Netskope Global Technical Success (GTS)
KB - Submit files for Sandbox scanning via API
Netskope Cloud Version - 128
Objective
To demonstrate the process for submitting files for Sandbox scanning via API
Prerequisite
Netskope Advanced Threat protection license is required
Backend flags : Sandbox File Submission API needs to be enabled. Contact your Account CSM / TAM / TSM for the enablement.
Context
Netskope allows submitting files for Sandbox scanning via API as well. This KB will give details about the process to follow for submitting files for Sandbox scanning via API
Lab Recreate:
This process requires two API endpoint as shown below :
Go to Settings – Tools – Rest API V2 and create a new token with the below permissions :
Click on “Save” and then copy the token
Now click on API Documentation and go to the Swagger UI
On the Swagger UI, click on Authorise, enter the token created above.
Now look for the ATP API requests and click on “Try it Out”
Now, add the scan type as “sandbox”, choose the file that you want to sent to the sandbox scan and choose execute
Once the scan is done, you get the result as below with the Job ID, copy that Job ID :
Now enter this Job ID in the below API Query and run execute to get a detailed Report of the Sandbox file submitted earlier
Terms and Conditions
- API to submit a password protected .zip file with password “infected” for scan by Netskope sandbox
- Supported member file types in the zip: .exe, .pdf, .doc, .xls, .ppt and .rtf
- Total files in the Zip : 1
- API accepts files up to 16 MB
- up to 1,000 files can be submitted per day ('/filescan' endpoint)
- up to 10,000 queries can be submitted per day ('/reports' endpoint)
Notes
- This article is authored by Netskope Global Technical Success (GTS).
- For any further inquiries related to this article, please contact Netskope GTS by submitting a support case with 'Case Type – How To Questions'.
