NSK101 Questions and Answers

SD-WAN technology is used in the following scenarios:

To optimize utilization and performance across multiple Internet connections:

SD-WAN allows organizations to aggregate multiple Internet connections and optimize traffic flow based on application requirements and network conditions. This improves overall network performance and ensures efficient use of available bandwidth.

To replace dedicated MPLS connections with multiple broadband WAN and mobile options:

SD-WAN provides the flexibility to use a mix of broadband, LTE, and other connectivity options to replace traditional MPLS circuits. This can significantly reduce costs and improve agility in network deployment and management.

References:

Netskope Knowledge Portal: SD-WAN Integration

Netskope Knowledge Portal: Benefits of SD-WAN

An App Instance is a feature in the Netskope platform that allows you to define and identify different instances of the same cloud application based on the domain name or URL. For example, you can define an App Instance for your enterprise Google Drive instance (such as drive.google.com/a/yourcompany.com) and another App Instance for your personal Google Drive instance (such as drive.google.com). This way, you can differentiate between them and apply different policies and actions based on the App Instance. You would want to define an App Instance to achieve this level of granularity and control over your cloud application activities. Creating an API Data Protection Policy for a personal Box instance, enabling the instance_id attribute in the advanced search field, or differentiating between an enterprise Google Drive instance vs. an enterprise Box instance are not valid reasons to define an App Instance, as they are either unrelated or irrelevant to the App Instance feature. References: Netskope Security Cloud Operation & Administration (NSCO&A) - Classroom Course, Module 5: Real-Time Policies, Lesson 4: App Instances.

In the context of the cloud shared responsibility model, the customer's responsibilities include:

Controlling access:

Customers must manage access controls to ensure that only authorized users can access their data and applications. This includes implementing identity and access management (IAM) policies, multi-factor authentication (MFA), and regular auditing of access permissions.

Preventing data leakage:

Customers are responsible for implementing data loss prevention (DLP) strategies to protect sensitive information from unauthorized access, disclosure, or exfiltration. This involves configuring and monitoring DLP policies, encryption, and other security measures.

These responsibilities are critical for maintaining the security and integrity of data in the cloud, complementing the cloud provider's responsibilities for the infrastructure and services.

References:

Netskope Knowledge Portal: Cloud Security

Shared Responsibility Model

To verify the status of the Publishers in the European data center, the following methods can be used:

Use the Status field on the Publishers page:

Navigate to the Publishers page in the Netskope UI.

Check the Status field to see if any Publishers are disconnected or experiencing issues.

Use the Netskope Private Access Troubleshooter:

Access the Netskope Private Access Troubleshooter tool.

This tool provides detailed diagnostic information and helps identify connectivity issues with Publishers.

These methods provide direct insights into the health and connectivity status of the Publishers, helping to quickly identify and resolve any issues affecting user access.

References:

Netskope Knowledge Portal: Private Access

Netskope Private Access Troubleshooter

Deploying a Netskope Virtual Appliance (NPA) can serve multiple purposes within an organization's security infrastructure. Two key uses are:

To use as a log parser to discover in-use cloud applications:

The Netskope Virtual Appliance can be deployed to parse logs from various sources, including firewalls, proxies, and other network devices. By analyzing these logs, the appliance can discover and identify cloud applications that are being used within the network. This provides visibility into shadow IT and helps in managing and securing cloud application usage.

To use as an endpoint for Netskope Private Access (NPA):

The virtual appliance can act as an endpoint for Netskope Private Access, enabling secure access to private applications hosted in data centers or public clouds. It facilitates the establishment of secure, direct connections between users and the applications they need to access, without exposing the applications to the public internet.

References:

Netskope Knowledge Portal: Deploying Virtual Appliances

Netskope Private Access Overview

Netskope’s NewEdge Security Cloud Network Infrastructure is a global network that powers the Netskope Security Cloud, providing real-time inline and out-of-band API-driven services for cloud and web security. Three statements that are correct about Netskope’s NewEdge Security Cloud Network Infrastructure are:

It includes direct peering with Microsoft and Google in every data center. This means that Netskope has established high-speed, low-latency connections with these major cloud service providers, ensuring optimal performance and user experience for their customers. Direct peering also reduces the risk of network congestion, packet loss, or routing issues that may affect the quality of service.

