Netskope Community
-
Forums
ProductsCommunity Resources
-
Learn
Education, Training, Certification, and Thought LeadershipCommunity Resources
-
Groups
Community GroupsCommunity Resources
-
Events
Community Resources
- Support
- Netskope Community
- Products
- Next Gen SWG
- Re: [Getting Started] Best Practice Policies - Inl...
[Getting Started] Best Practice Policies - Inline
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-12-2021 05:10 PM - edited 08-18-2022 12:55 PM
The intention of this document is to level set on the base set of policies, policy grouping, and policy evaluation behavior that is generally applicable to all inline(CASB/NS-SWG) customers.
We are also working on runbooks to accompany each of the policy groups highlighted in the presentation, which will be posted in the near future.
- Labels:
-
best practice
-
Guidelines
-
inline
-
policy
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-15-2021 10:02 AM
This is an incredibly valuable document. It would be fantastic if the tenant could be autoconfigured as a baseline. Short of implementing a feature, is that what a runbook would do (i.e. import a policy config)?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-26-2021 10:05 AM - edited 07-26-2021 10:06 AM
At this point, we don't have the Rest API end-point to automate this so this is the intention of the runbooks.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-12-2021 11:12 AM
Justin, this is by far the best approach I have ever seen to ensure interoperability between real time policy types. We have adopted this approach with our clients at Optiv and it has been a huge success. Thank you so much for taking the time to put this together and communicating it out there to the Netskope community.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-24-2021 12:00 PM
Any chance there is a supporting video recording? This guide is great and was curious if there was any additional commentary while going through slides (mostly for education)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-24-2021 12:39 PM
Hi @ddrake , this session is best done in person with your TSM/TAM please reach out to your assigned TSM pool and they can assist with this session.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-15-2022 06:23 AM
Justin, this doc is great. I'm wondering if you can elaborate on the sanctioned instance tagging. In your doc you state "you have to tag the instance before you can set an
instance id policy. instance_id !~ 'NULL'" which is how Ive been identifying my sanctioned apps in the data but how do you tag using that query so it can be used in a real-time policy?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-15-2022 12:50 PM
Hello @ajentsch,
Thanks for the question 🙂 It seems that the query needs to be modified post-R90 MP, you can leverage this skopeit query, [instance_id != '' ], under application events to pull up all of the events with an instance id. Then you can review the list to tag the instances that don't have an existing Instance Name associated with the detected instance_id.
Please let me know if this helps.
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
- November Office Hours Recap in Advanced Analytics
- October Office Hours Recap in Advanced Analytics
- Detecting Super-Admin OAuth Tokens in Google Workspace with Netskope SSPM in Security Posture Management
- Watch the new SSPM demo video! Featuring new apps, upgraded UI, and 3rd party OAuth app security in Security Posture Management
