Article Number: 000125879
Release notes for version 70 of Netskope.
Affected Products:
Netskope
Affected Operating Systems:
Windows
Mac
iOS
Android
Not applicable.
This update of Netskope contains New Features and Enhancements, Hotfix Updates, Fixed Issues, and Known Issues. For more information, click the appropriate topic.
| Category | Feature | Detailed Description and Benefits |
|---|---|---|
| App Connector | Amazon VPC App Connector Enhancement | You can now create VPC using the VPC wizard. |
| App Connector | AOL Mail Enhancement | Activities: Send, Upload, Download, Create, Rename, Edit, Delete, Move Platform: Browser DLP Supported: Send, Upload, Download |
| App Connector | Microsoft Dynamics 365 Talent Onboard App | Activities: Upload, Download, Create, Delete, Post Platform: Browser DLP Supported: Yes |
| App Connector | Google Calendar New UI Support | Activities: Create, Edit, View All, Upload, Download, Share Platform: Browser DLP Supported: Upload, Download |
| App Connector | Microsoft Forms Connector | Activities: Upload, Download, Create, Edit, Delete, Move, Post Platform: Browser DLP Supported: Yes |
| App Connector | Roadmunkl Support | Activities: Upload, Download, Log in, Log out Platform: Browser DLP Supported: Upload, Download |
| App Connector | Salesforce and ServiceNow Enhancement | Activities: Rename, Unshare |
| App Connector | Workday Human Capital Management | Activities: Download, Post, Log in, Create, Delete, Publish, Edit, View Platform: Browser DLP Supported: Upload, Download |
| DLP | IBAN False Positive | Validation added to more than 100 IBAN-related identifiers. |
| DLP | Mexico Numero de seguridad social (NSS) Support | Added support for Mexico's NSS, a local social security number. |
| IaaS | Billable Resources CSV report download option | In this release, the Billable Resources scan popup displays a 'download CSV' option to download the Billable Resources scan report. The detailed export may not exactly match the summary results in the UI, due to differences in rounding calculations. |
| IaaS | Inventory Page Copy Enhancement | With this release, you have the ability to copy a value when clicking the value. There will be a popup notification confirming the copied value. |
| IaaS | Severity for all Rules Enhancement | CSA Rule/Alert Severity Levels have been reviewed and revised to better reflect the impact of a violation on overall risk, as well as to take into account compliance standards context. |
| IaaS | Default view (table + filters) for Pagination Table Enhancements | The following UI improvements have been made:
|
| Inline | Redirect to URL upon log out | If the O365 app is configured for 'idle-timeout' as part of an inline policy, then this new feature allows admins to configure an IdP log out URL where the user session is redirected upon the idle timeout expiration. This action logs out the user not only from O365 but also from the IdP.
Note: Currently this functionality is available only for Forward proxy.
|
| Introspection | Workplace by Facebook integration | Facebook announced that they will move to a new "workplace.com" domain for Workplace in early 2019. As part of this move, all Workplace tenants will use this new domain. While this change is transparent to users of API Introspection for Workplace, Netskope has made all required backend changes and has completed testing and validation in preparation for the shutdown of the old "facebook.com" domain for Workplace. |
| Introspection | ServiceNow integration | Netskope has completed testing and validation for the latest software release of ServiceNow, called 'New York.' |
| Introspection | Salesforce integration | Previously, Netskope was not able to inspect private files for Salesforce users, unless those files were shared to an admin. This limitation is gone. You can now create a new permission set that allows introspection of these files. Details for creating this new permission set is published as part of the online help and Knowledge Hub product documentation. |
| Introspection | Retroscans | The retroscan v3 architecture is now enabled by default for all customer tenants for apps that support retroscans, excluding Salesforce and ServiceNow. |
| Netskope for Web | In user notification, displays custom and predefined category names | For the browser based notification, custom category names as well the predefined categories area displayed to the end user. |
| Netskope for Web | Category addition | A new Games Category was created to allow users to create specific policies to allow or block games. Examples include Board Games / Puzzles, Card Games, Video & Computer Games, and Roleplaying Games. |
| Netskope for Web | Netskope Proxy Enhancement | With this release, the browser displays an error message when a request is denied because of an SSL validation check failure. The information is also logged in HTTP transaction logs.
