Release notes for version 73 of Netskope.
Affected Products:
Netskope
Affected Operating Systems:
Windows
Mac
iOS
Android
Not applicable.
This update of Netskope contains New Features and Enhancements, New Resource Types Supported in Continuous Security Assessment, Fixed Issues, and Known Issues. For more information, click the appropriate topic.
Category | Feature | Detailed Description and Benefits |
---|---|---|
API-enabled Protection | Microsoft Teams Support | With this release, Netskope introduces support for API-enabled protection of Microsoft Teams. Supported capabilities include:
|
App Connector | Baidu | App enhancement: added new domains: baidu.com and baidu.cn. |
App Connector | Basecamp | Activities: Log in Successful, Log in Attempt, Log in Failed, Log out, Create, Edit, Delete, Upload, Download, Post, Share, Publish, Invite Platform: Browser DLP: Upload, Download, Post |
App Connector | Dropbox | App enhancement for Google Docs and Sheets. Activities: Create, Delete |
App Connector | GitHub | App enhancement Activities: Create File, Edit File, Invite User Platform: Browser DLP: Create, Edit |
App Connector | Google Drive | App enhanced to avoid multiple lookups and multiple reset messages. |
App Connector | Microsoft Office | Enhanced OneDrive For Business connector for IMDB key-value pair update/lookup logic for Edit activity. |
App Connector | Microsoft Office | Enhanced OneDrive For Business connector for IMDB key-value pair update/lookup logic for Edit activity. |
App Connector | smallpdf.com | Netskope supports the smallpdf.com connector with file uploads going to Amazon S3 storage. The app name is identified as Amazon S3 in the events based on the host. Activities: Upload Platform: Browser DLP: Upload |
App Connector | Workshare | Activities: Log in Attempt, Log in Failed, Log in Successful, Log out, Upload, Download, Post, Create, Edit, Delete, Invite Platform: Browser DLP: Upload, Download, Post |
App Connector | Yahoo Mail | App enhanced to extract from_user and instance after log in. In addition, traffic is enhanced due to Yahoo's new web UI update. |
Directory Services | Netskope Adapters | The Netskope Adapter (NS Adapter) has been tested to ensure compatibility with the current cloud platform. Its version number has been updated to confirm this compatibility. No other changes have been made to the NS Adapter in this release. |
DLP | ML Classification for Inline Deployment | ML classification services for image classification are now available for customers using the inline deployment method. This capability is available for the Advanced DLP licenses. Contact Support to enable this feature in your account. |
IaaS | AWS CSA Policy Wizard | The Security Assessment policy wizard no longer provides an option for Region. |
IaaS | Inventory API Returns All Possible asset_categories | Public cloud inventory REST API supports all possible resource categories. With this change, the old resource_category may not work, and admins must provide resource_category values based on DOM.We also added a resource type filter, which helps to filter inventory data with one or more resource types. All the resource categories that are supported by Netskope are listed in the online help page: https://support.netskope.com/hc/en-us/articles/360014190893-CustomRules-using-Domain-Specific-Language |
IaaS | Results Refresh | The UI now prompts the user to refresh the web page when new Compliance, Inventory, or Overview pages are available. |
IaaS | Updated Tooltip and Set up Text for the Forensics Checkbox for Azure Instance Set Up | As of R67 release, SaaS/Introspection customers have an option to store forensic data for DLP incidents in Azure Storage Blobs. This requires an Azure subscription to be configured. The new tooltip reads as follows: "Check this box if you would like to use Azure Blob Storage to save DLP incident forensics data." |
Netskope Proxy | Bypass Reason for all Bypassed Traffic Events | A new event is added in every bypassed traffic that is called, bypass_reason . This field contains the reason for bypassing that particular traffic. |
Netskope for Web | Support HTTP/HTTPS Traffic to non-standard Ports | Netskope SWG customers can use Netskope Client to steer Web traffic (HTTP/S) on any port. To use the feature, enable the option under the specific steering configuration and define the ports and/or domains to steer the traffic. |
Traffic Steering | OS Name enhancement for Windows 10 in Device Details page | The device details pages for Windows 10 devices show the operating system platform name and the build number. |
Traffic Steering | FPKI Support for iOS Devices | Netskope now supports certificates that are issued in FPKI format to be able to parse user email address and Tenant OU from alternate fields and not just the Subject name. |
Traffic Steering | Netskope Client Configuration Window to Show Users' Detected Location | The Netskope Client configuration window now shows the users' location (on premises or remote) if Dynamic Steering functionality is configured. |
Cloud Provider | Entity | Attribute Changes |
---|---|---|
AWS | Snapshots is a newly supported entity in the Compute category. | Image entity has the following new attribute: NoneNoneUnknownAccountExposureboolean The following attribute is removed from VPC > Endpoints.
