value out of the integration IMO from the Cloud Exchange integration.


Hi @zthompsoncr ,

 

Thank you for your reply.

Is there any document there stating about phased out of direct integration in the Netskope UI?


Not that I am aware of, I just know its been the recommended method for years now since CE has came out and I know with any new tenant the option has been “removed”.


Isn't the CE method for sharing IOC’s and the tenant integration for remediation profiles? 


@nduda Under remediation profile there is an option “add to watchlist/blocklist”, which describe as: “Adds the MD5 of the detected malware file as a custom IoC in CrowdStrike” under docs.netskope.com


@nduda that is correct however that method has been deprecated at least on newer tenants.


Is it that its depreciated or just needs to be enabled? I’m not seeing this as depreciated in the docs, only that you need to have it enabled. I do agree that CE can handle this also but for customers not down to deploy CE yet this is still an option.

https://docs.netskope.com/en/integrating-crowdstrike-for-edr/

 


Reply