Note: Contact Support to enable this feature in your tenant. Reference, How to Get Support for Netskope.
|
| Netskope for Web | DLP on form POST | Support for DLP on Formpost was enhanced to include the content type- multipart/ form-data. This is in addition to existing support for content-type x-www-form-urlencoded. Select DLP in the policy to leverage this capability. |
| Traffic Steering | SkopeIT Events for tunneled and then bypassed traffic | In order to get additional visibility, administrators can now select if you want to log traffic that is tunneled through Netskope, but bypassed (Ex: Android traffic). This setting can be found in the Steering Configuration. |
| Traffic Steering | New App for DNS over HTTPS | As an initial solution to not lose visibility due to the usage of DNS over HTTPS, a new App has been created for domains used by various browser providers. The list can be seen in the App details page. The app can be leveraged in a policy so as to block DNS over HTTPS traffic. |
| Traffic Steering | Netskope Client: Ability to perform Speed Test | If allowed administratively from the Client Configuration, users that see the Advanced Debug menu can now also perform a speed test to the Netskope data center they are connected to. Users can select whether it is an upload or download test, and be able to specify a file size for the test, as well. This capability is also supported from the nsdiag command. |
| Traffic Steering | Netskope Client: IdPbased Provisioning Prompt user for enrollment | After the Client has been installed in the IdP provisioning mode, the Client enrollment window will now be presented to the user automatically (without the user having to click "Enroll"). This window will always be on top, and cannot be dismissed. |
| Traffic Steering | Netskope Client: Command line flag to prompt for email address | Administrators can now install the Netskope Client for IdP-based provisioning mode without prompting the user for their email address twice. However, if you must prompt the user twice because the email address is different from the IdP username, then you can prompt the user for their email address using the following Command-Line flag: Set requestEmail=1 during the installation. |
| Traffic Steering | Netskope Private Access | In preparation for Netskope Private Access upcoming GA, a new entry for *.newedge.io was added to the default Exceptions in the Steering Configuration. |
| Web UI | Auth Proxy UI Change: Replace Centrify with Idaptive | As of January 1, 2019, Centrify has spun out its IDaaS business and named it Idaptive. Centrify is replaced with Idaptive in the following places in the UI:
|
| Web UI | Printing Improvements | Printing from the UI using Chrome, Safari, Firefox, Opera, IE11, and Edge browsers has been enhanced. |
| Web UI | SkopeIT events when we tunnel+bypass any traffic | We now create SkopeIT events for traffic that is being tunneled+bypassed. |
| Web UI | New _id field | With this release, we have added the _id field for the events and alerts Rest APIs. This field provides a unique ID for each event/alert. |
| Web UI | Audit Log enhancements | Audit logs are enhanced and now capture when report schedules are created, changed, or deleted. For example, audit logs now contain details on the admin who scheduled the report, all recipients of the report, and schedule of the report. |
This section provides descriptions for hotfix updates that released after the version 69 release.
| Category | Issue Number | Issue Description |
|---|---|---|
| Anomaly Detection | 74271 | The Private IP lookup shows the source country as Iran. |
| App Connector | 84885 | For the Create activity for G Suite, define the scenarios of account creation which are detected with this activity. |
| App Connector | 74233 | A file containing malware was not detected when using BoxDrive. |
| App Info DB Contents | 87015 | Custom Cert Pinned exception disappeared from the steering rule without manually deleting. |
| Client | 87368 | Unable to access specific domains with Direct Access enabled. |
| Client | 87270 | Inconsistent IP to Username mapping in IPsec events. |
| Client | 86583 | Proceed action on User-Alert is not working as expected. |
| Client | 86516 | There are issues with Direct Access from some locations. |
| Client | 85752 | Client tunneling domains in the Exception list when using Explicit Proxy. |
| DAPII | 75779 | Custom app is shown in events but is not managed in the custom steering configuration. |
| DLP | 88323 | Email Notification always shows 'Web Proxy / Anonymizers' at the header. |