It is a private security cloud network that is massively over provisioned, highly elastic, and built for scale. This means that Netskope owns and operates its own network infrastructure, without relying on third-party providers or public cloud platforms. Netskope has invested over $150 million to build the world’s largest and fastest security private cloud, with data centers in more than 65 regions and growing. Netskope can dynamically scale its network capacity and resources to meet the growing demand and traffic volume of its customers, without compromising on security or performance.

It delivers a single, unified network with no surcharges or reliance on public cloud infrastructure or virtual PoPs. This means that Netskope provides a consistent and transparent network service to its customers, regardless of their location or device. Netskope does not charge any additional fees or hidden costs for accessing its network services, unlike some other providers that may impose surcharges based on geography or bandwidth usage. Netskope also does not use virtual points of presence (PoPs) that are hosted on public cloud platforms, which may introduce latency, complexity, or security risks.

References: Netskope NewEdgeNetskope NewEdge Data SheetNetskope SASE

The exhibit shows that Group A is allowed only SSH traffic, while Group B is allowed both SSH and RDP traffic. Since users in Group A need access to a third-party server using TCP port 3389 (RDP), you need to create a specific policy to allow this traffic without granting unnecessary access.

Creating an Allow policy using a custom application that includes the destination IP and TCP port 3389 will precisely target the required traffic and ensure that only the necessary connections are permitted. This method avoids broader policy changes that could introduce unnecessary access.

References:

Netskope documentation on creating and managing Cloud Firewall policies.

Best practices for configuring application-specific policies to control network traffic effectively.

=================

A benefit that Netskope instance awareness provides is that it differentiates between an IT managed Google Drive instance versus a personal Google Drive instance. Instance awareness is a feature in the Netskope platform that allows you to define and identify different instances of the same cloud application based on the domain name or URL. For example, you can define an instance for your IT managed Google Drive instance (such as drive.google.com/a/yourcompany.com) and another instance for your personal Google Drive instance (such as drive.google.com). This way, you can differentiate between them and apply different policies and actions based on the instance. This can help you prevent data leakage, enforce compliance, or improve visibility for your cloud application activities. Preventing movement of corporate sensitive data to a personal Dropbox account, preventing the user from copying information from a corporate email and pasting it into a GitHub repository, or differentiating between an IT managed Google Drive instance versus an IT managed Box instance are not benefits that Netskope instance awareness provides, as they are either unrelated or irrelevant to the instance awareness feature. References: Netskope Security Cloud Operation & Administration (NSCO&A) - Classroom Course, Module 5: Real-Time Policies, Lesson 4: App Instances.

If you consume application infrastructure (middleware) capabilities by a third-party provider, then the cloud service model that you are using in this scenario is PaaS, which stands for Platform as a Service. PaaS is a cloud service model that provides customers with a platform to develop, run, and manage applications without having to deal with the underlying infrastructure or software. PaaS typically includes middleware capabilities such as databases, web servers, development tools, integration services, etc., that customers can use to build and deploy their applications faster and easier. MaaS, DaaS, and SaaS are not cloud service models that match this scenario, as they stand for different types of services. MaaS stands for Monitoring as a Service, which is a service that provides customers with tools to monitor and manage their cloud resources and performance. DaaS stands for Desktop as a Service, which is a service that provides customers with virtual desktops that they can access from any device or location. SaaS stands for Software as a Service, which is a service that provides customers with software applications that they can use over the internet without installing or maintaining them. References: [PaaS], [MaaS], [DaaS], [SaaS].

Netskope's Behavior Analytics rule-based policies are designed to monitor user behavior for patterns that may indicate risky or malicious activities, such as bulk deletions. These policies can identify anomalies in user behavior that deviate from the norm, flagging potential threats and taking appropriate actions to prevent data loss.

Netskope's Behavior Analytics rule-based policies: This feature analyzes user actions and behaviors to detect anomalies and potentially malicious activities. It helps in identifying and mitigating risks associated with compromised accounts, insider threats, and other suspicious activities.

References:

Netskope documentation on Behavior Analytics and its capabilities.

Security best practices for detecting and responding to insider threats and anomalous user behavior.

=================

In a CASB-only deployment of Netskope, there could be several reasons why Dropbox.com traffic is not visible in SkopeIT:

Certificate Pinning:

The Dropbox Web application might be using certificate pinning, which means it only accepts specific certificates for its connections. This can prevent the traffic from being steered to the Netskope tenant because the proxy's certificate might not match the pinned certificate​​​​.

