Netskope One Integration with TEM

Overview

Threat Exposure Management (TEM) integrates with Netskope One to help organizations identify IPS misconfigurations, validate exposure against real-world attack techniques, and strengthen overall network resilience.

By aligning exposure insights with Netskope One enforcement controls, security teams can improve visibility, validate protections, and ensure consistent policy enforcement across web and threat protection layers.

Supported Capabilities

  1. Indicators - Manages threat intelligence across all integrated security controls, ensuring consistent alignment and protection across the organization.

  2. Protection Hardening - Controlled Transition of IPS protections to Block mode strengthens security while minimizing operational impact.

Integrating Netskope One with TEM

Step 1 - Generating API Tokens

Creating REST API v2 Token (Service Account)

  1. Log in to the Netskope One portal.

  2. Go to Settings > Administration > Administrators & Roles > Roles.

  3. Create a new role with the following permissions:

    Category

    Sub-Category

    None

    View

    Manage

    Manage And Apply

    Objects

    URL List

    Skope IT

    Alerts

    Threat Prevention

     

    Integration

    IPS

  4. Save the role.

  5. Navigate back to the Administrators tab and select Service Account.

  6. In the New Service Account pop-up, enter the following details:

    1. In the Name field, enter TEM.

    2. From the Role dropdown, select the required role.

    3. In the Generate token now with expiry field, set the period to 24 Months.

  7. Click Create.

  8. In the confirmation pop-up, click Copy Token.

    Note - Ensure the Service Account Name and Token are copied and stored securely for later use in the integration.

Creating REST API v1 Token

  1. Go to Settings > Tools > REST API v1.

  2. Click Generate New Token.

  3. In the Token Expiry pop-up, select Never from the dropdown.

  4. Click Save.

    Note - Ensure the Token and Tenant are copied and securely stored for further use in the integration.

Step 2 - Configuring URL Blocking Components

Creating a URL List

  1. Go to Policies > Web > URL Lists > New URL List.

  2. In the New URL List pop-up, enter the following details:

    1. In the URL List Name field, enter a name for the list.

    2. In the URL Type field, select Exact.

    3. In the URL & IP Address field, enter https://placeholder.veriti.ai

  3. Click Save > Apply Changes.

  4. In the confirmation pop-up, click Apply.

Creating a Custom Category

  1. Go to Policies > Web > Custom Categories > New Custom Category.

  2. In the New Custom Category pop-up, enter the following details:

    1. In the Custom Category Name field, enter a name for the category.

    2. (Optional) In the Categories field, set the value to None.

    3. In the URL List (Include) field, select the URL list created in Step 2.

    4. (Optional) In the URL List (Exclude) field, set the value to None unless specific URLs must be excluded.

  3. Click Save.

  4. In the confirmation pop-up, click Apply.

Creating a Web Access Policy

  1. Go to Policies > Real-time Protection > New Policy > Web Access.

  2. In the Real-time Protection Policy pop-up, enter the following details:

    1. Destination

      1. In the Destination field, select Category from the dropdown.

      2. In the Category field, select veriti_block_category.

    2. In the Profile & Action section, set Action to Block.

  3. Click Save.

Step 3 - Configuring File Hash Blocking Components

Creating a File Hash Profile

  1. Go to Policies > File > New File Profile.

  2. Configure the following File Hash profile settings:

    1. Navigate to File Hash and select Add File Hash By Type from the dropdown.

    2. In the Import From CSV field, enter the placeholder hash a20ee41de64f8e1bab1e7789653a7c681f32607d1d214b20309783b836641eea

  3. Click Next.

  4. In the Profile Name field, enter a name for the profile.

  5. (Optional) In the Description field, enter a brief description.

  6. Click Save.

  7. In the confirmation pop-up, click Apply.

Creating a Malware Detection Profile

  1. Go to Policies > Threat Protection > New Malware Detection Profile.

  2. In the New Malware Detection Profile pop-up, select the created filter profile name in the Block These File Filter Profiles field.

  3. Click Next.

  4. In the Edit Malware Detection Profile pop-up, enter a name in the Profile Name field.

  5. Click Save Malware Detection Profile.

  6. In the confirmation pop-up, click Apply.

Creating a Threat Protection Policy

  1. Go to Policies > Real-Time Protection > New Policy > Threat Protection.

  2. Configure the following settings:

    1. (Optional) In the Source field, select the users or user groups to which the policy applies.

    2. In the Destination field, choose Application/Category, and configure the fields.

    3. In the Profile & Action field, select the Malware Detection Profile created previously, and set Add Traffic Action to Block.

    4. In the Policy Name and Group section, enter a name for the policy and assign it to the required group.

  3. Click Save.

  4. In the confirmation pop-up, click Apply.

Step 4 - Configuring the TEM Portal

  1. Log in to the TEM portal.

  2. Go to Settings > Integrations > Catalog > Netskope One.

  3. In the Netskope One pop-up that appears, navigate to the Connection tab and enter the following details:

    1. In the Connection Name field, enter a name for this connection.

    2. In the Tenant field, enter the tenant name copied from the Netskope One dashboard URL.

    3. In the Username field, enter the username of the Netskope One service account created for the integration.

    4. In the Password field, enter the password associated with the Netskope One service account.

    5. In the API v1 Token field, enter the REST API v1 token generated from Netskope One.

    6. In the API v2 Token field, enter the REST API v2 token generated from the service account.

    7. In the URL List Name field, enter the name of the URL list created in Netskope One.

    8. In the File Hash List Name field, enter the name of the File Hash profile created in Netskope One.

    9. (Optional) Enable the Customer Proxy checkbox if the integration traffic must be routed through your organization’s proxy server.

  4. Click Next.

  5. (Optional) In the Configuration section, enable the Import Indicators created before this integration was set up checkbox to backfill existing indicators into the integration.

  6. Click Connect to establish a connection.