| DLP | 85451 | DLP scans are not working properly. |
| DLP | 84629 | DLP violation for files in a retroscan not working as expected. |
| DLP | 77729 | DLP Incident not accurately highlighting SIN and DOB is not identified in the Forensics page. |
| DLP | 75624 | PII data on Outlook display showing false positives. |
| DLP | 74976 | *SSN files downloaded from a specific domain is not triggering against a predefined DLP profile. |
| DLP | 74451 | DLP profile UI is timing out. |
| DLP | 84695 / 54360 | DLP file scan is not matching the .pages extension. |
| Email Notification | 86314 | Ability to edit the Note section in email notifications. |
| Email Notification | 86313 | Email notifications do not have the correct user. |
| IaaS | 82004 | Add heartbeat every five minutes with the alert count for the previous five minutes. |
| IaaS | 77390 | Compute / Users is not populating for an Azure instance. |
| IaaS | 77282 | Certain DSL functions ('like' and 'in') cannot operate on simple lists. |
| Inline Policies | 86497 | Share and Upload activities for the wetransfer app is blocked though there is no Inline policy in place. |
| Inline Policies | 84645 | Policies not working as expected when two specific users make an upload to Box. |
| Introspection | 76480 | OD/SP Webhoook Subscription is not working properly. |
| iOS VPN | 86517 | Users from NZ, SG, Aus, Istanbul were unable to connect through the Netskope VPN for iOS. |
| Netskope GRE | 85080 | Upload bytes drops drastically in a speed test when connected to Netskope GRE. |
| Provisioner Platform | 88780 | Users are added but cannot install client due to the API call returning error. |
| Provisioner Platform | 88190 | Users seeing the wrong steering configuration based on group. |
| Provisioner Platform | 85263 | The iOS Twitter app is not excepted/bypassed even though it is listed in CertPinned apps. |
| Query Service | 83687 | The Devices page Event Time Query is not working as expected. |
| Query Service | 80391 | 'N/A' is appearing instead of the application name. |
| Query Service | 57061 | App with CCL is unknown, and CCI is 50. |
| Reverse Proxy | 86483 | The calendar is not showing appointments on a shared calendar for a user going through reverse proxy. |
| Web UI | 87312 | Incorrect app domain is added while creating Custom Cert pinned app for Windows. |
| Web UI | 87274 | When the Enhanced Cert-pinned apps feature is enabled, creating a custom cert-pinned app adds random domains. |
| Web UI | 86413 | Unable to view specific OUs in the dropdown filter. |
| Web UI | 86375 | The Box Classification option is not showing up in Take Action. |
| Web UI | 77259 | Not able to change the DLP status on multiple detect events. |
| Web UI | 65074 | The Introspection Policy name is missing in the audit logs. |
| Category | Issue Number | Issue Description |
|---|---|---|
| App Connector | 90470 | The system is not detecting the upload activity for Microsoft Live Outlook.com. |
| App Connector | 90109 | Operating system and Browser values display as Windows for Upload and Download activities. |
| App Connector | 89547 | Incorrect / Incomplete domains list. |
| App Connector | 89315 | Upload and Send events are not detected properly. |
| App Connector | 88584 | The iOS app is not working after entering credentials. |
| App Connector | 88184 | User Alert log in attempt does not work properly. |
| App Connector | 88116 | Block notification was shown, but file was uploaded. |
| App Connector | 88068 | Instance ID always marked as 'Personal' for Box. |
| App Connector | 87925 | Instance ID not detected for some downloads. |
| App Connector | 87907 | No events generated for a tenant. |
| App Connector | 87788 | File uploads directly into cards is detected as Create activity in Trello. |
| App Connector | 87352 | Incorrect URL classification. |
| App Connector | 87086 | The Google Gmail app is not detecting user activity to trigger a block policy. |
| App Connector | 85932 | LinkedIn app post activity breaks the chat when sending DLP PDD data. |
| App Connector | 85774 | When using the Slack app, users intermittently observed the from_user and instance-id values updating incorrectly. |
| App Connector | 85515 | DLP and activities support for the Roadmunk app. |
| App Connector | 83204 | Switching between multiple accounts, from_user and instance-id values updating incorrectly. |
| App Connector | 83025 | Auth proxy fails as the Samsung Galaxy 8 device is recognized as a Linux device. |
