Ask the community

Cloud Exchange - Justify Usage - business rule workflow config

vraj
Partner
Partner

Hi Community Members,

 

I have recently deployed cloud exchange in my organization, and integrated few plugins, however I need further support on implementing business rule to a monitored email box for the SOC team to pick up. At this stage, I am looking to maintain a simple workflow.

 

Current scenario/implementation:
- Deployed Cloud Exchange and integrated with my tenant.
- Have the plugins of Notifier & Netskope ITSM configured
- Able to receive "ALL" the alerts from Netskope tenant to cloud exchange

 

My further requirement as below:
- When a Web-access category is denied for a user, he may proceed with a suitable justification with "Justify Usage" or "Report False positives" description box enabled (by means of Email notification template) - I have configured this. (Completed)
- I need only the "Justify Usage" notification alerts to be received by the Cloud Exchange vs Compared to "All" the policy alerts being received by Cloud exchange - How do I tweak it ? I need to minimize the log flow here, since not much value on generic allow/deny logs in cloud exchange system. (Completed) .   Found a better way, and filtered this at plugin level itself, and hence to avoid  noise and overwhelm the CE resource. I have observed from the logs that "Justification Type" string parameters has "justification" and "falsepositive". Also, I have noticed the chrome/firefox browser webpages refresh on the user block page, and the alert reports Justification Reason as "N/A".  Please find attached snapshots for better understanding.
- I am looking for a simple Business workflow setup, such that "Justify Usage" alerts received on the Cloud Exchange should trigger an email alert to my shared/monitored email box (pre-configured in Notifier plugin). (Work in progress - Awaiting assistance from this forum)

- Any detailed use-case guidance on "Queue" configs  (Work in progress - Awaiting assistance from this forum)

 

Awaiting directions from the community experts.

Thank you.

2 Replies 2
sshiflett
Netskope
Netskope

@vraj Is there a specific policy that you'd like to monitor for this or are there multiple?  I have a similar flow to this setup in a lab to send justifications that are filled out for only a specific policy.  The business rule query is:

alertName Is equal "[Web] Block Non-business Sites With Justification Option" && NOT (rawAlert_justification_reason Is equal "")

In this case it filters out only alerts from the Block Non-business Sites policy and ignores ones where the user does not enter a justification.   Hopefully this helps but let me know if additional tweaking is needed.  Keep in mind, you can also test your query using the test button on the Business Rules page;

sshiflett_0-1684242700867.png

 


Sam Shiflett
Netskope Solution Architect - North America

Hi Sam,

Thanks for your response. I have found a alternative approach, and edited the post with my configured filters. Please take a look.

 

Best Regards.

Subscribe
Top Liked Authors
Labels

In order to view this content, you will need to sign in to your account. Simply click the "Sign In" button below

Sign In