Configuration of Dropbox Domains:

If the Dropbox domains are not properly configured to be steered to the Netskope tenant, then the traffic will bypass the Netskope inspection and will not be visible in SkopeIT. Ensuring that the domains are configured correctly is essential for the traffic to be captured and analyzed by Netskope​​​​.

References:

"Certificate pinning prevents the interception of traffic by requiring that the presented certificate matches a known good certificate. This can interfere with traffic steering in CASB deployments."​​​​.

"Proper configuration of application domains is necessary to ensure traffic is steered to the Netskope tenant for inspection and visibility."​​​​.

From the Netskope Console in the device detail view, select Collect Log:

Step 1: Access the Netskope Admin Console.

Step 2: Navigate to the specific device detail view.

Step 3: Locate and select the "Collect Log" option.

When comparing data in motion with data at rest, it is important to understand how each type of data is handled in terms of security and monitoring:

Data in motion refers to data actively moving from one location to another, such as through email, instant messaging, or any other form of communication over the internet. To secure and monitor data in motion, Netskope typically requires the deployment of the Netskope client on user devices. The client helps enforce security policies, monitor data transfers, and protect against data loss and other threats during the data's transit.

References:

Netskope Knowledge Portal: Data Protection

Netskope Client Overview

NewEdge is Netskope's security private cloud, offering high-performance, low-latency access to the internet and cloud services. For a customer concerned about performance, especially with respect to Microsoft 365, NewEdge provides significant benefits:

Direct Peering with Microsoft: NewEdge establishes direct peering connections with Microsoft in every data center. This ensures optimal routing and performance for Microsoft 365 services, which is crucial for customers with a global, mobile workforce​​​​.

Unified Global Network: NewEdge delivers a single, unified network with all security services available in all locations worldwide. This ensures consistent security policies and performance regardless of where users are located, providing seamless access and reducing latency​​​​.

To deploy Netskope’s zero trust network access (ZTNA) solution, NPA, you need to enable Steer all Private Apps in your existing steering configuration(s) from the admin console. This will allow you to create private app profiles and assign them to your applications. NPA will then provide secure and granular access to your applications without exposing them to the internet or requiring VPNs. References: [Netskope Private Access (NPA) Deployment Guide]

According to Netskope, two preferred methods to report a URL miscategorization are: use www.netskope.com/url-lookup and use the URL Lookup page in the dashboard. The first method allows you to visit www.netskope.com/url-lookup in your browser and enter any URL that you want to check or report for miscategorization. You will see the current category assigned by Netskope for that URL and you can submit a request to change it if you think it is incorrect. The second method allows you to use the URL Lookup page in the dashboard of your Netskope platform tenant and enter any URL that you want to check or report for miscategorization. You will see the current category assigned by Netskope for that URL and you can submit a request to change it if you think it is incorrect. Emailing support@netskope.com or tagging Netskope on Twitter are not preferred methods to report a URL miscategorization, as they are not designed for this purpose and may not be as efficient or effective as using the dedicated tools provided by Netskope. References: [Netskope URL Lookup],  Netskope Security Cloud Operation & Administration (NSCO&A) - Classroom Course, Module 8: Skope IT, Lesson 2: Page Events.

To create a service request ticket for a client-related issue using the Netskope client UI, you need to generate the client logs by right-clicking on the system tray icon and choosing Troubleshoot. This will open a window where you can select the option to Save Logs, which will create a zip file containing the client logs. You can then attach this file to your service request ticket and provide any relevant details about the issue. Choosing Save logs, Configuration, or Help will not generate the client logs, as they perform different functions, such as saving the current configuration, opening the settings menu, or opening the help page. References: [Netskope Client Troubleshooting].

To track the progress and device count of the latest Netskope Client deployment, you can use the following methods:

Use Netskope Digital Experience Management to monitor the status:

Netskope Digital Experience Management (DEM) provides visibility into the performance and status of applications and devices. You can use this tool to monitor the deployment status and ensure that the new client version is being deployed correctly across the organization.

Use the Devices page under Settings to view and filter the required data:

The Devices page in the Netskope console provides detailed information about all devices managed by Netskope. You can filter this data to view the specific deployment status of the latest Netskope Client version, helping you track the progress and identify any issues.

References:

Netskope Knowledge Portal: Digital Experience Management

Netskope Knowledge Portal: Devices Page

 AD Connector:

The AD Connector is used to integrate your Netskope tenant with Active Directory (AD) to provision and synchronize user accounts.

It ensures that user information in Netskope is always up-to-date by periodically synchronizing with AD.

