How do you feed the Netskope SSPM Alerts to SaaS Application Administrators?
The Netskope Cloud provides a wide range of innovative and competitive products, among which one of the most important offerings should be Netskope SSPM. SSPM stands for SaaS Security Posture Management and is used to continuously monitor cloud-delivered Software-as-a-Service applications. This service monitors the SaaS applications' configuration to ensure that they are configured securely and in compliance with regulations. Security administrators can set policies and receive alerts for SaaS application instances that do not adhere to the required policy.
Typically, SaaS application administrators are not part of the company's core security team. Instead, the security team receives the SSPM alerts for all the SaaS applications. These alerts must be forwarded to the respective SaaS application owners so that they can work on remediation. In some cases, the security team might be hesitant to grant SaaS application owners access to the Admin portal solely for checking the SSPM violations.
This post will guide you through a script used by the Netskope Information Security Team to retrieve all the SSPMv2 alert data via API and pass it on to our SaaS application administrators. They can then use this information to make the necessary changes and enhance the application's security. By following this method, the SaaS application owners are not granted access to the Netskope Admin portal, but can receive regular updates on the SSPM results for the applications they administer using the script and API.
Create a REST API v2 Token with required privileges:
To create a REST API v2 token for use, follow the below steps:
Script Execution & Output
The script was tested with Python version 3.9.0 and we request the users to execute it with the same version in order to avoid errors during execution. The users are also requested to install the following modules so that the script can import them during execution for smooth operations. Use the below commands to install the modules:
python -m pip install requests
python -m pip install csv
python -m pip install json
Mac OS/ Linux:
pip install requests
pip install csv
pip install json
Post installation of the modules, the script must be downloaded and edited per requirements of the user. Variables to be edited are mentioned below:
Once the script is executed without any error, the output must appear in the directory in which the script was executed. 4 separate CSV files will be created with each file having the results differentiated based on the severity of the finding. Each of the CSV would have the Instance Name, Resource Name, Resource Type and Rule Name fields.
Every time when the script is executed, it overwrites the previous execution output. So save or move the output files accordingly. Please feel free to make changes to the script per your requirement.
The link to the script can be found in the attachment below.
In order to view this content, you will need to sign in to your account. Simply click the "Sign In" button belowSign In