Download PDF

View Table of Contents

Product Requirements

Reveal(x) 360 only

Thank you! We will contact you soon to ask how we can improve our documentation. We appreciate your feedback.

Was this topic helpful?

Yes No

Thank you for your feedback. Can we contact you to ask follow up questions?

How can we improve?

Need more help?

Ask the Community

Integrate Reveal(x) 360 with Netskope

This integration enables you to configure ExtraHop sensors to ingest packets from your Netskope solution to detect threats, discover and monitor devices, and gain insight into traffic.

Note:

See the blog post "Zero Trust Integration from ExtraHop and Netskope" to learn more about how this integration works.

Enable Netskope packet ingest

You can enable Netskope packet ingest on one or more sensors on the ExtraHop system.

Note:

We recommend that you enable this integration on sensors deployed in the same cloud storage type that you configure for Netskope Cloud TAP, which receives packets in Microsoft Azure, Google Cloud Platform (GPS), or Amazon Web Services (AWS).

Before you begin

You must configure Cloud TAP in your Netskope environment.
Your user account must have System and Access Administration privileges.
For each ExtraHop sensor that will ingest Netskope packets:
- Your ExtraHop sensor must be running firmware version 9.4 or later.
- Your ExtraHop sensor must be dedicated to ingesting Netskope packets.
- You must configure at least one interface on your ExtraHop sensor that specifies a mode that includes GENEVE encapsulation.
- You cannot configure any interfaces on your ExtraHop sensor for Monitoring mode.

Log in to the Administration settings on the ExtraHop system through https://<extrahop-hostname-or-IP-address>/admin.
From the Network Settings section, click Connectivity.
From the Netskope Settings section, select Enable Netskope packet ingest.
Click Save, and then return to the main page.
From the Appliance Settings section, click Services.
Select TLS Session Key Receiver.
Click Save, and then return to the main page.
From the System Configuration section, click Capture.
Select Enable SSL Session Key Storage.
Click Save, and then return to the main page.
From the Appliance Settings section, click Running Config.

Click Edit Config, and then specify the following entries under netskope_decap:

"ssl_sharing_secret_timeout_msec": 300000,
"ssl_test_agents_connected": true,
"ssl_secret_map_size": 131072,
"ssl_secret_map_max_secrets": 1048576,
"ssl_secret_max_per_bucket": 32,

Click Update.

Next steps

Log into Administration settings on the connected Reveal(x) 360 console to check the status of sensors integrated with Netskope.
From the Assets page, you can search for devices on sensors integrated with Netskope to view traffic and detections observed from the Netskope data.

Check the status of sensors integrated with Netskope

From the Reveal(x) 360 console, you can view the status of sensors enabled for Netskope packet ingest.

Before you begin

Your user account must have System Administration privileges.

Log in to Reveal(x) 360.
Click the System Settings icon and then click Integrations.
Click the Netskope tile.
The Netskope integration page displays the following information:
- The number and names of connected sensors that are configured to ingest Netskope packets.
- Whether a sensor is online or offline.
- The timestamp of the last packet received.
(Optional): Click Go to Sensors to view configuration details for individual sensors, enable or disable sensors, or upgrade sensor firmware.

Last modified 2025-02-10

Documentation

Concepts

How To's

Walkthroughs

Admin Guides

API Guides

Deployment

Products

Network Detection and Response

Network Performance Monitoring

RevealX™ Platform

Customers

Community

Partners

Support

Training

Resources

Customer Stories

Integrations

Company

About Us

Careers

Newsroom

Events

Blog

Integrate Reveal(x) 360 with Netskope

Enable Netskope packet ingest

Check the status of sensors integrated with Netskope