To set up the AD Connector:

Navigate to Settings > Tools > Directory Importer.

Configure the AD Connector with your AD details.

Set the synchronization schedule.

This method is commonly used in enterprise environments where AD is the primary user directory.

 SCIM (System for Cross-domain Identity Management):

SCIM is an open standard for automating the exchange of user identity information between identity domains or IT systems.

Netskope supports SCIM for provisioning users from identity providers like Okta, Azure AD, and others.

To configure SCIM:

Go to Settings > Tools > SCIM.

Follow the instructions to set up SCIM with your identity provider.

SCIM is beneficial for environments using modern identity management solutions.

 References:

For detailed configuration steps and additional information, refer to the Netskope documentation on provisioning users using the AD Connector and SCIM​​​​.

To block all FTP connections regardless of the ports being used, the following steps should be taken using Netskope's Cloud Firewall:

Real-time Protection Policy:

Create a Real-time Protection policy where FTP is defined as the destination application.

Set the action to "Block" to ensure that any FTP traffic is blocked regardless of the port being used​​​​.

Custom Firewall App Definition:

Create a custom Firewall App Definition specifically for TCP port 21.

Define the action as "Block" to ensure any traffic directed to this port is blocked, preventing FTP access​​​​.

These configurations ensure that FTP traffic is effectively blocked, securing the network from potential threats and unauthorized data transfers via FTP​​​​.

 NewEdge Traffic Management:

NewEdge is Netskope's high-performance global network designed to deliver fast and secure access to the internet and cloud applications.

NewEdge Traffic Management ensures efficient routing and traffic steering for optimal performance and security.

 Client Integration:

The Netskope Client uses NewEdge Traffic Management to steer traffic securely to the Netskope cloud.

It ensures that user traffic is routed through the best possible path for performance and security.

The Client component is responsible for redirecting user traffic to the NewEdge network, applying security policies, and ensuring secure access.

 References:

For detailed information on NewEdge Traffic Management and how the Netskope Client utilizes it, refer to the Netskope documentation on traffic management and client configuration​​​​.

Netskope’s DLP solution is a powerful tool that can help customers protect their sensitive data from unauthorized access, exposure, or loss. One use case for Netskope’s DLP solution is to stop unintentional data movement, such as accidental uploads, downloads, or sharing of confidential files or information to or from cloud applications. Another use case for Netskope’s DLP solution is to ensure regulatory compliance, such as GDPR, HIPAA, PCI-DSS, or other industry-specific standards that require data protection and privacy measures. Netskope’s DLP solution can help customers comply with these regulations by detecting and preventing data breaches, enforcing encryption policies, applying data retention rules, and generating audit reports. Detecting malware in files before they are uploaded to a cloud application or detecting sensitive data in password protected files are not use cases for Netskope’s DLP solution, as they are more related to threat protection or file inspection capabilities. References: Netskope Security Cloud Operation & Administration (NSCO&A) - Classroom Course, Module 6: Data Loss Prevention, Lesson 1: DLP Overview.

To allow access to an application using Netskope Private Access (NPA) with Private Apps steering already enabled for all users, follow these steps:

Create a Private App:

Go to the Netskope admin console.

Navigate to the Private Access section.

Create a new Private App by specifying the necessary details such as app name, IP address, ports, and protocols. This step is essential for defining the private application that users will access through NPA.

Create a Real-time Protection "Allow" Policy:

Navigate to the Policies section in the Netskope admin console.

Create a new Real-time Protection policy.

Set the policy action to "Allow".

Define the criteria for the policy to match the traffic directed to the newly created Private App.

Apply the policy to the relevant users or groups to ensure that access to the Private App is allowed.

Ensure Other Required Settings:

Ensure that SSO (Single Sign-On) is properly configured if it is needed for user authentication.

Verify that Private App steering is enabled for all users, which might already be the case as per the scenario.

References:

Netskope API Documentation: Configuring Private Apps and Real-time Protection Policies​​​​​​​​.

By following these steps, you ensure that the private app is properly defined and that users are allowed to access it through the appropriate Real-time Protection policies. This approach leverages Netskope's capabilities to manage and secure access to private applications seamlessly.

