Skip to main content
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products

How to Create a Netskope Profile

Summary: A Netskope profile may be created by following these instructions.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.

Symptoms

Netskope uses profiles with policies. This article covers how to create profiles for Netskope.


Affected Products:

Netskope Admin Platform


Cause

Not applicable.

Resolution

To create a profile:

  1. In a web browser, go to the Netskope web console:
    • United States Datacenter: https://[TENANT].goskope.com/
    • European Union Datacenter: https://[TENANT].eu.goskope.com/
    • Frankfurt Datacenter: https://[TENANT].de.goskope.com/
Note: [TENANT] = The tenant name in your environment.
  1. Log in to the Netskope web console.

Netskope web console

  1. Click Policies.

Policies

  1. From the Policies bar, click the Profile to create. Options may be profiled for:
    • Data Loss Prevention (DLP)
    • Threat Protection
    • Web
    • Intrusion Protection System (IPS)
    • Connected App/Plugin
    • Domain
    • User
    • Constraint
    • Quarantine
    • Legal Hold
    • Forensic
    • Network Location

Profiles

  1. Click New Profile in the upper left.

New Profile

For more information about options to be profiled, click the appropriate option.

DLP
  1. From the Create Profile menu:
    1. Optionally, click All Regions and then select a region.
    2. Optionally, Search for a keyword.
    3. Select a Rule.
    4. Repeat Steps A, B, & C until all wanted rules are selected.
    5. Click Next.

Create Profile DLP Rules

  1. Optionally, select any fingerprints that are created. Once finished, click Next.

FC Rules

  1. Populate a profile name and then click Create Profile.

Set Profile

The default malware scan can be extended by creating a custom malware detection profile. The malware detection profile allows users to add a custom hash list as a blocklist and an allowlist. Known malicious hashes that are sourced from other intelligence sources can be included in the blocklist. Known good files (usually proprietary content specific to the enterprise) can be added to the allowlist so Netskope does not mark them as suspicious. The custom malware detection profiles can be used in the real-time protection policy creation workflow.

  1. Optionally, select a different scan, and then click Next.

Edit Malware Detection Profile Threat Scan

  1. From the Allowlist menu:
    1. Optionally, click + Create New to create a new file hash and then go to Step 8.
    2. Select a File Hash to allowlist.
    3. Repeat Steps A & B until all wanted file hashes are selected.
    4. Click Next and then go to Step 10.

Allowlist

  1. From the Add File Hash List menu:
    1. Select either SHA256 or MD5.
    2. Populate the file hash.
    3. Click Next.

New allowlist file hash list

  1. Populate a File Hash List Name and then click Save File Hash List.

Save File Hash List

  1. From the Blocklist menu:
    1. Optionally, click + Create New to create a new file hash and then go to Step 11.
    2. Select a File Hash to blocklist.
    3. Repeat steps A & B until all wanted file hashes are selected.
    4. Click Next and then go to Step 13.

Blocklist

  1. From the Add File Hash List menu:
    1. Select either SHA256 or MD5.
    2. Populate the file hash.
    3. Click Next.

New blocklist file hash list

  1. Populate a File Hash List Name and then click Save File Hash List.

Save File Hash List

  1. Populate a Malware Detection Profile Name and then click Save Malware Detection Profile.

Save Malware Detection Profile

Web

The custom category feature offers flexibility to supersede the predefined Netskope Uniform Resource Locator (URL) category mapping for a given URL and/or augment them by defining custom URL categories. This is helpful for situations in which the Netskope predefined URL category does not have a mapping for a URL (uncategorized).

Note: A Netskope Secure Web Gateway license is required to use Custom Categories.
  1. From the Categories menu:
    1. Select Categories to block.
    2. Click Next.

Web Add Custom Categories

  1. From the Exceptions menu:
    1. Optionally, click + Create New to add custom URLs and the go to Step 8.
    2. Select URLs to Include or Exclude.
    3. Click Next and then go to Step 9.

Exceptions menu

  1. Populate any URLs to add to the Inclusion or Exclusion list, and then click Next.

Add URL list

  1. Populate a URL List Name and then click Save URL List.

Save URL List

  1. Populate a Custom Category Name, and then click Save Custom Category.

Save Custom Category

IPS
  1. From the New IPS Profile menu:
    1. Populate an IPS Profile Name.
    2. Select a Security Level.
    3. Optionally, select Alert Only Mode.
    4. Click Save.