| App Connector | 82726 | A user's instance ID is extracted incorrectly for Box and is therefore blocked. |
| App Connector | 77144 | The Microsoft Teams app events are not showing in the Application / Page events. |
| App Connector | 80566 | Add CrowdStrike to the default Cert pinned app list. |
| App Connector | 76350 | No SkopeIT events for upload activity for Google calendar. |
| App Connector | 48751 | Google calendar Windows browser issues. |
| App Info and DB Contents | 89655 | Filesize for download activities is now enabled. |
| App Info and DB Contents | 88911 | Domain addition for smaller PDFs. |
| Auth Proxy | 90175 | Encountering an error while setting up reverse proxy for Office365. |
| Auth Proxy | 86507 | Certain tenants are seeing a 504 timeout error. |
| Client | 89379 | Chrome OS: Device is not registered to Settings > Active Platform > Devices. |
| Client | 88878 | Unable to use Diddler and the client simultaneously, all access to steered sites is blocked. |
| Client | 87532 | If a user is on the corporate network, Skype screen share does not work. |
| Client | 72978 | If a user is on the corporate network, Skype screen share does not work. |
| DAPII | 48998 | The policy is not triggered when saving / uploading and downloading the Word document in OneDrive. |
| DLP | 90433 | IBAN showing false positives. |
| DLP | 85978 | DLP supported file types needed for documentation. |
| DLP | 82183 | DLP action is incorrectly recorded as 'None.' |
| DLP | 75441 | Unable to upload files using DLP-PDD. |
| IaaS | 91063 | With this fix, admins can export all Raw Findings page data when the table is not sorted by Status. When the table is sorted by Status, the 100K row cap still applies. This 100K row cap issue is fixed in the upcoming release. |
| IaaS | 89812 | The compliance report is showing incorrect data. |
| IaaS | 89034 | Pagination does not work properly for Settings > Introspection > Cloud Infrastructure. |
| IaaS | 87109 | Increase the limit for maximum number of Iaas instances that can be created. |
| Introspection | 73953 | Migrate current Workplace APIs to the new 'workplace.com' domain. |
| Introspection | 88167 | Workplace APIs are upgraded to version 2.12 or above. |
| Introspection | 89236 | User not listed after moving to multi geo instance. |
| Introspection | 90768 | The inline quarantine flow is not working as expected for the Box custom DLP policy. |
| Introspection | 89234 | Subsite is not listed in the Introspection policy page. |
| Introspection | 87954 | Handle deletion and renaming of repos for GitHub. |
| Introspection | 86980 | Filter Exposure 'Anyone at Enterprise' UI is not working properly. |
| Introspection | 85563 | The DLP profile is triggered even after a policy change. |
| Introspection | 85375 | Deletion of a repository is not working properly. |
| Introspection | 79622 | The DLP policy triggering on contents of the Forensic folder. |
| Introspection | 78020 | Forensics detail cannot be retrieved. |
| Introspection | 77426 | Renaming of a repository is not handled properly. |
| Introspection | 65665 | Source IP details are missing for a few events in SkopeIT > Application Events. |
| Netskope Proxy | 88489 | Added common public root certificates to the Netskope proxy. |
| Netskope Proxy | 87306 | Users are unable to access a specific domain when the Netskope client is enabled. |
| Netskope Proxy | 79515 | A previously accessible website is now inaccessible when the client is enabled. |
| Netskope for Web | 89929 | URLs with categories that are derived from the URL filter do not hit the policy action. |
| Netskope for Web | 86967 | A URL with no referrer but with valid app detect domain still comes out as 'Uncategorized' as one of the categories. |
| Netskope for Web | 86722 | Custom categories inclusions/exclusions do not work properly. |
| Provisioner Platform | 90116 | The client is disabled due to certificate errors. |
| Provisioner Platform | 88976 | The Client is not receiving the proper steering configuration. |
| Provisioner Platform | 88848 | Reports still being sent from a user who has been removed and the report is not visible to the admin to remove. |
| Provisioner Platform | 87683 | The client on-boarding invite fails. |
| Provisioner Platform | 82407 | Config failed to download. |
| Reverse Proxy | 87737 | Reverse proxy is not working correctly with Outlook. |
| Reverse Proxy | 78811 | The reverse proxy native O365 app traffic is not blocked on Android devices. |
| User Justification | 87891 | Client User Alert notification pops up after the file download completes. |