 To provide a quick view under the Skope IT Applications page showing only risky shadow IT cloud applications being used, you can use two filter combinations: Sanctioned = No and CCL = Medium, Low, Poor. The Sanctioned filter allows you to select whether you want to see only sanctioned or unsanctioned apps in your organization. Sanctioned apps are those that are approved and managed by your IT department, while unsanctioned apps are those that are used without authorization or oversight by your employees. Shadow IT refers to the use of unsanctioned apps that may pose security or compliance risks for your organization. The CCL filter allows you to select the Cloud Confidence Level (CCL) ratings of the apps you want to see. The CCL rating is a measure of how enterprise-ready a cloud app is based on various criteria such as security, auditability, business continuity, etc. The CCL rating ranges from Excellent to Poor, with Excellent being the most secure and compliant and Poor being the least. Risky cloud apps are those that have a low CCL rating, such as Medium, Low, or Poor. By applying these two filters, you can narrow down the list of apps to only those that are unsanctioned and have a low CCL rating, which indicates that they are risky shadow IT cloud applications being used in your organization. References: SkopeIT ApplicationsNetskope Cloud Confidence Index

To determine which data plane a user is traversing, an administrator can use the following methods:

Settings -> Security Cloud Platform -> Client Configuration: This section provides details about the client configurations and the data planes assigned to different users or groups. By reviewing the client configuration, administrators can determine the data plane a user is connected to.

SkopeIT -> Alerts -> View Details: In the SkopeIT alerts, administrators can view detailed information about user activities, including the data plane through which the user traffic is being routed. This provides real-time insights into the user's path through the Netskope infrastructure.

References:

Netskope documentation on configuring and managing the Security Cloud Platform and client configurations.

Guides on using SkopeIT to monitor user activities and view detailed alert information.

To prevent Man-in-the-Middle (MITM) attacks on an encrypted website or application, one method that you can use is certificate pinning. Certificate pinning is a technique that restricts which certificates are considered valid for a particular website or application, limiting risk. Instead of allowing any trusted certificate to be used, operators "pin" the certificate authority (CA) issuer(s), public keys or even end-entity certificates of their choice. Certificate pinning helps to prevent MITM attacks by validating the server certificates against a hardcoded list of certificates in the website or application. If an attacker tries to intercept or modify the traffic using a fraudulent or compromised certificate, it will be rejected by the website or application as invalid, even if it is signed by a trusted CA. References: Certificate pinning - IBMCertificate and Public Key Pinning | OWASP Foundation

Netskope’s NewEdge Security Cloud Network Infrastructure is designed to provide high performance, security, and scalability for cloud traffic. The following statements are correct about this infrastructure:

It includes direct peering with Microsoft and Google in every data center:

Netskope has established direct peering relationships with major cloud service providers like Microsoft and Google. This direct peering ensures optimized and low-latency connections to these services, improving performance for end-users.

It is a private security cloud network that is over-provisioned, elastic, and built for scale:

The NewEdge network is a private security cloud network that is designed to be highly scalable and elastic. It is over-provisioned to handle large volumes of traffic and can scale up as needed to meet demand. This ensures high availability and performance for users accessing cloud services.

References:

Netskope NewEdge Overview

Netskope Knowledge Portal: NewEdge Network

The three components that make up the Borderless SD-WAN solution are:

Endpoint SD-WAN Client: This client is installed on endpoints (such as laptops and mobile devices) to ensure secure and optimized connectivity to the corporate network, even when users are remote. The Endpoint SD-WAN Client is a critical part of extending SD-WAN capabilities to individual users and devices, providing seamless connectivity and security.

SASE Orchestrator: The Secure Access Service Edge (SASE) Orchestrator is responsible for managing and orchestrating the various components of the SD-WAN solution. It ensures that policies are enforced consistently across the network, manages the deployment of network functions, and provides centralized control and visibility.

SASE Gateway: The SASE Gateway provides secure, optimized access to cloud applications and services. It combines SD-WAN capabilities with advanced security functions, such as firewalling, intrusion prevention, and secure web gateways, to protect data and users as they access resources from different locations.

These components work together to provide a comprehensive SD-WAN solution that addresses the needs of modern, distributed workforces by combining networking and security functions in a unified architecture.

References:

Netskope REST API v2 Overview​​.

Using the REST API v2 dataexport Iterator Endpoints​​.

Using the REST API v2 UCI Impact Endpoints​​.

Netskope SDK on PyPI​​.

Postman Collection for Netskope REST API​​.

