Netskope Global Technical Success (GTS)
How To - Limit Jetbrains Plugin download
Netskope Cloud Version - 125
Objective
This article aims to explain how to allow the download of some specific Jetbrains plugins and block all the others.
Prerequisite
Netskope CASB Inline/SWG and DLP Standard licenses are required
Context
Customers that have Netskope would like to control the plugins for the Jetbrains IDE. This document provides a comprehensive guide on how to control and limit the usage of the only trusted plugins. Jetbrains plugins have the .zip extension.
💡Do You Know? #1
| ℹ️By default the DLP file size limit is set to 16MB. Ensure to enable the “Advanced File Scanning” feature on the “Settings >>> Manage >>> Advanced File Scanning” menu to increase the file size limit and to select the desired Fallback action “Alert/Block”. (Ref. https://docs.netskope.com/en/advanced-file-scanning/) Advanced File Scanning feature doesn’t require any additional entitlement |
💡Do You Know? #2
| ℹ️With R122 we’ve added the “Infile File constraint” feature (Ref. here) which allows to apply constraints on the policy based on the file name or extension. This feature can be used to avoid the creation of File Profiles. *Open an “How-to Question” case to request the feature’s activation |
Procedure
Step #1. On the “Policies >>> Profiles >>> URL Lists” menu define a Url list to get all files that the Jetbrains IDE downloads
As url use: “downloads.marketplace.jetbrains.com/files”
Step #2. Add the urllist just created into a custom category as shown below:
Step #3. Create a Real-time protection policy to block all Jetbrains download activities for all the .zip files
The policy’s parameters are:
- Source Criteria: Any sOptional]
- Destination category: “Jetbrain ZIP download Block” custom category (see Step #2)
- Activities: Download
- File Name or Extension: *.zip
- Action: Block
- Template: lOptional]
Step #4. On the “Policies >>> Profiles >>> File Profile” menu define a FIle Profile to match all allowed Plugins files. As said above all Plugins files have the .zip extension
In the above example we’ve used the * on the File Name eg. “bigdatatools-kafka-*.zip” to match all versions. We can either work on the exact File Name like “bigdatatools-kafka-242.20224.159.zip”
Step #5. On the “Policies >>> Profiles >>> DLP” menu Define a DLP Profile with the File Profile Just created. Click on “NEW PROFILE” Button and then select the file profile as shown below. Don’t select any DLP rule and assign a name like “Jetbrain Allowed Plugins”
Step #6. Define another Real-Time protection policy with the DLP Profile just created to allow only the download of specific files. The allowed files are matched with their name.
This policy has to be positioned above the blocking one previously defined
The policy’s parameters are:
- Source Criteria: Any uOptional]
- Destination category: “Jetbrain ZIP download Block” custom category (see Step #2)
- Activities: Download
- DLP Profile: “Jetbrain Allowed Plugins” (see Step #5)
- Action: Allow
Terms and Conditions
- All documented information undergoes testing and verification to ensure accuracy.
- In the future, it is possible that the application's functionality may be altered by the vendor. If any such changes are brought to our attention, we will promptly update the documentation to reflect them.
Notes
- This article is authored by Netskope Global Technical Success (GTS).
- For any further inquiries related to this article, please contact Netskope GTS by submitting a support case with 'Case Type – How To Questions'.
