Article Number: 000126827
Netskope Version 76 Release Notes
Summary: This article contains release notes for version 76 of Netskope.
Article Content
Symptoms
Release notes for version 76 of Netskope.
Affected Products:
Netskope
Affected Products:
Windows
Mac
iOS
Android
Cause
Not applicable.
Resolution
This update of Netskope contains New Features and Enhancements, Known Issues, Fixed Issues, and New Resource Types Supported in Continuous Security Assessment. For more information, click the appropriate topic.
Note: For release notes of other versions of Netskope, reference Netskope Release Notes.
| Category | Feature | Detailed Description and Benefits |
|---|---|---|
| API Protection | Gmail by Google | With release 76, there is a change of behavior for the way Netskope handles Gmail by Google. Netskope does not scan email messages in the trash folder. Netskope continues to scan email messages in the sent folder. |
| API Protection | Microsoft Office 365 Outlook | With release 76, Netskope does not scan email messages in deleted items. Netskope continues to scan email messages in sent items. |
| API Protection | Microsoft Teams | We have now added Threat Protection capabilities to Microsoft Teams. Any content uploaded by an attachment to Microsoft Teams is automatically scanned for threats. Admins can enable this capability from the Settings section of the UI. |
| API Protection | New Listings Framework | With R76, we enable the new listings framework by default for OneDrive and Box. This means that any new tenants creating an integration with these apps can benefit from a more reliable and performant listings flow. Apart from the above apps, we can enable the new listings framework for SharePoint, using a feature flag (this is not default). More apps will follow in future releases. |
| API Protection | Box | Customers setting up new Box instances are required to enable Box Event Stream on their Box accounts before setting up API Protection with Netskope. Without this step, all grant access fails, and the installation does not complete. |
| CASB Inline Protection | Outlook for Business | Enhanced the Outlook for Business connector for a relative URI check. This enhancement helps avoid traffic changes. Activities: Upload, Download, Send, Create, Post, Edit, Delete Platform: Browser DLP: Yes |
| CASB Inline Protection | Outlook Live | Enhanced the Outlook Live connector for a relative URI check. Activities: Upload, Download, Send, Create, Post, Edit, Delete Platform: Browser DLP: Yes |
| Data Protection | New DLP Image Classification Models | New ML-based image classification models for detection of Credit card and SSN card images. These classifiers allow detection of sensitive information accurately without the need for deep content inspections. This capability is available for Advanced DLP licenses. |
| Directory Services | Netskope Adapters | The Netskope Adapter (NS Adapter) has been tested to ensure compatibility with the current cloud platform. Its version number has been updated to confirm this compatibility. No other changes have been made to the NS Adapter in this release. |
| NG SWG / CASB | Behavior Analytics Predefined Rules | When editing the predefined rule-based policy with App Instance criteria, users see a list of app instances that are based on Real-time Protection. The list now displays the instance name that is created by the user. |
| NG SWG | CrowdStrike Integration | Netskope's current CrowdStrike integration is based on an old API that will soon be retired. CrowdStrike has introduced the new OAuth2 API and Netskope has adopted this API starting in this release. Instead of using username and password (provided by our users through the UI) to authenticate to CrowdStrike, we use OAuth2 that relies on authentication tokens. Users with a CrowdStrike integration must configure an API Client ID and an API Client Secret in the UI after Release R76 is deployed. More information can be found at CrowdStrike: https://www.crowdstrike.com/blog/tech-center/get-access-falcon-apis/  .and https://support.netskope.com/hc/en-us/articles/360051560133-Netskope-Service-CrowdStrike-OAuth2-Based-Authentication-Update  . |
| Netskope for IaaS | AWS S3 Bucket Size | A new metadata "Bucket Size" has been added for S3 buckets. This requires additional permissions to be added to the existing IAM policy attached to the cross account role in the AWS environment. There are two ways that you can add the required permissions for continuous security assessment:
