Schedule the Netskope DLP incidents retrieval

  • Release version: Xanadu
  • Updated August 1, 2024
  • 1 minute to read

    • Set a schedule to retrieve Netskope DLP incidents that match the criteria in the profile.

    Before you begin

    Role required: sn_dlir.admin

    About this task

    You can plan how often you will poll for net new Netskope incidents that match the incident profile configuration. To enable automated incident ingestion, you must configure the scheduling and incident retrieval before you activate the profile. The profile can be configured to do one-time retrieval using the One-Time Retrieval check box. The historical date can be up to one month from the past.

    Procedure

    1. Configure the schedule to define how and when you pull incidents from Netskope.
    2. On the form, fill in the fields.
      Table 1. Schedule the Netskope DLP incidents
      Field Description
      Ongoing Incident Ingestion Ongoing incident ingestion that your ServiceNow AI Platform instance pulls from  Netskope for new incidents. If there are triggered incidents found, which match with the incident filtering criteria, then DLP incidents are created.
      Polling increment (minutes) Polling frequency that is defined in minutes. This default value is set to 5.
      Set Initial Incident Ingestion Time

      Option to set initial incident ingestion based on the configured date and time.

      You can use this option to define a specific date and time for the initial ingestion. Subsequent ingestions are based on the polling interval period.
      Input Initial Incident Ingestion Time Date and time that you specify for the incident ingestion.
      Initial Incident Ingestion Time The first time when data is ingested.
      Note:
      The value is visible only if the Set Initial Incident Ingestion Time option is selected.
      Next Incident Ingestion Time (estimated) The next estimated incident ingestion time.
      One-Time Retrieval Option to enable one-time historical data pull.
      Note:
      If selected, then historical data will be pulled from Netskope DLP according to the date added in Since Date.
      Since Date Date from when data is fetched from Netskope.
      Note:
      At most the last 30 days of data can be fetched from Netskope.
    3. Click Finish.
    4. On the pop-up, save the created profile configuration by clicking Finish.
    5. Activate the profile.
      1. Open the created profile.
      2. Set Active to true.
      3. Click Update.

    Result

    After the successful creation activation of the profile, incidents will be fetched periodically as per the configuration set in the profile. The incidents will be added into the DLP incidents table.