Doubts with CCI and Real Time Protection Policy Cloud App.

  • 27 February 2023
  • 2 replies
  • 39 views

Badge +11

Doubts with CCI and Real Time Protection Policy Cloud App.

 

Hello good afternoon, first of all thank you for your time and your collaboration.

I have a question, regarding the apps I see in the CCI listing, example I see the Telegram app in the listing, as poor, with its CCL all OK.

 

But the issue is when I have to go to generate a Real Time Protection policy, I select Cloud App and look for telegram .... and it does not appear ? This is correct, it is expected or something happens ? since I am supposed to be able to invoke and link in my policies all the CCL applications and be able to use them without problems, but I search for Telegram, with lowercase t, with capital T and it does not appear.

 

Is there any kind of restriction in this regard?

 

Thank you, I remain attentive

 

Best regards


2 replies

Userlevel 3
Badge +11

Thanks for supporting the community by posting your question.

If you look closely at the CCI, you will see the activities say "Discovery only, no activities supported"

Assuming you have CASB and not SWG:

While the CASB will steer the application it requires an activity ("Login, upload, download", etc) to key off an action such as block, or DLP.   It also means that SKOPEIT will have events only in the "Pages", not the "Application" or "Alerts"

 

Otherwise all you are doing is watching how many people go to the site and recording their page views.

 

Finally, keep in mind that while Netskope has a lot of sites in the CCI, it only has (the last time I looked) about 3,000 "Cloud sites" that have activities for which the CASB can enact.    

 

Userlevel 3
Badge +12

Give this a try.

 

You can create a custom application based off of a Universal Connector if you need basic activity control (login, upload, download, logout, etc).  To do this go to Settings>Security Cloud Platform>Traffic Steering>App Definition.  Then choose New App Definition Rule>Cloud App.  Fill out the details like in this screenshot.  Make sure to choose Universal Connector.  Save the connector definition and also click apply changes.

 

Now you should be able to go into a Real-time protection policy and select the new [Telegram] custom app and show the activities supported by the Universal Connector.

 

If you require more activity control than that then you'll need to create a custom connector.

Reply