|
| Netskope for IaaS | New Remediation Steps | In this release, we added remediation steps for predefined best practice rules for AWS, Azure, and GCP. |
| Netskope for IaaS | S3 Inventory DOM Enhancement | In this release, we added an additional S3 bucket access level to eliminate the presence of public objects in private buckets. |
| Netskope for IaaS | Storage Page Size Information | We can show the used size on AWS S3Buckets and Azure Storage Account, on UI, Export, and Inventory API. |
| Netskope for IaaS | Azure Load Balancers Enhancement | CSA for Azure support extended for Load Balancer. The following attributes are added for Loadbalancer:
|
| Platform Services | Improved Security Posture | To help provide a better out of the box security posture, the following two features are enabled by default in this release:
|
| Platform Services | OPLP Amazon S3 Bucket Enhancement | In this release, we added functionality to support downloading files from a specific subfolder in an AWS bucket. CLI commands to support it are also provided under the same command hierarchy. |
| Private Access | NPA Android and Chrome Client Support | With this release, we have added NPA support on Android and Chrome OS devices. |
| Private Access | Periodic Reauthentication | If Periodic reauthentication is enabled and IdP is configured, the Netskope client is prompted to authenticate. If reauthentication does not happen, the NPA tunnel shuts down. |
| Steering | New HTTP Port Support | When deployed in CASB mode, the Netskope iOS solution will now also tunnel traffic on port 80. |
| Steering | GRE Tunnel State Enhancements | The GRE setup workflow has been simplified in this release to remove the selection of primary or secondary POPs. This information is provided for reference, and the configuration being created can accept tunnels from the customer peer device to any Netskope POP where GRE is available. Also, an improved tunnel status page has been created. This shows Keep Alive state in addition to the state of the tunnel. It also allows admins to further use filters to view specific subset of tunnels. Finally, there are numerous improvements around tunnel stability and health of the overall service. |
| Steering | New Steering Method: Explicit Proxy in the Cloud | Netskope is introducing a new method to steer traffic directly from an endpoint to the Netskope Cloud using a PAC (proxy autoconfiguration) file or proxy settings. Configuration details are available in your admin console, and you have the ability to allowlist known locations for Netskope to trust the traffic from. |
| Steering | Netskope Client Golden Release | The current golden release is version 75.0.0.463. Golden releases undergo extensive test coverage and support backward compatibility up to two previous versions. We recommend that you deploy the golden release of the Client to the endpoints when the autoupdate is disabled. Access this page for details: https://support.netskope.com/hc/en-us/articles/360014589894-Download-NetskopeClient-and-Scripts  |
| Category | Issue Number | Issue Description |
|---|---|---|
| API Protection | 106393 | SharePoint file listing, the site email ID is not appearing for certain external shared files. |
| CASB Inline Protection | 105656 | Custom attributes uploaded using Rest API are not updating properly. |
| CASB Inline Protection | 106487 | The Office app instance is not matching the policy correctly. |
| CASB Inline Protection | 105827 | SVG file detection fails when the file type as 'images' is used as a condition. |
| CASB Inline Protection | 105656 | Custom attributes uploaded using Rest API are not updating properly. |
| CASB Inline Protection | 105263 | Intermittently, the from_user field does not contain the domain name for Google Drive/Gmail. |
| CASB Inline Protection | 97093 | Several Google domains are inaccurately detected as Google Drive. |
| CASB Inline Protection | 94512 | Upload activity is not consistently detected for Microsoft Office 365 OneDrive for Business, and the wrong file size displays for uploads greater than 1 GB. |
| CASB Inline Protection | 83741 | DLP incident is showing incorrect information for a particular account. |
| NG SWG / CASB | 93218 | Forward to proxy integration does not properly work with app instances. |
| NG SWG | 106491 | False positive detected as malware for multiple files. |