New IPS Profile

The Connected App/Plugin profile allows you to create a profile consisting of a custom list of Google apps and plugins. Use this profile to detect and prevent users from installing whatever third-party apps they add in Google.

  1. Click New Connected App/Plugin Profile.

New Connected App/Plugin Profile

  1. Click Select File to upload the .csv file consisting of the list of connected apps/plugins and IDs, and then click Next.

Selecting the connected apps or plugin file

Note:
  • The format of the .csv file should be:
    • connectedApp1,ID
    • connectedApp2,ID
    • connectedApp3,ID
  • Sign in to the Google App Engine website with your Google account's username and password. View the list of App Engine applications on the My Applications page. Each application's App ID is displayed under the Application column.
  1. Populate a Profile Name, and then click Save Connected App/Plugin Profile.

Save Connected App/Plugin Profile

The domain profile is used to define external domain accounts for email. The domain profile works with application programming interface (API)-enabled protection apps such as Gmail and Microsoft 365 Outlook.com. As part of the policy definition wizard, you can scan email messages that are sent to external domains such as xyz.com or abc.com.

  1. Populate Domain(s), and then click Next.

Populating domains

  1. Populate a Domain Profile Name, and then click Create Domain Profile.

Create Domain Profile

The user profile is used to select a user profile instead of all users or user groups in an application programming interface (API)-enabled protection policy. User profiles allow you to upload a comma-separated value (CSV) file with all the users' email addresses to include or exclude in a scan for policy violations.

  1. From the Upload CSV menu:
    1. Click Select File.
    2. Go to the CSV file of user email addresses and then double-click it.
    3. Click Next.

Upload CSV

  1. Populate a User Profile Name, and then click Create User Profile.

Create User Profile

A constraint profile is used in real-time protection policies. Constraint profiles define what a user can do for a specific activity in an app. In the case of Amazon S3, constraints detect and prevent insider threat activities.

For example:

  • Users can share contents only within the organization from Google Drive, or bypass inspection if the user is logging into their personal instance of Gmail.
  • Users cannot copy or sync data from corporate owned Amazon S3 buckets to personal or non-corporate Amazon S3 buckets.

User and Storage constraint profiles can be applied to specific activities when creating a real-time protection policy for an app. Click the appropriate profile for more information.

  1. From the Create User Constraint Profile menu:
    1. Populate the Constraint Profile Name.
    2. Select the match type.
    3. Populate the email domain.
    4. Optionally, click + Add Another and then repeat steps B & C until all wanted email addresses are populated.
    5. Click Save Constraint Profile.

Create User Constraint Profile

Note:
  • The email domain may be populated with a wildcard before the domain to block or allow an entire domain. For example, *@dell.com.
  • For example, to block users from sharing files outside the organization, specify the email address Does not match with the value *@dell.com.
  1. Click the Storage tab.

Storage

  1. Click New Storage Constraint Profile.

New Storage Constraint Profile

  1. From the Create Storage Constraint Profile menu:
    1. Populate the Constraint Profile Name.
    2. Select the Match Type.
    3. Select the Amazon S3 Buckets to be matched.
    4. Click Save Constraint Profile.

Create Profile

Note: For example, to block copy or sync operations to a bucket outside the organization, choose Does not match and select an instance or individual buckets in a specific region.

A Quarantine profile is used for specifying where the file must be quarantined when there is a policy action of Quarantine. Use tombstone files to replace the content of the original file. The name and extension of the original file are preserved.

Note: For more information about supported apps, reference Netskope API Data Protection Overview.
  1. From the Settings menu:
    1. Select an App.
    2. Select an Instance.
    3. Populate the User Email to own the quarantine folder.
    4. Populate email addresses separated by commas to receive notifications when a file is uploaded to the quarantine folder.
    5. Click Next.

