Skip to main content

Netskope

Netskope is a cloud security platform that provides comprehensive security solutions for cloud applications, data, and users. The Netskope connector enables you to access Netskope API endpoints to retrieve security alerts, threat intelligence, and security insights. This connector is particularly useful for applications that need to extract security alerts, analyze threat data, integrate security information with SIEM systems, or build security analytics and reporting solutions.

Netskope icon

Power end-to-end data operations for your Netskope API with Nexla. Our bi-directional Netskope connector is purpose-built for Netskope, making it simple to ingest data, sync it across systems, and deliver it anywhere — all with no coding required. Nexla turns API-sourced data into ready-to-use, reusable data products and makes it easy to send data to Netskope or any other destination. With comprehensive monitoring, lineage tracking, and access controls, Nexla keeps your Netskope workflows fast, secure, and fully governed.

Features

Type: API

SourceDestination

  • Seamless API Integration: Connect to any endpoint as source or destination without coding, with automatic data product creation
  • Visual Composition & Chaining: Build complex integrations using visual templates, chain API calls, and compose workflows with data validation and filtering
  • API Proxy: Expose curated slices of your data securely with a secure and customizable API proxy that validates and transforms data on the fly
  • Request optimization with intelligent batching, retry, and caching to minimize API calls and costs

Prerequisites

Before creating a Netskope credential, you'll need to obtain an API key and Tenant ID from your Netskope account. Netskope provides API keys for programmatic access to their security platform through the Netskope admin console.

To obtain Netskope API credentials:

  1. Log in to your Netskope admin console at https://{tenant}.goskope.com or your organization's Netskope instance, where {tenant} is your tenant identifier.

  2. Navigate to Settings > Tools > REST API v2 or API section in the admin console.

  3. In the REST API v2 section, locate the API key management area. Netskope uses API keys for authentication to the REST API.

  4. If you don't have an existing API key, click Generate API Key or Create API Key to create a new API key for your application. You may need to provide a name or description for the API key.

  5. Copy the API Key Value immediately after generation, as it may only be displayed once for security purposes. Store it securely, as you'll need it to authenticate API requests.

  6. Note your Tenant ID. This is typically your tenant identifier that appears in your Netskope URL (e.g., if your URL is https://example.goskope.com, your tenant ID is example).

Netskope API keys are used in the Authorization header for all API requests. The API key is sensitive information and should be kept secure. If you've lost your API key, you'll need to generate a new one in your Netskope admin console. The Tenant ID is required to construct the correct API endpoint URLs.

For detailed information about Netskope API authentication and API key management, refer to the Netskope REST API v2 Documentation.

Authenticate

Credentials required

An authentication method that requires sending a unique secret token with each API request on Netskope

FieldRequiredSecretDescription
API Key ValueYesYesAn encoded string value used as a secret token to authenticate API requests on Netskope
Tenant IDYesNoYour Tenant ID to authenticate API requests on Netskope

Create a credential in Nexla

  1. After selecting the data source/destination type, click the Add Credential tile to open the Add New Credential overlay.

New Credential Overlay – Netskope

NetskopeCred.png
  1. Enter a name for the credential in the Credential Name field and a short, meaningful description in the Credential Description field.

  2. In the API Key Value field, enter the API key that you obtained from your Netskope admin console. This is the secret API key used to authenticate requests to the Netskope API.

  3. In the Tenant ID field, enter your Netskope tenant identifier. This is the tenant ID that appears in your Netskope URL (e.g., if your URL is https://example.goskope.com, enter example). The tenant ID is used to construct the correct API endpoint URLs.

    The API key is sensitive information and should be kept secure. If you've lost your API key, you'll need to generate a new one in your Netskope admin console. API keys are used in the Authorization header for all API requests.

  4. Click the Save button at the bottom of the overlay. The newly added credential will now appear in a tile on the Authenticate screen during data source/destination creation.

Use as a data source

To create a new data flow, navigate to the Integrate section, and click the New Data Flow button. Select the Netskope connector tile, then select the credential that will be used to connect to the Netskope API, and click Next; or, create a new Netskope credential for use in this flow.

Endpoint templates

Nexla provides pre-built templates that can be used to rapidly configure data sources to ingest data from common Netskope API endpoints. Each template is designed specifically for the corresponding Netskope API endpoint, making data source setup easy and efficient. Select the endpoint from which this source will fetch data from the Endpoint pulldown menu. Available endpoint templates are listed in the expandable boxes below. Click on an endpoint to see more information about it and how to configure your data source for this endpoint.

Netskope Alert : Anomaly

This endpoint retrieves anomaly alerts from your Netskope security platform. Use this endpoint when you need to extract anomaly detection alerts, analyze unusual user behavior, or integrate anomaly alerts with SIEM systems.

  • Optionally, enter the start time for alert retrieval in epoch timestamp format in the Epoch Previous field. This specifies the beginning of the time range for alert retrieval.
  • Optionally, enter the end time for alert retrieval in epoch timestamp format in the Epoch field. This specifies the end of the time range for alert retrieval.
  • Optionally, enter the maximum number of alerts to return per page in the Limit field. The default value is typically 1000. You can adjust this value based on your needs and API rate limits.

