Netskope Community
3 weeks ago
Welcome to a project aimed at enhancing the ease of an analyst's experience. In this venture, I've taken automation to the forefront by simplifying how we add URLs to RBI_url list. This list is specifically meant for Remote Browser Isolation (RBI), ensuring that some questionable/suspicious sites can be accessed securely for investigation purposes.
At the heart of this effort is a Slack bot I've designed. This bot comes with the right permissions and a simple command. With this command, users can mention the URLs to be included in the RBI URL list. This whole process starts when the bot communicates with the Tines platform, where the real magic happens.
Using the Tines platform, we have simplified this process through automation by which these URLs are added to the RBI URL list seamlessly and securely. This automation eliminates the need to manually navigate to the tenant to upload URLs, streamlining and expediting the task.
Requirements:
1. Set Up the Slack App:
Begin by creating a Slack app and configuring it with the necessary permissions and scopes. It should align with the guidelines in the Slack API documentation. Once done, install the app into your workplace for seamless integration.
2. Slash Command Integration:
Assign a slash command to your Slack app, specifying the Tines webhook URL as the request URL. This connection ensures a smooth flow of data between your Slack app and the Tines webhook.then give it a slash command and in the request url as the url mentioned in the Tines webhook’s url and save it.
3. Initiate Tines Automation Story:
With your Slack app set up, it's time to embark on creating the Tines automation story. Start by incorporating a webhook action in the story. This action should host the webhook URL, which you'll later utilize in the request URL configuration for the Slack app's slash command.
4. User Interaction and Data Forwarding:
Now that the groundwork is laid, your Slack bot can proficiently collect URLs from users and transmit them to the Tines webhook. Once the Tines webhook captures the URLs, advance the automation story by integrating event transform actions. These actions are tailored to execute tasks like Regex-based extraction, deduplication, and transforming URLs into text format.
5. URL Management and Deployment:
After the URLs are meticulously transformed into text through event transformations, enhance the story with an HTTP request action. This action is crucial for appending the converted URLs to the desired URL list. Set the request URL to https://{tenant_name}.goskope.com/api/v2/policy/urllist/{urlist_ID}/append. Additionally, add another HTTP request action, configuring the request URL as https://{tenant_name}.goskope.com/api/v2/policy/urllist/deploy. This step ensures that any changes made to the URL list are effectively applied.
6. Incorporate API Tokens for Enhanced Security:
While your Tines story is nearly complete, it requires a key element - the API token of your corporate tenant. Access your corporate tenant's settings, proceed to the "Tools" section, and select "REST API V2." Generate a new token, granting it endpoint permissions for /api/v2/policy/urllist and /api/v2/policy/urllist/deploy.
7. Completing the Setup:
After generating and acquiring API tokens, return to your Tines story. Integrate the acquired API tokens into the HTTP request action within the story. Specify these tokens in the headers section as Netskope-Api-Token.
1. Slack Interaction:
2. Webhook Capture:
3. Event Transformations:
4. HTTP Requests:
Before adding URLs
After adding URLs
This automation facilitates the process of appending URLs to the URL list, which we utilize for remote browser isolation. This can be achieved effortlessly using the Slack bot by employing the slash command and mentioning the desired URLs.
In order to view this content, you will need to sign in to your account. Simply click the "Sign In" button below
Sign In