Leverage IP and CIDR IOBs with SecLytics Cloud Threat Exchange Plugin

The Netskope Security team is happy to announce the official release of our newest Cloud Threat Exchange plugin built in-house, which now allows users to pull threat data discovered by SecLytics.

This integration leverages the SecLytics Bulk API to allow users to pull identified URL, IP, and CIDR block indicators of behavior (IoBs) into Cloud Exchange. All three of these data types can be forwarded into a Netskope URL list using the Netskope CTE plugin, allowing you to automatically apply policies to your updated threat intelligence. You can check out how to perform this action by watching this walkthrough video.

For forward-thinking security teams, IoBs are crucial to identifying suspicious behavior before malicious actions occur. When you can detect activity from an adversary early, you give yourself more chances to investigate and stop the activity before it can do any damage to your organization. These indicators also include several details to provide more context on the threat, such as severity rating and whether an indicator has previously been associated with malicious behavior, spam, or scanners.

This plugin allows you to pull indicators from the default BulkAPI file for your chosen threat type(s), or you can configure CTE to pull indicators from your own custom BulkAPI endpoint. We understand that organizations have different needs when it comes to their threat data, so we wanted to offer the flexibility to submit your own list of IoBs.

This plugin was developed by the Netskope Global Information Security (GIS) team as part of our “Netskope on Netskope” initiative. We want to continue showing that Netskope Cloud Exchange plugins are not something that only a single team is allowed to build. The code for Netskope Cloud Exchange and all of its plugins is completely open source, so anyone in the Netskope community can develop, test, and use their own custom plugins, as well as collaborate with our Business Development team to publish their own plugins for the rest of the Netskope community.

We plan to continue this plugin’s development through updates that will introduce various enhancements, including support for MD5 and SHA256 File Hash IoBs. If you want to continue the conversation on these and other efforts our security team is engaged in, be sure to check out the Inside Netskope Security section of the Netskope community.