This endpoint uses GET requests with pagination through offset-based pagination. The endpoint automatically fetches additional pages using incrementing offset values, ensuring all anomaly alerts within the specified time range are retrieved. For more information about the Netskope Alert : Anomaly endpoint, refer to the Netskope API Documentation.

Netskope Alerts | Filtered Salesforce

This endpoint retrieves Salesforce alerts filtered for DLP (Data Loss Prevention) events from your Netskope security platform. Use this endpoint when you need to extract Salesforce-specific security alerts, monitor data loss prevention events, or analyze Salesforce application usage.

  • Optionally, enter the start time for alert retrieval in epoch timestamp format in the Epoch Previous field. This specifies the beginning of the time range for alert retrieval.
  • Optionally, enter the end time for alert retrieval in epoch timestamp format in the Epoch field. This specifies the end of the time range for alert retrieval.
  • Optionally, enter the maximum number of alerts to return per page in the Limit field. The default value is typically 1000. You can adjust this value based on your needs and API rate limits.

This endpoint retrieves DLP alerts specifically for Salesforce applications. The endpoint uses GET requests with pagination through offset-based pagination. For more information about the Netskope Alerts | Filtered Salesforce endpoint, refer to the Netskope API Documentation.

Netskope Alert : Legal Hold

This endpoint retrieves legal hold alerts from your Netskope security platform. Use this endpoint when you need to extract legal hold alerts, monitor compliance events, or integrate legal hold data with compliance systems.

  • Optionally, enter the start time for alert retrieval in epoch timestamp format in the Epoch Previous field. This specifies the beginning of the time range for alert retrieval.
  • Optionally, enter the end time for alert retrieval in epoch timestamp format in the Epoch field. This specifies the end of the time range for alert retrieval.
  • Optionally, enter the maximum number of alerts to return per page in the Limit field. The default value is typically 1000. You can adjust this value based on your needs and API rate limits.

This endpoint uses GET requests with pagination through offset-based pagination. The endpoint automatically fetches additional pages using incrementing offset values, ensuring all legal hold alerts within the specified time range are retrieved. For more information about the Netskope Alert : Legal Hold endpoint, refer to the Netskope API Documentation.

Once the selected endpoint template has been configured, click the Test button to the right of the endpoint selection menu to retrieve a sample of the data that will be fetched. Sample data will be displayed in the Endpoint Test Result panel on the right, allowing you to verify that the source is configured correctly before saving.

Manual configuration

Netskope data sources can also be manually configured to ingest data from any valid Netskope API endpoint, including endpoints not covered by the pre-built templates, chained API calls, or custom request parameters. Select the Advanced tab at the top of the configuration screen, and follow the instructions in Connect to Any API to configure the API method, endpoint URL, date/time and lookup macros, path to data, metadata, and request headers.

Netskope API endpoints typically follow the pattern https://{tenant}.goskope.com/api/v1/{resource}, where {tenant} is your tenant ID configured in the credential. For the Path to Data field, common paths include $ for the entire response or $.data[*] for arrays nested under a data property. The Authorization header with your API key is automatically included from your credential; you may also want to include Accept:application/json,Content-Type:application/json as additional request headers.

Once all of the relevant settings have been configured, click the Create button in the upper right corner of the screen to save and create the new Netskope data source. Nexla will now begin ingesting data from the configured endpoint and will organize any data that it finds into one or more Nexsets.

Use as a destination

Click the + icon on the Nexset that will be sent to the Netskope destination, and select the Send to Destination option from the menu. Select the Netskope connector from the list of available destination connectors, then select the credential that will be used to connect to the Netskope instance, and click Next; or, create a new Netskope credential for use in this flow.

Manual configuration

Netskope destinations can be manually configured to send data to any valid Netskope API endpoint. Manual configuration provides maximum flexibility for accessing endpoints or when you need custom API configurations, including destinations that send data to multiple endpoints or that require custom authentication headers or request parameters. Select the Advanced tab at the top of the configuration screen, and follow the instructions in Connect to Any API to configure the API method, data format, endpoint URL, request headers, and response webhooks.

Netskope API endpoints typically follow the pattern https://{tenant}.goskope.com/api/v1/{resource}, where {tenant} is your tenant ID configured in the credential. The most common methods are POST for creating or sending data and PUT for updating existing data. The Authorization header with your API key is automatically included from your credential, and Content-Type is typically set to application/json for ingestion endpoints. For most Netskope ingestion endpoints, the default Request Body Template of {message.json} sends the entire record as JSON; customize it with dot notation (e.g., {message.field_name}) if the API requires a specific structure.

Save & activate

Once all endpoint settings have been configured, click the Done button in the upper right corner of the screen to save and create the destination. To send the data to the configured Netskope endpoint, open the destination resource menu, and select Activate.

The Nexset data will not be sent to the Netskope endpoint until the destination is activated. Destinations can be activated immediately or at a later time, providing full control over data movement.