Netskope
Important
Some information in this article relates to a prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Netskope One is a cloud-native platform that offers converged security and networking services to enable your Secure Access Services Edge (SASE) and Zero Trust transformation. In addition to using the built-in Netskope plugin with Microsoft Copilot for Security, you can incorporate other Netskope custom plugins. This article describes how to set up and use the built-in plugin for Copilot for Security.
Set up the Netskope Reporting plugin
Integration with Copilot for Security requires an API token.
Get your Netskope API token. If you don't have one, follow the steps in Netskope's REST API v2 Overview.
Sign in to Microsoft Copilot for Security.
Access Manage Plugins by selecting the Plugin button from the prompt bar.
Next to Netskope Reporting for Threat and Data Protection, select Set up.
In the Value field, paste Netskope API token.
Select Save.
Use the Netskope Reporting plugin
After the Netskope Reporting plugin is set up, you can use the following six skills with Copilot for Security:
Get_audit_eventsGet_data_alertGet_data_applicationGet_data_infrastructureGet_data_networkGet_data_page
The following table provides examples of prompts to try:
| Scenario | Example prompt |
|---|---|
| Retrieve a list of application events for a specific time frame and domain | show me Netskope application events from 3/11/24 3:20:37 PM to 5:20:37 PM with Microsoft in the domain |
| Retrieve a list of security assessment alerts for a specific app | show me Netskope security assessment alerts from 3/12/7:00 PM GMT with the app Foo |
| Retrieve a list of page events for a specific user | show me Netskope page events for the last 15 minutes from user <IP> |
| Retrieve a list of page events for a specific user, domain, and traffic type | show me Netskope page events that occurred in the last 15 minutes from user <IP address> to domain <domain> that is user generated with the traffic type being web |
| Retrieve a list of alerts for the last 90 minutes that aren't yet acknowledged | show me Netskope alerts for the last 90 minutes and only show alerts that are not acked |
Troubleshoot the Netskope plugin
Errors occur
If you encounter errors, such as Couldn't complete your request, or An unknown error occurred | Make sure the plugin is turned on. If the issue persists, sign out of Copilot for Security, and then sign back in.
Prompts aren't invoking the correct skills
If prompts aren't invoking the correct skills, or prompts are invoking some other skill set, you might have custom plugins or other plugins that have similar functionality as the skill set you want to use. To prioritize and target Netskope, try disabling other custom plugins.