Data Loss Prevention Incident Response Integration with Netskope

  • Release version: Xanadu
  • Updated August 1, 2024
  • 1 minute to read

    • The Netskope DLP integration supports the ingestion of Data Loss Prevention incidents created on the Netskope Data Loss Prevention deployment. Netskope DLP helps companies to track the usage and movement of sensitive data on various platforms.

    After ingestion, you can use the incident management functionalities to remediate the DLP incidents.

    Key features

    This integration includes the following key features:
    • Multiple profile creation for different Netskope tenants.
    • Automating the creation of ServiceNow DLP incidents from Netskope DLP incidents.
    • Filtering of Netskope DLP incidents.
    • Scheduled ingestion of Netskope DLP incidents that create DLP incidents in ServiceNow.
    • Automatically update object status on Netskope when the DLP state changes in your ServiceNow instance.
    • View the forensic details (violating content) of the DLP Incident on DLP IR Analyst workspace and DLP End user workspace.
      Note:
      The violating content doesn’t persist in ServiceNow. The content is pulled when the incident is in opened in the workspace.
    • Downloading evidence file directly from Netskope on demand.
      Note:
      The evidence file doesn’t persist in ServiceNow. The evidence file is pulled when the analyst click on the Download File in the workspace.
    • Notification via email to DLP Admin users on Netskope token expiration.
    • Notification via email is sent to DLP Admin users if it exceeds the defined retry limit for incident API call failures.
    • Netskope also supports integration run process. For more information, see Monitor DLP Integration Run process.