To protect your users from malicious scripts that may be downloaded from websites, you need to use technologies that can detect and prevent malware, ransomware, phishing, and other advanced threats in web traffic. Two technologies that form a part of Netskope’s Threat Protection module, which is a feature in the Netskope platform that provides these capabilities, are sandbox and heuristics. Sandbox is a technology that allows Netskope to analyze suspicious files or URLs in a virtual environment isolated from the rest of the network. It simulates the execution of the files or URLs and observes their behavior and impact on the system. It then generates a verdict based on the analysis and blocks any malicious files or URLs from reaching your users or devices. Heuristics is a technology that allows Netskope to identify unknown or emerging threats based on their characteristics or patterns, rather than relying on predefined signatures or rules. It uses machine learning and artificial intelligence to analyze various attributes of files or URLs, such as file type, size, entropy, metadata, code structure, etc., and assigns a risk score based on the analysis. It then blocks any files or URLs that exceed a certain risk threshold from reaching your users or devices. A log parser or DLP are not technologies that form a part of Netskope’s Threat Protection module, as they are more related to discovering cloud applications or protecting sensitive data. References: [Netskope Threat Protection], Netskope Security Cloud Operation & Administration (NSCO&A) - Classroom Course, Module 9: Threat Protection.

The three technologies that describe the primary cloud service models as defined by the National Institute of Standards and Technology (NIST) are Platform as a Service (PaaS), Software as a Service (SaaS), and Infrastructure as a Service (IaaS). These service models are based on the type of computing capability that is provided by the cloud provider to the cloud consumer over a network. According to NIST, these service models have the following definitions:

Platform as a Service (PaaS): The capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages, libraries, services, and tools supported by the provider. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, or storage, but has control over the deployed applications and possibly configuration settings for the application-hosting environment.

Software as a Service (SaaS): The capability provided to the consumer is to use the provider’s applications running on a cloud infrastructure. The applications are accessible from various client devices through either a thin client interface, such as a web browser (e.g., web-based email), or a program interface. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings.

Infrastructure as a Service (IaaS): The capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, and deployed applications; and possibly limited control of select networking components (e.g., host firewalls).

References: The NIST Definition of Cloud ComputingNIST Cloud Computing Program

Add the specific IP addresses on the IP Allow List (A):To restrict access to the Netskope Admin UI to specific IP addresses, administrators need to add these IP addresses to the IP Allow List. This ensures that only connections from these specified IP addresses are allowed access to the Admin UI. This configuration is crucial for enhancing security by limiting access to trusted IP addresses only.

Enable and set the User Notification Template to display the custom message (D):To display a custom message to admin users after they have authenticated, administrators need to enable and configure the User Notification Template. This template allows the customization of messages that are shown to users, including after login. This feature is useful for displaying privacy notices, welcome messages, or other important information to users upon successful authentication.

These steps are verified based on the configuration options available within the Netskope Admin UI settings. For more detailed steps and configuration, you can refer to the respective sections in the Netskope documentation.

In this scenario, there are two methods to obtain a detailed list of all events from the last 24 hours for a specific user. One method is to export the data from Skope IT Application Events, which is a feature in the Netskope platform that allows you to view and analyze all the activities performed by users on cloud applications. You can use filters to narrow down your search by user name, time range, application, activity, and other criteria. You can then export the data to a CSV or JSON file for further analysis or reporting. Another method is to use the Netskope REST API, which is a programmatic interface that allows you to access and manipulate data from the Netskope platform using HTTP requests. You can use the API to query for events by user name, time range, application, activity, and other parameters. You can then retrieve the data in JSON format for further analysis or integration with other tools. Using the Netskope reporting engine or exporting the data from Skope IT Alerts are not methods to obtain a detailed list of all events from the last 24 hours for a specific user, as they are more suited for generating summary reports or alerts based on predefined criteria or thresholds, rather than granular event data. References: [Netskope Skope IT Application Events], [Netskope REST API].

When comparing data in motion with data at rest, the following statements are correct:

Data in motion requires the Netskope client: To inspect and enforce policies on data as it is being transmitted across the network (data in motion), the Netskope client is required. The client steers the traffic through the Netskope cloud where it is analyzed and policies are applied in real-time.

Data at rest requires API integration: To scan and enforce policies on data stored in cloud applications (data at rest), API integration is required. This allows Netskope to directly interact with cloud services and perform actions such as scanning for malware, applying DLP policies, and ensuring compliance.

References:

Netskope documentation on data protection strategies, including data in motion and data at rest.

Best practices for implementing API integrations for data at rest and using the Netskope client for data in motion.