| User Manager | 86848 | Specific users are not showing up in the UI for a tenant. |
| Web UI | 90631 | Settings > Introspection > Cloud Infrastructure's Next button is not working. |
| Web UI | 89956 | The steering configuration does not show the list of managed applications. |
| Web UI | 87851 | Unable to remove category from the Exception configuration. |
| Web UI | 87023 | Modal backdrop does not hide when a user cancels creating a new email notification template in inline policies. |
| Web UI | 86955 | Make ASYNC 'filemeta' queries available in the Incidents > DLP UI. |
| Web UI | 86898 | The configured cert pinned exception is not pushed to the client. |
| Web UI | 86181 | Malware incidents that are created from threat intel matches are not working correctly. |
| App Connector | 83954 | Users are logging in to the Amazon console and trying to create a VPC, and it is blocked. However, creating it from the wizard, it does not get blocked. |
| App Connector | 77845 | Inconsistent behavior for DLP and User alerts. |
| App Connector | 68407 | AWS log in activities are not being detected in SkopeIT. |
| Auth Proxy | 72934 | ChromeBook full bypass when the Certcheker is enabled. |
| Client | 68975 | Cisco AnyConnect is disconnecting intermittently when the Netskope client is enabled. |
| Client | 68435 | When the Netskope client is enabled, certain tenants are having issues. |
| Client Services | 79181 | A user is seeing an "Email Invitation Expired" message during SAML client enforcement flow, when the Netskope client is installed but disabled. |
| DLP | 79534 | Enhancement for DLP user behavior. |
| DLP | 79526 | Enhancement for object risk level. |
| DLP | 79415 | DLP forensics capture option to store in AWS S3. |
| DLP | 79310 | DLP sampling or entire file scan option. |
| IaaS | 91655, 91779 | On the Accounts page and Regions pages, the Compute column includes only asset_type="Compute Instance". All other places, Compute would include both "Compute Instance" and "Function". |
| IaaS | 89904 | Storage scan support for Azure files. |
| IaaS | 89626 | Capture 'Justification' when remediating compliance findings. |
| IaaS | 87724 | Capture 'Justification' when muting compliance findings. |
| IaaS | 83999 | Provide a script to create a custom role for Azure. |
| IaaS | 79991 | Need to control by account and by bucket. |
| IaaS | 79768 | Data fetcher support for Google suite (for CSA checks). |
| IaaS | 78955 | The Account ID is missing for the wrapper rule results. |
| IaaS | 77830 | The Account ID is missing for the wrapper rule results. |
| IaaS | 71835 | Ability to test custom DSL in a selected AWS / Azure / GCP account. |
| IaaS | 70778 | Support for external IDs per account for an AWS tenant. |
| Category | Issue Number | Issue Description |
|---|---|---|
| IaaS | 66718 | The option for configuring regions must be enabled from the security scan policy. |
| Introspection | 67359 | Netskope Introspection, at times, receives duplicate notifications for a DLP policy from Workplace by Facebook. This is a known issue on Facebook. |
| Introspection | 41886 | Many audit events are showing up with location of blank or 'Unknown'. In some cases the user activities that are performed within the same timeframe also shows location for some events and 'Unknown' for others. |
| Introspection | 88566 | Retro scan uses UID instead of domain which results in retroscan issues. |
| Introspection | 84962 | Prevent duplicate DLP alerts when email metadata changes. |
| Introspection | 74878 | File is not replaced for quarantine, action is not appearing in the logs. |
| Introspection | 72236 | Enhancement for the Select All functionality for Introspection file actions. |
| Netskope for Web | 84461 | Prohibited URL is allowed with Netskope for Web enabled using Google translate as a proxy. |
| Query Service | 81069 | The Malware page shows different data for the Last 24 hours and Last 7 days fields. |
| SAML Proxy | 70385 | Bypass Android and iOS devices with Google MDM through reverse proxy. |
| TSS | 58450 | Encryption is not working properly for a tenant. |
| User Justification | 67146 | User justification event does not show details about the policy. |
| Web UI | 67438 | In the UI, users must be able to tell if the client invitation was sent. |
To contact support, reference Dell Data Security International Support Phone Numbers.
Go to TechDirect to generate a technical support request online.
For additional insights and resources, join the Dell Security Community Forum.
Netskope
19 Dec 2022
11
Solution