Skip to main content

IfoyeOASepIDH5SP-QD5qUskm5lRZA98JK9WVbJsii6pxqkbNgOIt75al1LTqHwc1psADxztMfth7l61deMNlPvWUMMdrXSETKN1K3LgOrb9cAJF1xDhMxgA6FXNBcYE8kWpsm7E2aAXB6w44fxq1Ng

Netskope Global Technical Success (GTS)

How to submit file hashes for Threat Scanning via API

 

Netskope Cloud Version - 120

 

Objective

To demonstrate the process for submitting files hashes for Threat Scanning via API

 

Prerequisite

Netskope Advanced Threat protection license is required

Backend flags : “Retrohunt API Query” needs to be enabled. Kindly raise a support case to get the flag enabled 

 

Context

Netskope allows submitting files hashes for Threat scanning via API as well. This KB will give details about the process to follow for calculating & submitting file hashes for File Detection (On Tenant) & Threat scanning via API.

 

Demonstration

This process requires three API endpoint as shown below :

 

Create a new token with the below permissions:

Path: Netskope Tenant UI >>> Settings >>> Tools >>> Rest API V2

AD_4nXcx-I9vtPwY3T6dr1TDZ-nr51h8p7jqu770dVT3qU0_95SngPiZcEFhc1zGLnPZXzLwfg_OlL25-7ZRJMLYl6G5rvBlD_HIjl6Xdu_yIvEKn5SzToOSCw75Oq9DJuLW6o7-A2WEZZChQJfef1AiBVxZ39Za?key=hnZaMvIS69dcRX7yZmUQhw

 

  • Click on “Save” and then copy the token

AD_4nXegm4TRe1f2-1pKL0QXwR8F8s6K3KZSSNgb1ed56zqeQMVOzvACzMJfDhYUfeEVCMi8oZXaPdGmaFvmKd1TJBoZV_ZDCTzinSEdL8c28lVnfW1d0xqa1SrKjnbRG1hCAvPBsxn851QjdI-e_yftMaFDG2EH?key=hnZaMvIS69dcRX7yZmUQhw

 

  • Now click on API Documentation and go to the Swagger UI

Path: Netskope Tenant UI >>> Settings >>> Tools >>> Rest API V2

 

AD_4nXctWzl37p6MIoNTBlNAm6Ca7HzRpcn30meZ_j3ttdLLiVd3qIYko-mOSofslqdIk3ezl2roH1SYgIGfjjNUS4VPK0BeYZ58k1kgGV6oSzA1MrO37eyg49VMWxqqhyOwdMSKK96YVA2BXaqnVIk6gqa7TdEc?key=hnZaMvIS69dcRX7yZmUQhw

 

  • On the Swagger UI, click on Authorise (at the top), enter the token created/copied above.

AD_4nXcP3x56sceM1bMHaERTeVU2n6luMwZ07o-ooee5Rv9p0DUi4pA5QJJQLBbKCkS-YajcX0JJAJUQgyKE-lP2d4iLlHD7uS1XXdVKBr2h1y-C7IVNS-sxpeDfHi2HRyXh_KqqBa49VDvAP9Ko1ZfGhP5lFkvo?key=hnZaMvIS69dcRX7yZmUQhw
 

  • Now look for the “nsiq” requests or search for “retrohunt” and click on “Try it Out” for any of the three commands:
  1. Get Single Sample Info: https://achadha.goskope.com/api/v2/nsiq/retrohunt/ioc/info
  2. Get Sample Information In Batch (up to 500 hashes): https://achadha.goskope.com/api/v2/nsiq/retrohunt/ioc/getinfo 
  3. Get Sample Report: https://achadha.goskope.com/api/v2/nsiq/retrohunt/ioc/report 


Example

  • Get Single Sample Info:

AD_4nXc2xhbCIuAbEFuwJduxFBO5kO3Y-3n2dtJ0iTtaMpqxW4PZ1XZiFuYcOMP5RVcZWUinUBLiMXDA4ImLEHO-6gWOrebs9qw1gjoi_g7AZRZf9kTsgYLmcxOJbtVSv4YYWCw_MiQHQTs28FxXmZnCxWxbR35A?key=hnZaMvIS69dcRX7yZmUQhw
 

  • Get Sample Information In Batch:

AD_4nXeqT1IkB3tI7YoiDFZcsbHTptmDjgVH2qAOdDOYYi9UYPsNSt_6uOicp130mBdERE-mUJJ1QJ2a5r0FiQjNiSJj3zmAqI1bOF_8IOihu0b9v-quJwQyAn50cCmwfXNxwDh1rKqt7XkiY-ahUGzfL5xtNOK8?key=hnZaMvIS69dcRX7yZmUQhw

 

  • Get Sample Report: 

AD_4nXeX5w0R8lbKDFyZ_LdiHKGLnOAk7lJkeyBmLxxrEGipt8SYRIHkrtme0UATaBpHb9IHEfqFQT9vf2jUeE3lbBUDZdDZjK5O7wGheUUglj0pOpgfBsQBYy6zB20nb5aXyti18jXaQGPbu25q2pekppR7g9M?key=hnZaMvIS69dcRX7yZmUQhw

 

Response Information include:

  1. Whether Threat Scanning Services has previously seen the file in the tenant traffic.
  2. If seen, whether the file is benign or malicious?
  3. Most recent detection date?
  4. Threat severity level
  5. Name of detected threat


To calculate the hash (sha256) value for any file use below commands:

  • Windows (Powershell):

Get-FileHash .\sample.pac | Format-List
 

AD_4nXe3eYi7jOKR02NNBckY_69_DR6Ku7kNi1Vby40cgKe_oFtQ-bW6WYBamLk5wyAXWpKWclSfP1IjkjenrjX8HolzF4GnCYvuJ1e1N9zMbyBvjG2VK3A9bFehZahYYGpmvp-UHPPWjTgSLrcN9wuyMKNpXHIs?key=hnZaMvIS69dcRX7yZmUQhw

 

  • macOS (Terminal):

shasum -a 256 sample.pac

AD_4nXd--H_7V4hWN2nhd669tCkX2pN8uXMG8eufdNLhw8RF9IQEj__T7kChtjs89jLorY3s4wTbWY7ckKYkwYxlwqxXEGZINGMntA5gew3E84O8FTZseCrAnWMoT5ci415y3VC2uu7lK7gR-asbhnxVltSGoMw?key=hnZaMvIS69dcRX7yZmUQhw

 

Terms and Conditions

  • Up to 500 hashes can be submitted in a Batch request ('getinfo’ endpoint)
  • In the future, If any such platform changes are brought to our attention, we will promptly update the documentation to reflect them.

 

Notes

  • This article is authored by Netskope Global Technical Success (GTS).
  • For any further inquiries related to this article, please contact Netskope GTS by submitting a support case with 'Case Type – How To Questions'.