v2 API documentation parity to v1 available endpoints

jpark124 · ‎01-17-2023

Hello,

New to Netskope. I was able to find the v1 API documentation https://docs.netskope.com/en/netskope-platform-rest-apis.html as well as the v2 API documentation https://<tenant>.goskope.com/apidocs/?include_beta_routes=0

We're looking to utilize the versatility of the v2 permission based token. I didn't see the v1 API endpoints available in the v2 API documentation

example: https://docs.netskope.com/en/manage-quarantine-files.html for v1 wasn't in the v2

Is there additional documentation that I'm missing? or is there a roadmap/timeline to when the v1 endpoints will be available in v2?

Thank you for your time and insight into this.

-Han Park

qyost · ‎01-17-2023

This has been one of my biggest challenges with Netskope. They started migrating to the v2 API over a year ago, yet there is still a large portion of the API that hasn't moved to v2 and there appears to be little movement that direction beyond the initial release.
The lack of movement to make everything available via v2 API makes any significant automation attempt a non-starter because the v1 API is fully unacceptable from a RBAC perspective.

--
-Q.

nduda · ‎01-17-2023

We've turned down numerous third party deals, including even POC's of products that integrate with Netskope because of the API V1 requirement. It (API v1) is overly permissive and all data can be pulled from it. This puts a lot of focus on the integration vendor and in how they handle (and drop) data that isn't used. We can't even do POC's with it since we would likely want to cycle the API v1 secret after, but would then have to update all the other (trusted) sources we are integrated with.

myee · ‎01-25-2023

@jpark124 Can you provide some use cases that you are looking to build with API V2 that you don't think you can do today?

There isn't a manage quarantine endpoint but an endpoint does exist in V2 (/api/v2/events/dataexport/alerts/quarantine) to list results of quarantine actions, maybe it has the information you are looking for but if not let me know and I'll see what I can find out.

@qyost V2 has continued to be improved by adding new capabilities that didn't exist in V1 and we will continue to add more to V2 this year so stay tuned. For example, these capabilities weren't possible in V1 or included in the original release of V2:

One can interact with ATP, send files to Sandbox and review verdict
List users confidence score which can then be shared with other 3rd parties that use user risk scores
Input IOC hash and search for malicious detections and analysis results
Get APP CCI information and add/update CCI Tags
Manage Publishers for NPA
Manage IPSec/GRE Tunnels
Manage Private Applications

qyost · ‎01-26-2023

@myee wrote:

Can you provide some use cases that you are looking to build with API V2 that you 
don't think you can do today?

What would I love to do via API

Manage the policies themselves
- CRUD rules
- New policy sections
- Move rules
- CRUD Profiles of any type
Manage and acknowledge alerts
Manage administrative roles
Manage administrative users
Manage API tokens
Manage Client Configuration profiles
Manage Steering configurations

In reality, I want to manage my entire tenant configuration as code.

Also, audit logs of changes made via API could use some significant refinement and enhancement.

--
-Q.

jpark124 · ‎01-26-2023

Hello @myee Thank you for your reply and context.
We are currently utilizing the Netskope integration via API (v1) to:
1. Get Quarantine List ( /api/v1/quarantine?op=get-files ) which looks like the v2 equivalent you listed ( /api/v2/events/dataexport/alerts/quarantine ) should cover

2. Add to Quarantine List ( /api/v1/quarantine?action=block&quarantine_profile_id=&file_id=&op=take-action )
3. Update a File Hash List ( /api/v1/updateFileHashList?name=&list=file_hash )
4. Allow from Quarantine List ( /api/v1/quarantine?action=allow&quarantine_profile_id=&file_id=&op=take-action )
We're really looking to update the File Hash List by name to add any new file hash IOCs using the v2 API so that we can scope down the permissions per customer request.
I understand if this is not possible now. Please let me know if Update File Hash List is under consideration. Thank you for your assistance and insight with this.

jpark124 · ‎01-26-2023

@myee Thank you for your response.

We're looking to utilize a v2 version of Update a File Hash List (/api/v1/updateFileHashList?name=name&list=hash&token=v1_token) to update a Filter Filter Profile with a new/requested hash/ioc
v2 would allow us to scope/pare down the permission to just this ( and a few others including update quarantine list) calls.

myee · ‎02-02-2023

@jpark124 and @qyost Thanks very much for the detailed feedback. I am discussing all of your requests with the Product Manager for the API and will respond back when I have some information to share.

qyost · ‎06-09-2023

@myee : It's been a few months, any updates to share?

--
-Q.

jpark124 · ‎02-02-2023

Yes, Please also include the Policies > Profiles > Custom Categories as a part of the feedback and discussions as well. Thank you!