Skip to main content
Last updated on

Configure authentication to Netskope

Beta

This feature is in Beta. Workspace admins can control access to this feature from the Previews page. See Manage Databricks previews.

This page shows how to configure Netskope to enable authentication from Databricks. The Netskope Logs connector uses a Netskope REST API v2 token to ingest data into Databricks. Use the authentication details that you retrieve from the steps on this page to create a Unity Catalog connection in Databricks.

Prerequisites

  • A Netskope tenant with administrator access to create a REST API v2 token. See the Netskope REST API v2 Overview.

  • A Netskope service account with a role that has View access to the events and alerts you want to ingest. See Netskope API Tokens.

    tip

    Create the token for a Netskope service account rather than an individual user. If the individual user leaves your organization, this integration might break.

Create a Netskope REST API v2 token

In this step, you create a REST API v2 token in Netskope and note the credentials that you use to create a connection in Databricks.

  1. Sign in to your Netskope tenant as an administrator.

  2. Note your tenant Domain, including the scheme. This is the address you use to sign in, for example https://your-tenant.goskope.com. You enter this value when you create a connection in Databricks.

  3. Choose a role for the connector's service account. Use either the built-in Tenant Admin role or a custom role that grants only the required privileges:

    • Tenant Admin role: The built-in Tenant Admin role already includes access to all events and alerts, so no further configuration is required. Use this option if you do not need to restrict the service account to specific data.

    • Custom role with only the required privileges (recommended): Go to Settings > Administration > Administrators & Roles, open the Roles tab, and create a role. Set the Permission for each functional area to View for the events and alerts you want to ingest. Grant the following:

      Functional area

      Permission

      Source tables it enables

      Administration > Audit Log

      View

      audit

      DLP > Incidents

      View

      incident

      Infrastructure > Infrastructure Log and Infrastructure > On-Premises

      View

      infrastructure

      Skope IT > Application Events

      View

      application

      Skope IT > Network Events

      View

      network

      Skope IT > Page Events

      View

      page

      Skope IT > Alerts

      View

      All alert_* tables (alert_compromisedcredential, alert_content, alert_ctep, alert_device, alert_dlp, alert_malsite, alert_malware, alert_policy, alert_quarantine, alert_remediation, alert_securityassessment, alert_uba, alert_watchlist)

  4. Create a service account for the connector. Go to Settings > Administration > Administrators & Roles, open the Administrators tab, add a service account, assign the role you chose in the previous step, and set a token expiry. Databricks recommends a token expiry of 12 months.

  5. Generate a REST API v2 token for the service account, then copy the token value immediately. Netskope does not display the token again after you close the dialog. You enter this value as the API Token when you create a connection in Databricks.

Next steps

Create a Netskope Logs connection in Databricks. See Create a Netskope Logs connection.

On this page