How It Works
Revelstoke ingests alerts if suspicious activity is detected. A new alert in Netskope Direct will trigger the creation of an alert in Revelstoke. Revelstoke allows management of the Netskope Direct alert workflow.
The Netskope Direct integration requires a goskope admin role in order to authorize the account. If you are not an admin, please reach out to an admin or account owner within your organization to configure the integration for you
If you need any help getting the Netskope Direct integration up and running, please do not hesitate to reach out to us via email at [email protected]
In Netskope Direct
Revelstoke integrates with Netskope Direct as a Custom API. To connect, you must generate a version one API key and a version two API key.
- Navigate to Netskope UI
- Settings > Tools > Rest API v1
- Generate new v1 token
- Settings > Tools > Rest API v2
- New Token
- Set the custom name
- You must select the following endpoints, otherwise you will not be able to execute all Revelstoke Commands: ‘api/v2/policy/urllist’
1. In your Revelstoke instance, navigate to the integrations page
2. Select Add Integration Instance
3. Select the Netskope Direct Integration
4. Enter the following required fields:
- v1 API Token
- v2 API Token
- API Base URL
5. Enter the following optional fields if desired:
- Default alert category
- Execute on a schedule (checking this box enables automatic alert ingestion)
6. Click Save
How to Disable
To stop Revelstoke from ingesting alerts from Netskope Direct, you will need to disable the Netskope Direct integration in Revelstoke.
- Select the Revelstoke instance that is configured to ingest Netskope Direct alerts.
- Navigate to the Integrations page.
- Under the Netskope Direct section click the Pencil icon.
- Uncheck Enabled and then Save to stop creating alerts.
How to Remove
- In your Revelstoke account, navigate to the Integrations page.
- Select the Trash icon.
- Select Yes, delete to remove Netskope Direct instance from Revelstoke.