Netskope Global Technical Success (GTS)
UEBA: Compromised Credentials - Q/A attached to Email Notification
Netskope Cloud Version - 119
Objective
UEBA Compromised Credentials - Email Notification
Prerequisite
Netskope UEBA license is required
Context
We'll discuss the Q/A attached to the UEBA Compromised Credentials Email Notification
Details
- Question: Can we send an email notification to the end-user for whom the Compromised Credentials alert was triggered?
Answer: Yes, Netskope allows administrators to send an email notification to the end-user for whom the Compromised Credentials alert was triggered.
Path: Netskope Tenant UI >>> Incidents >>> Compromised Credentials
Image 1
Image 2
Image 3
- Question: How can we obtain additional information about the breach?
Answer:
Image 4
- Question: Is the process of email notification to the end-user manual or automated?
Answer: With the current Netskope product design, the process is manual. Administrators must decide which Compromised Credentials alerts warrant notification to the end-user
- Question: Is the Netskope product management team working on a product enhancement request for implementing an option to automatically send an email notification to the end-user for whom the Compromised Credentials alert was triggered?
Answer: A product enhancement request was submitted by a customer for this feature; however, it was rejected. The reason behind the rejection is that sending email notifications containing personal email IDs of end-users could potentially violate Personally Identifiable Information (PII) regulations.
- Question: What options do customers have to automatically send an email notification to the end-user for whom the Compromised Credentials alert was triggered?
Answer: Customers have the option to utilize CTO (Cloud Ticket Orchestrator) for any alert and can notify via Email or Slack. Additionally, there are integrations available with ServiceNow, PagerDuty, and Jira for enhanced notification capabilities.
- Question: Is there an option to notify Netskope Admin when a Compromised Credentials alert triggers?
Answer:
- Refer to Image 2 - select "Admins".
- Refer to Image 3 - With the current Netskope product design, the process is manual. Administrators must decide which Compromised Credentials alerts warrant notification to the admins
- Question: How can we filter the list of alerts to display only those that belong to our corporate domains?
Answer: Netskope's product management team is currently working on several Compromised Credentials related enhancement requests, including the ability to filter alerts by corporate domains. This feature is expected to be released soon. For more information on this upcoming feature, please reach out to Netskope Global Technical Success (GTS) by submitting a support case with 'Case Type – How To Questions'.
Terms and Conditions
- All documented information undergoes testing and verification to ensure accuracy.
- In the future, it is possible that the default settings may be altered. If any such changes are brought to our attention, we will promptly update the documentation to reflect them.
Notes
- This article is authored by Netskope Global Technical Success (GTS).
- For any further inquiries related to this article, please contact Netskope GTS by submitting a support case with 'Case Type – How To Questions'.
What to Read Next? | |
|---|---|
| UEBA: Compromised Credentials Incident Analysis | Link |
| UEBA: Compromised Credentials - General Q/A | Link |
| UEBA: Shared Credentials Incident Analysis | Link |