Back to Resources
Integration Notes

Revelstoke + Netskope Direct Integration

January 5, 2023

How It Works

Revelstoke ingests alerts if suspicious activity is detected. A new alert in Netskope Direct will trigger the creation of an alert in Revelstoke. Revelstoke allows management of the Netskope Direct alert workflow.

Requirements

The Netskope Direct integration requires a goskope admin role in order to authorize the account. If you are not an admin, please reach out to an admin or account owner within your organization to configure the integration for you

Support

If you need any help getting the Netskope Direct integration up and running, please do not hesitate to reach out to us via email at info@revelstoke.io

Integration Walkthrough

In Netskope Direct

Revelstoke integrates with Netskope Direct as a Custom API. To connect, you must generate a version one API key and a version two API key.

  1. Navigate to Netskope UI
  2. Settings > Tools > Rest API v1
  3. Generate new v1 token
  4. Settings > Tools > Rest API v2
  5. New Token
  6. Set the custom name
  7. You must select the following endpoints, otherwise you will not be able to execute all Revelstoke Commands: ‘api/v2/policy/urllist’

In Revelstoke

1. In your Revelstoke instance, navigate to the integrations page

2. Select Add Integration Instance

3. Select the Netskope Direct Integration

4. Enter the following required fields:

  • Name
  • v1 API Token
  • v2 API Token
  • API Base URL
  • Limit

5. Enter the following optional fields if desired:

  • Default alert category
  • Execute on a schedule (checking this box enables automatic alert ingestion)

6. Click Save

How to Disable

To stop Revelstoke from ingesting alerts from Netskope Direct, you will need to disable the Netskope Direct integration in Revelstoke.

  1. Select the Revelstoke instance that is configured to ingest Netskope Direct alerts.
  2. Navigate to the Integrations page.
  3. Under the Netskope Direct section click the Pencil icon.
  4. Uncheck Enabled and then Save to stop creating alerts.

How to Remove

  1. In your Revelstoke account, navigate to the Integrations page.
  2. Select the Trash icon.
  3. Select Yes, delete to remove Netskope Direct instance from Revelstoke.
Back to Resources

+1.408.459.4454

Revelstoke radically simplifies security orchestration, automation and response (SOAR), so security teams can work faster, smarter and more effectively. With a low-code, drag-and-drop interface, dozens of built-in integrations, incredible visibility into performance metrics, and robust reporting capabilities, Revelstoke empowers analysts to stop threats fast, and gives security leaders a clear picture on the business impact of security operations.

Contact Us

©2023 Revelstoke All Rights Reserved

©2023 Revelstoke All Rights Reserved

Site Map