This has been one of my biggest challenges with Netskope. They started migrating to the v2 API over a year ago, yet there is still a large portion of the API that hasn't moved to v2 and there appears to be little movement that direction beyond the initial release. The lack of movement to make everything available via v2 API makes any significant automation attempt a non-starter because the v1 API is fully unacceptable from a RBAC perspective.
We've turned down numerous third party deals, including even POC's of products that integrate with Netskope because of the API V1 requirement. It (API v1) is overly permissive and all data can be pulled from it. This puts a lot of focus on the integration vendor and in how they handle (and drop) data that isn't used. We can't even do POC's with it since we would likely want to cycle the API v1 secret after, but would then have to update all the other (trusted) sources we are integrated with.
@jpark124 Can you provide some use cases that you are looking to build with API V2 that you don't think you can do today?
There isn't a manage quarantine endpoint but an endpoint does exist in V2 (/api/v2/events/dataexport/alerts/quarantine) to list results of quarantine actions, maybe it has the information you are looking for but if not let me know and I'll see what I can find out.
@qyost V2 has continued to be improved by adding new capabilities that didn't exist in V1 and we will continue to add more to V2 this year so stay tuned. For example, these capabilities weren't possible in V1 or included in the original release of V2:
One can interact with ATP, send files to Sandbox and review verdict
List users confidence score which can then be shared with other 3rd parties that use user risk scores
Input IOC hash and search for malicious detections and analysis results
Hello @myee Thank you for your reply and context. We are currently utilizing the Netskope integration via API (v1) to: 1. Get Quarantine List ( /api/v1/quarantine?op=get-files ) which looks like the v2 equivalent you listed ( /api/v2/events/dataexport/alerts/quarantine ) should cover
2. Add to Quarantine List ( /api/v1/quarantine?action=block&quarantine_profile_id=&file_id=&op=take-action ) 3. Update a File Hash List ( /api/v1/updateFileHashList?name=&list=file_hash ) 4. Allow from Quarantine List ( /api/v1/quarantine?action=allow&quarantine_profile_id=&file_id=&op=take-action ) We're really looking to update the File Hash List by name to add any new file hash IOCs using the v2 API so that we can scope down the permissions per customer request. I understand if this is not possible now. Please let me know if Update File Hash List is under consideration. Thank you for your assistance and insight with this.
We're looking to utilize a v2 version of Update a File Hash List (/api/v1/updateFileHashList?name=name&list=hash&token=v1_token) to update a Filter Filter Profile with a new/requested hash/ioc v2 would allow us to scope/pare down the permission to just this ( and a few others including update quarantine list) calls.