Download PDF

Product Requirements

RevealX Enterprise only

Thank you! We will contact you soon to ask how we can improve our documentation. We appreciate your feedback.

Was this topic helpful?

Yes No

Thank you for your feedback. Can we contact you to ask follow up questions?

How can we improve?

Need more help?

Ask the Community

Integrate RevealX Enterprise with Netskope

This integration enables you to configure one or more ExtraHop sensors to ingest packets from your Netskope solution to detect threats, discover and monitor devices, and gain insight into traffic.

Note:

See the blog post "Zero Trust Integration from ExtraHop and Netskope" to learn more about how this integration works.

Before you begin

You can enable Netskope packet ingest on one or more sensors on the ExtraHop system

Note:

We recommend that you enable this integration on sensors deployed in the same cloud storage type that you configure for Netskope Cloud TAP, which receives packets in Microsoft Azure, Google Cloud Platform (GPS), or Amazon Web Services (AWS).

Your user account must have full write privileges or higher on RevealX Enterprise.

You must configure Cloud TAP in your Netskope environment.
Your user account must have System and Access Administration privileges.
For each ExtraHop sensor that will ingest Netskope packets:
- Your ExtraHop sensor must be running firmware version 9.4 or later.
- Your ExtraHop sensor must be dedicated to ingesting Netskope packets.
- You must configure at least one interface on your ExtraHop sensor that specifies a mode that includes GENEVE encapsulation.
- You cannot configure any interfaces on your ExtraHop sensor for Monitoring mode.

Log in to the Administration settings on the ExtraHop system through https://<extrahop-hostname-or-IP-address>/admin.
In the Network Settings section, click Connectivity.
From the Network Settings section, click Connectivity.
From the Packet Ingest Settings section, select Ingest packets from Netskope.
Click Save, and then return to the main page.
From the Appliance Settings section, click Services.
Select TLS Session Key Receiver.
Click Save, and then return to the main page.
From the System Configuration section, click Capture.
Select Enable SSL Session Key Storage.
Click Save, and then return to the main page.
From the Appliance Settings section, click Running Config.

Click Edit Config, and then specify the following entries under netskope_decap:

"ssl_sharing_secret_timeout_msec": 300000,
"ssl_test_agents_connected": true,
"ssl_secret_map_size": 131072,
"ssl_secret_map_max_secrets": 1048576,
"ssl_secret_max_per_bucket": 32,

Click Update.

Next steps

From the Assets page, you can search for devices on sensors integrated with Netskope to view traffic and detections observed from the Netskope data.
Log into Administration settings on the connected RevealX Enterprise console to check the status of sensors integrated with Netskope.

Last modified 2025-02-10

Documentation

Concepts

How To's

Walkthroughs

Admin Guides

API Guides

Deployment

Products

Network Detection and Response

Network Performance Monitoring

RevealX™ Platform

Customers

Community

Partners

Support

Training

Resources

Customer Stories

Integrations

Company

About Us

Careers

Newsroom

Events

Blog

Integrate RevealX Enterprise with Netskope