Create Quarantine Profile

  1. From the Customize menu:
    1. Select Default or Custom Tombstone Text.
    2. If Custom Text was selected, populate custom tombstone text. Otherwise, go to Step C.
    3. Select Default or Custom Malware Tombstone Text.
    4. If Custom Text was selected, populate custom malware tombstone text. Otherwise, go to Step E.
    5. Optionally, select Use Uploaded Tombstone File.
    6. Optionally, click Customer Provided Tombstone Files and then go to Step 8.
    7. Click Next and then go to Step 9.

Customize menu

Note: Custom tombstone text does not apply for file extensions .xls(x) and .ppt(x). For these file types, Netskope displays the default tombstone text.
  1. From the Customer Provided Tombstone Files menu:
    1. Populate a Tombstone File Extension.
    2. Click Select File to upload a tombstone file.
    3. Click Upload.

Customer Provided Tombstone Files

  1. Populate a Quarantine Profile Name and then click Create Quarantine Profile.

Create Quarantine Profile

Legal hold is a process that an organization uses to preserve all forms of relevant information when litigation is reasonably anticipated. A legal hold profile is used for specifying where the files must be held for legal purposes.

Note: For more information about supported apps, reference Netskope API Data Protection Overview.
  1. From the Create Legal Hold Profile Settings menu:
    1. Select the App where you want the files to be uploaded for legal hold purposes.
    2. Select the Instance of the app.
    3. Populate a Custodian Email to own the legal hold folder.
    4. Populate Notification Emails of any administrators that should be notified when a file is uploaded to the legal hold folder.
    5. Click Next.

Create Legal Hold Profile Settings

Note:
  • For more information about creating an instance, reference How to Create Netskope API-Enabled Protection Instances.
  • Before setting up a legal hold profile for Microsoft 365 OneDrive/SharePoint apps, the custodian should log in to the Microsoft 365 account and set up the OneDrive/SharePoint app.
  • For Slack for Enterprise app, the email address should be the same as that you entered during the Slack for Enterprise instance setup.
  1. Populate a Legal Hold Profile Name and then click Create Legal Hold Profile.

Create Legal Hold Profile

This feature provides the data loss prevention (DLP) forensic details when a policy triggers a violation. Forensic information may contain sensitive content. In order to maintain privacy, you must select a forensic profile to store forensic information.

  1. From the Create Forensic Profile menu:
    1. Select the App for which you want to enable incident management.
    2. Select the Instance of the app.
    3. Populate the app-specific information.
    4. Click Next.

Create Forensic Profile menu

Note:
  • Step 6C varies based on the application chosen. This information is used to identify the data to monitor.
  • For more information about creating an instance, reference How to Create Netskope API-Enabled Protection Instances.
  • If using Microsoft Azure, populate the Azure storage account name. To locate the storage account name, log in to portal.azure.com. Go to All services > Storage > Storage Account. The page displays a list of storage accounts. Enter the Azure container name. Netskope uploads the forensic file in this container. To locate the container name, log in to portal.azure.com. Go to All services > Storage > Storage Account. The page displays a list of storage accounts. Click a storage account name and then go to Blob service > Blobs. The page displays a list of containers.
  • Before setting up a forensic profile for Microsoft 365 OneDrive app, the owner should log in to the Microsoft 365 account and set up the OneDrive app.
  1. Populate the Forensic Profile Name and then click Create Forensic Profile.

Create Forensic Profile Settings

  1. Click Settings.

Settings

  1. Click Incident Management.

Incident Management

  1. From the Edit Settings menu:
    1. Click to Enable Forensic.
    2. Select a Forensic Profile.
    3. Click Save.

Edit Settings menu

Note: For more information about incidents, reference What Are Netskope Incidents?

You can add a single object or multiple object network location.

  1. From the Addresses menu:
    1. Populate either an IP address, IP address range, or a classless inter-domain routing (CIDR) netmask.
    2. Click the + to the right.
    3. Click Next.

Add Network Location Addresses

  1. Populate a Network Location Object Name, and then click Save Network Location.

Save Network Location


To contact support, reference Dell Data Security International Support Phone Numbers.
Go to TechDirect to generate a technical support request online.
For additional insights and resources, join the Dell Security Community Forum.

 
 
 

Additional Information

 

Videos

 

Affected Products

Netskope
Article Properties
Article Number: 000126833
Article Type: Solution
Last Modified: 20 dec 2022
Version:  11
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.