| NG SWG | 106297 | The NSClient IdP provisioning is returning a "503 service unavailable" error. |
| Platform Services | 105875 | HTTP GET request on port 80 is not working properly. |
| Private Access | 106873 | When the Periodic Re-authentication checkbox is enabled, a message prompts the user to configure an IdP using SAML. The link to do this sends the user the Client SAML page in the UI when it should go to the Forward Proxy SAML page. |
| Private Access | NPA-1521 | When a private application is configured for a specific port, only that port is accessible for application. Attempts to access the host on other legitimate ports are dropped at the client. |
| Private Access | NPA-1504 | For Chromebook, email logs using Gmail does not work. |
| Reports | 105757 | The New Reports show results for some queries only if the timestamp is added to the query. |
| Reports | 103989 104501 |
Schedule Report shows no data for a particular date. |
| Reports | 98481 | For some users, the Application Events report is not properly sent using email. |
| Steering | 102581 | Some end-user devices are missing client installation times. |
| Threat Protection | 100472 | The Malicious Sites overview widget is not showing data. |
| Web UI | 100855 | The Incidents page is timing out for certain accounts. |
| Web UI | 101824 | The query for src_longitude and src_latitude is not working properly. |
| Category | Issue Number | Issue Description |
|---|---|---|
| API Protection | 101158 | This change addresses of who shows up as the owner of files in SharePoint. If the last modified information is not available from the admin to Netskope using API, the system uses file owner as the owner of the incident. If Netskope fails to get that information, the system uses granting admin users as the owner of the incident. |
| API Protection | 105723 | Microsoft Teams notification timestamp mismatch. |
| API Protection | 105325 | Box new file listing lists the shared folder multiple times (once for each collaborator). |
| API Protection | 105309 | When trying to create a policy for API-Enabled Protection for Teams, an error is seen when trying to select User or Team options. |
| API Protection | 104808 | Box webhook notifications are not correctly received for a particular account. |
| API Protection | 104573 | Enabled malware scanning for Microsoft Teams direct messages and group chats files |
| Data Protection | 99032 | DLP on OCR images does not work correctly for Google Sheets. |
| Netskope for IaaS | 103838 | False positives appear in the Azure Compliance report. |
| Netskope for IaaS | 100447 | The Inventory page, Tags filter malfunctions for some tags. |
| Netskope for IaaS | 105002 | The IaaS Compliance Raw Findings status shows up correctly in the UI but displays as 'Unknown' in the CSV export. |
| Netskope for IaaS | 103838 | There are compliance findings that are being reported for accounts using the CIS compliance baseline that are not reported correctly. |
| Netskope for IaaS | 101202 | The Azure cloud infrastructure inventory status is not displaying correctly in the UI. |
| Netskope for IaaS | 106917 | Incorrect status showing in the UI for certain accounts. |
| Netskope for IaaS | 106379 | Azure Encryption rules show as failing for operating system and data disk even though there is no data disk attached. |
| Netskope for IaaS | 105002 | The Compliance Raw Findings status shows up correctly in the web UI but returns "Unknown" in CSV export. |
| Netskope for IaaS | 96176 | The Resource Details panel was not displaying the latest attributes due to stale cache. |
| Private Access | NPA-1384 | In some Windows environments, NPA activation has been prevented due to file system access errors. |
| Web UI | 104695 | Users that would like to link raw HTML links containing spaces or other special characters in Email Notification Templates can do so by wrapping the links in <link> tags. For example, <link>http://example.com/My special link/with spaces?query=value</link>. |
| Cloud Provider | Entity | Attribute Changes |
|---|---|---|
| Azure | Load Balancer | none |
To contact support, reference Dell Data Security International Support Phone Numbers.
Go to TechDirect to generate a technical support request online.
For additional insights and resources, join the Dell Security Community Forum.
Article Properties
Affected Product
Netskope
Last Published Date
20 Dec 2022
Version
13
Article Type
Solution