|
Category | Issue Number | Issue Description |
---|---|---|
API-enabled Protection | 93538 | Special characters are not handled during Slack grant. |
API-enabled Protection | 84962 | Fixed duplicate DLP alerts when email metadata changes. |
API-enabled Protection | 83547 | Filemeta aggregation bootstrap script is not working for large tenants. Previous to this fix, the API-Protection dashboards could get out of sync with backend systems resulting in inconsistent counters shown on the UI. |
API-enabled Protection | 94339 | Instance inception improvements for resource listings. With this release, we have redesigned the inventory scan workflow for increased performance and resiliency. This will initially be rolled out for Box and OneDrive with other apps to follow. |
DLP | 98466 | PDD rules are not triggering as expected. |
DLP | 85005 | The rule errors out when Auto-dict files are created for columns with no data. |
IaaS | 97620 | Data schema that is optimized for the Compliance > Rules and Compliance > Resources pages. |
IaaS | 96795 | For CSA, Volume snapshots that are owned by the AWS account are listed. Amazon owned snapshots are non-editable and not listed. |
IaaS | 87724 | A Mute Justification text box is now added in the mute popup to record why admins are muting compliance findings. |
Traffic Steering | 81384 | Windows release 73 MSI installer no longer supports the addon.goskope.com command-line parameter.The addon-<tenant>.goskope.com must be passed in the MSI command-line parameter. |
Traffic Steering | 59142 | Netskope SWG customers can use the Netskope Client to steer Web traffic (HTTP/S) on any port. To use the feature, enable the option under the specific steering configuration and define the ports and/or domains to steer the traffic. |
Traffic Steering | 91720 | The client detects network interface change and reconnects tunnel if needed. |
Traffic Steering | 95749 | The client retransmits SYN packet if it receives CONNECT packets from the proxy before it receives SYN-ACK. This makes the client to proxy connection more resilient. |
Traffic Steering | 98112 | The system can handle the escape character so that it does not close the notification dialog. |
Category | Issue Number | Issue Description |
---|---|---|
API | 99290 | Transaction event log errors, showing Errors 500 and 502. |
API-enabled Protection | 91204 | Files are not appearing in the Incidents > Quarantine page, however, the SkopeIT event shows Quarantine. |
API-enabled Protection | 72236 | The Select All functionality for file actions only selects visible entries for set pagination. |
API-enabled Protection | 100729 | Microsoft Teams: Scan of attachments in private channels is not supported. |
App Connector | 98790 | The LinkedIn app follow and unfollow activities are not detected from the main page. |
App Connector | 99337 | Incorrect edit activity for OneDrive. |
App Connector | 98546 | The Yahoo Japan mail Send activity hits a block policy but email is sent successfully on iOS devices. |
App Connector | 98462 | A policy for Dropbox folder creation and deletion is not working as expected. |
App Connector | 98266 | An O365 instance ID is not detected, causing false positives. |
App Connector | 98233 | Instance detection for Gmail is not working as expected. |
App Connector | 98206 | Blocked upload events for smallpdf.com, however, uploads are successful. |
App Connector | 98069 | Activities are not detected for the Microsoft Teams web app. |
App Connector | 97212 | Not all GitHub activities are detected using the Netskope Client. |
App Connector | 97188 | The from_user constraint does not work correctly when using iOS+Box. |
App Connector | 96839 | The instance ID for upload activity when using public shared links is not working correctly. |
App Connector | 96774 | Dropbox policy is not working correctly. |
App Connector | 94789 | The Skillsoft/Skillport app connector is not working correctly. |
App Connector | 94625 | Traffic from the Box Drive app is not working correctly. |
App Connector | 94422 | More domains for Baidu Cloud are needed. |
App Connector | 94390 | The SharePoint app connector, shared credential anomaly is not working correctly. |
App Connector | 85708 | Inconsistency in determining the Box instance ID. |
Auth Proxy | 98720 | Users can access Outlook from unmanaged devices when they should be blocked. |
