While many organizations focus on outside threats, network security shouldn’t be neglected. Having greater visibility into the websites people are searching and the files they are downloading in your network should be a priority.
To strengthen your network visibility, LogRhythm released a new SmartResponse™ plugin (SRP) for Netskope that speeds the detection of URLs and files that should be blacklisted and increases your analysts’ investigative capabilities.
Blacklist URLs and Files to Protect Your Network
With the Netskope SmartResponse, LogRhythm helps you gain control over your network. Your analysts can add URLs, files, and SHA-256 hashes that are part of a threat list to Netskope’s blacklisted files to keep your network safe from unwanted links.
For example, if an AI Engine filter detects a URL or file in the system that appears on the threat list, the Netskope SRP can automatically blacklist it, reducing your typical response time.
Additionally, your analysts can add URLs to Netskope’s blacklist if they discover suspicious files during an investigation, further securing your network.
LogRhythm and Netskope in Action
How does the LogRhythm and Netskope integration work? The LogRhythm NextGen SIEM Platform collects and ingests Netskope logs using the using the Netskope API. The logs are then parsed and normalized to the LogRhythm schema. The Netskope SRP uses the Netskope RESTful API to add suspicious URLs, files, and SHA-256 hashes to Netskope’s blacklist and stores a local copy in the LogRhythm List Manager.
If a threat feed indicates questionable browsing habits in LogRhythm, your security analysts can use the Netskope SRP to add the suspicious URL or file to the LogRhythm List and Netskope’s blacklist. Netskope’s integration with LogRhythm is enabled by Netskope Cloud Log Shipper, which pulls logs from the APIs and forwards them via Syslog.
Protect Your Network with LogRhythm and Netskope
With LogRhythm and Netskope, your team will have greater visibility into and control over your network and the content employees visit and access. The joint solution gives you the ability to accelerate detection of unwanted and blacklisted URLs, minimizing your organization’s risk.
The Netskope plugin is the latest integration under the LogRhythm-Netskope technology partnership. To download the plugin, visit the LogRhythm Community. To find additional plugins, check out our SmartResponse automation plugin library.
The post Automate URL and File Blacklisting with Netskope and LogRhythm appeared first on LogRhythm.
*** This is a Security Bloggers Network syndicated blog from LogRhythm authored by Angela Romero. Read the original post at: https://logrhythm.com/blog/automate-url-and-file-blacklisting-with-netskope-and-logrhythm/