- SSPM : Monitoring Salesforce Delegated Group settings with SSPM in Security Posture Management
-
NG-SWG
29 -
SWG
23 -
NSClient
19 -
DLP
12 -
netskope client
11 -
Next Gen SWG
11 -
NGSWG
8 -
android
6 -
SCIM
5 -
Client
5 -
Real-time Policy
4 -
URL List
4 -
cloud firewall
4 -
forward proxy
4 -
Threat Protection
4 -
SSL bypass
4 -
sso
4 -
Support Mobiles
4 -
CASB
4 -
GRE
4 -
IOS
4 -
Netskope Endpoint Client
4 -
cfw
3 -
users
3 -
policy
3 -
Google Idp
3 -
DLP Violation
3 -
malware
3 -
Provisionning
3 -
categories
3 -
Email DLP
3 -
IDP
3 -
Groups
3 -
skopeit
3 -
Netskope Agent
3 -
Certificate SSL
3 -
Decrypt SSL
3 -
Azure
2 -
ssl
2 -
Certificate Pinned
2 -
Advanced Analytics
2 -
traffic
2 -
inline
2 -
install
2 -
Netskope Client installation mechanism
2 -
Best Practices
2 -
ChromeOS
2 -
Directory Importer
2 -
steering
2 -
AWS
2 -
Linux
2 -
Cloud
2 -
Windows OS updates
2 -
IPSec Tunnels
2 -
ipsec
2 -
PAC file
2 -
User Group
2 -
Authentication
2 -
url filtering
2 -
Reverse Proxy
2 -
steer traffic
2 -
Admin
2 -
cloud exchange
2 -
okta
2 -
Access
2 -
Netskope
2 -
Apps
2 -
vpn
2 -
Azure AD
2 -
User Notification
2 -
Advance Analytics
2 -
Sync
2 -
MacOS
2 -
Chromebook
2 -
steering exception
2 -
slowness issue
2 -
communication between domain and application
1 -
data
1 -
Next Fen SWG
1 -
Dropbox
1 -
SSL-TLS
1 -
Automation
1 -
Instances APP Enterprise
1 -
NativeApp
1 -
application
1 -
no decryption
1 -
alerts
1 -
Profile
1 -
GitHub
1 -
certificate
1 -
TLS
1 -
ngrok
1 -
punycode
1 -
DNS Resolver
1 -
controls
1 -
google
1 -
Sanctioned apps
1 -
activities
1 -
Desktop Dropbox
1 -
Log
1 -
UPD errors and nsClientFLow
1 -
discord
1 -
Netskope REST API
1 -
AAD
1 -
interception
1 -
SASE
1 -
multi-user mode
1 -
logs
1 -
Download
1 -
Firewalls Local
1 -
GOSKOPE
1 -
Epic
1 -
Local admin
1 -
browser
1 -
WebSecurity
1 -
log data
1 -
Upload
1 -
traffic steering
1 -
SSL Decrypt Bypass
1 -
dashboards
1 -
Internet Access
1 -
block
1 -
CCL
1 -
Fail Close
1 -
EDM
1 -
flow
1 -
Internet next hop type
1 -
openai
1 -
googledocs
1 -
status
1 -
MIP
1 -
Cloud & Threat Challenges
1 -
Threat
1 -
endpoint
1 -
sensitivity
1 -
fundamentals
1 -
chatgpt
1 -
appdefinition
1 -
HTTP Header Profile
1 -
best practice
1 -
security posture check
1 -
Rest API
1 -
Report
1 -
instance
1 -
extension
1 -
url categorization
1 -
CTEP
1 -
AVD
1 -
Artificial Intelligence
1 -
NewEdge
1 -
zero touch
1 -
CCI
1 -
awareness
1 -
Upgrade
1 -
Default OfficeSuite policy
1 -
DaaS
1 -
explicit proxy over IPSec
1 -
ldap
1 -
SIEM Integration
1 -
Intune
1 -
Reports
1 -
Changes
1 -
OfficeSuite
1 -
Virtual Desktop
1 -
Office 365
1 -
AMP
1 -
domain
1 -
interoperability
1 -
Education
1 -
questions
1 -
Widgets
1 -
Config
1 -
No Decrypt
1 -
Evasive Phishing
1 -
file size
1 -
Enterprise Application
1 -
Config Update
1 -
Default Policy
1 -
AD
1 -
MFA
1 -
domain fronting
1 -
incremental update
1 -
Troubleshooting
1 -
Netskope Threat Labs
1 -
RBAC
1 -
Traffic Steer on Galaxy S8
1 -
PAC
1 -
Google chat
1 -
Whitelist
1 -
native definition
1 -
API
1 -
configuration
1 -
export
1 -
Explicit Proxy
1 -
Local Groups
1 -
App
1 -
Netskope Admin
1 -
Windows Server 2016
1 -
Guidelines
1 -
import
1 -
Block Page
1 -
SWG Login
1 -
Private App
1 -
APP instance
1 -
web
1 -
YouTube
1 -
client update
1 -
Custom Rule
1 -
entry
1 -
intel CPU
1 -
Remote Browser Isolation
1 -
Instances Corp
1 -
Whatsapp
1 -
licensing
1
In order to view this content, you will need to sign in to your account. Simply click the "Sign In" button below
Sign In