Auth Proxy | 82557 | Reverse proxy is blocking Android Outlook native apps. |
Event Forwarder | 88629 | The incorrect Dest IP to location mapping is showing in the App events. |
IaaS | 98347 | Custom IaaS report generation using RBAC role access has the following limitations:
|
IaaS | 100056 | Documents that are generated by Netskope should reflect actual info. As of Release 73, the PDF version of reports does not have remediation steps for some rules, while CSV versions of reports do have remediation steps for those rules. |
IaaS | 97175 | When a new instance is created and users go to the inventory page, the account name does not appear in the filter. There is a cache which is invalidated after 1 hour. However, the account will appear in the filter after 1 hour. |
Inline Policies | 97513 | Policy sync delay. |
Inline Policies | 97376 | Inline policies are not triggering properly. |
Inline Policies | 95503 | Obfuscation is applied to the inline policy section so admins are unable to select users when creating policies. |
Netskope Client | 100448 | The Netskope client may sometimes experience a lock condition if the port range is too wide. |
Netskope Proxy | 98521 98112 |
Data is uploaded when the ESC key is pressed on the block popup. |
Notification Service | 94090 | There is no email notification flag set in policy events. |
Policies | 98705 98599 |
New policies are not working with the Melbourne data center. |
Policies | 98068 | There is a delay in the Policy sync. |
Query Service | 96660 | The Blocked Apps home page widget is not showing data for discovered events. |
Query Service | 96255 | The API-enabled Protection dashboard is showing inaccurate data. |
Query Service | 91798 | Unable to create a report widget using a 'line' and summarize by 'group'. |
Query Service | 86990 | When loading Malware Incidents, the dashboard is blank. |
Real-time Protection | 97888 | Inline data packets are not retransmitted by the system when it is dropped in the network. |
Reports | 98209 | Blank PDFs are generated for reports. |
REST API | 93257 | Multiple steering configuration apps are missing. |
Reverse Proxy | 98792 | Users are unable to access Workplace for FaceBook. |
Reverse Proxy | 95961 | The Slack Enterprise setup is failing with JumpCloud SSO and Netskope Reverse Proxy. |
Risk Insights | 98682 | 4xx status codes are incorrectly interpreted by Netskope as Block events, even when the actual actions that are listed in the logs are Allow or Error. |
Traffic Steering | 95749 | Intermittent internet connectivity issue detected. |
Web UI | 97784 | View Pending Changes for the URL List is blank. |
Web UI | 97106 | The API-enabled Protection Policy hit-counts are not working correctly. |
Web UI | 97008 | When admins make a change for Introspection threat protection (alert to quarantine), no audit log is created showing the change. |
Web UI | 96552 | The SkopeIT > Applications page for role-based user access is incorrectly showing the Anomalies link. |
Web UI | 95163 | Unable to delete a custom app when steering all web traffic. |
Web UI | 95142 | The API-enabled Protection policy hit counter is not updating properly. |
Web UI | 95043 | There is a limitation with domain profile uploads. |
Web UI | 94532 | The template tag, NS_APP_CATEG_APPINSTANCE , is not rendering correctly in email messages. |
Web UI | 94338 | The Policy hit count is not incrementing correctly for multiple accounts. |
Web UI | 91176 | Before release 69, admins could select multiple categories in a policy and use "All Activities" for non-DLP policies. Post release 69, activities must be manually selected and there are only three choices (upload, download, and browse) when using multiple categories. |
Web UI | 80288 | The filter for domain is not displaying any values. |
Web UI | 100039 | Cosmetic Web UI issue for non-standard port feature. |
Web UI | 100823 | Netskope recently added Zoom to the certificate pinned list for Windows. However, for existing steering configs, Zoom is not appearing by default. The workarounds include:
|
To contact support, reference Dell Data Security International Support Phone Numbers.
Go to TechDirect to generate a technical support request online.
For additional insights and resources, join the Dell Security Community Forum.