Skip to main content

[Getting Started] Best Practice Policies - Inline


jforrest
Netskope Employee
Forum|alt.badge.img+12
Did this topic help you find an answer to your question?

7 replies

Forum|alt.badge.img+13
  • Explorer III
  • 4 replies
  • July 15, 2021

This is an incredibly valuable document. It would be fantastic if the tenant could be autoconfigured as a baseline. Short of implementing a feature, is that what a runbook would do (i.e. import a policy config)?


jforrest
Netskope Employee
Forum|alt.badge.img+12
  • Author
  • Netskope Employee
  • 23 replies
  • July 26, 2021

At this point, we don't have the Rest API end-point to automate this so this is the intention of the runbooks.


PaulJHerrmann
Netskope Partner
Forum|alt.badge.img+9
  • Netskope Partner
  • 3 replies
  • August 12, 2021

Justin, this is by far the best approach I have ever seen to ensure interoperability between real time policy types.  We have adopted this approach with our clients at Optiv and it has been a huge success. Thank you so much for taking the time to put this together and communicating it out there to the Netskope community. 


Forum|alt.badge.img+8
  • New Member III
  • 13 replies
  • August 24, 2021

Any chance there is a supporting video recording?  This guide is great and was curious if there was any additional commentary while going through slides (mostly for education)


jforrest
Netskope Employee
Forum|alt.badge.img+12
  • Author
  • Netskope Employee
  • 23 replies
  • August 24, 2021

Hi @ddrake , this session is best done in person with your TSM/TAM please reach out to your assigned TSM pool and they can assist with this session.


Forum|alt.badge.img+6
  • New Member III
  • 3 replies
  • March 15, 2022

Justin, this doc is great. I'm wondering if you can elaborate on the sanctioned instance tagging. In your doc you state "you have to tag the instance before you can set an
instance id policy. instance_id !~ 'NULL'" which is how Ive been identifying my sanctioned apps in the data but how do you tag using that query so it can be used in a real-time policy?


jforrest
Netskope Employee
Forum|alt.badge.img+12
  • Author
  • Netskope Employee
  • 23 replies
  • March 15, 2022

Hello @ajentsch,

 

Thanks for the question 🙂 It seems that the query needs to be modified post-R90 MP, you can leverage this skopeit query, [instance_id != '' ], under application events to pull up all of the events with an instance id. Then you can review the list to tag the instances that don't have an existing Instance Name associated with the detected instance_id.

 

Please let me know if this helps.


Reply


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings