> ## Documentation Index
> Fetch the complete documentation index at: https://docs.livingsecurity.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Netskope (v2 API)

> Connect Netskope v2 API to import threat alerts and security event data.

export const EgressIpSafelist = ({system}) => <Warning>
    <strong>You need Living Security's egress IP ranges to finish this step</strong>, and they
    aren't shown in {system} or in these docs. Ask your Living Security program owner, who can
    get the current ranges from their CSM or support@livingsecurity.com. Enter each as a CIDR
    block (e.g. <code>203.0.113.0/24</code>) or a single host with <code>/32</code>.
  </Warning>;

export const ConnectInPlatform = ({tile, children}) => <Step title="Enter the credentials in the Living Security Platform">
    <p>
      Completed by whoever holds Living Security access — the program owner, or the system
      admin if they've been invited (delegated setup).
    </p>
    <ol>
      <li>
        Go to <strong>Settings → Integrations → Catalog</strong>, find the{' '}
        <strong>{tile}</strong> tile, click <strong>Connect</strong>.
      </li>
      <li>
        Fill in the fields below, then click <strong>Connect</strong>.
      </li>
    </ol>
    {children}
  </Step>;

export const SystemAdminBanner = ({system, recommendDelegated}) => <Note>
    <p>
      <strong>This guide is for your {system} administrator.</strong> It covers creating API
      credentials inside {system}, which requires admin access to {system} — not to the
      Living Security Platform.
    </p>
    <p>
      If you're the Living Security <strong>program owner</strong> and don't administer {system},
      send this page to whoever does. They complete Part A and hand the credentials back to you
      (or enter them directly if you've invited them into the platform).
      {recommendDelegated && <>
          {' '}Because setup produces sensitive key material, we recommend the{' '}
          <strong>delegated setup</strong> path so the secret is never sent back to you.
        </>}
    </p>
  </Note>;

<SystemAdminBanner system="Netskope" />

## What Living Security needs

| Credential           | Description                                                                  |
| -------------------- | ---------------------------------------------------------------------------- |
| **API token**        | A REST API v2 token generated from the Netskope admin console                |
| **Tenant subdomain** | The subdomain of your Netskope tenant (e.g., `acme` from `acme.goskope.com`) |

**Endpoint access required:**

| Endpoint                    | Purpose                                                          |
| --------------------------- | ---------------------------------------------------------------- |
| `/api/v2/events/data/alert` | Threat alerts, policy violations, DLP events, malware detections |

**Required role:** **Tenant Admin** or equivalent with access to **Settings → Tools**

<Note>
  This integration requires a **v2 API token**, not a v1 token. V1 tokens use query parameter authentication and will not work with the v2 API endpoint.
</Note>

### Prerequisites

* You must have **Tenant Admin** access in Netskope to manage REST API tokens.

***

## Part A — In Netskope

*Your Netskope administrator completes these steps.*

<Steps>
  <Step title="Navigate to REST API v2 Token Management">
    1. Sign in to your Netskope admin console at `https://<tenant>.goskope.com`.
    2. In the left navigation, click **Settings**.
    3. Under **Tools**, select **REST API v2**.
  </Step>

  <Step title="Create a new token">
    1. Click **New Token**.
    2. Enter a descriptive name (e.g., `Living Security Platform`).
    3. Under endpoint access, enable access to:

    | Endpoint                    | Access required |
    | --------------------------- | --------------- |
    | `/api/v2/events/data/alert` | Read            |

    <Note>
      Grant access only to `/api/v2/events/data/alert`. This is the only endpoint Living Security requires — granting minimal access follows least privilege.
    </Note>

    4. Click **Save** (or **Generate Token**).
  </Step>

  <Step title="Copy and save your token">
    **Copy the token immediately** and store it securely.

    <Warning>
      Netskope displays the token value **only once** at creation. If you navigate away without copying it, you must delete the token and create a new one.
    </Warning>
  </Step>

  <Step title="Configure IP allowlist (if applicable)">
    If your Netskope tenant has IP allowlisting enabled, you must add Living Security's egress IP ranges.

    1. In the Netskope admin console, go to **Settings → Administration → IP Allowlist**.
    2. If IP allowlisting is enabled, add each Living Security egress IP range to the **Custom IP** list.

    <EgressIpSafelist system="Netskope" />

    <Warning>
      If IP allowlisting is enabled, the connection dialog will succeed, but data syncs will fail with `401 Unauthorized` until the correct IPs are added.
    </Warning>
  </Step>

  <Step title="Identify your tenant subdomain">
    Your tenant subdomain is the prefix of your Netskope admin console URL.

    If your console URL is `https://acme.goskope.com`, your subdomain is `acme`.

    Enter the bare subdomain only — no `https://`, no `.goskope.com`, no trailing slash.

    <Note>
      The connection dialog accepts several input forms (bare subdomain, full hostname, or full URL) and normalizes automatically. However, entering the bare subdomain is recommended.
    </Note>
  </Step>
</Steps>

***

## Part B — In the Living Security Platform

*The program owner completes this step, or the system admin if using delegated setup.*

<Steps>
  <ConnectInPlatform tile="Netskope (v2 API)">
    | Field                | Value                                            |
    | -------------------- | ------------------------------------------------ |
    | **API key**          | The token from Part A, Step 3                    |
    | **Tenant subdomain** | The subdomain from Part A, Step 5 (e.g., `acme`) |

    <img src="https://mintcdn.com/livingsecurity/oVkrOMkYmNevekTI/integrations/images/netskope-v2-api/connect-dialog.png?fit=max&auto=format&n=oVkrOMkYmNevekTI&q=85&s=89b64e78a14c51a0977c3a2a28418988" alt="Living Security connect dialog for Netskope v2 API" style={{maxWidth: "450px"}} width="576" height="356" data-path="integrations/images/netskope-v2-api/connect-dialog.png" />
  </ConnectInPlatform>
</Steps>

You are now connected to Netskope (v2 API).

***

## Troubleshooting

<AccordionGroup>
  <Accordion title="401 Unauthorized">
    Common causes:

    1. **Token revoked or expired** — generate a new token
    2. **Using a v1 token** — v1 tokens authenticate via query parameter and won't work with v2 endpoints. Generate a new v2 token from **Settings → Tools → REST API v2**
    3. **IP allowlist blocking requests** — if your tenant has IP allowlisting enabled, verify Living Security's egress IPs are on the allowlist
  </Accordion>

  <Accordion title="403 Forbidden">
    The token was created without access to `/api/v2/events/data/alert`. Token endpoint permissions cannot be changed after creation — create a new token with the correct access and reconnect.
  </Accordion>

  <Accordion title="Syncs worked but now fail with 401">
    If IP allowlisting is enabled, Living Security's egress IP ranges may have changed. Contact your CSM to verify the current ranges and update the allowlist.
  </Accordion>

  <Accordion title="Using a v1 token instead of v2">
    V1 and v2 tokens use different authentication mechanisms:

    * **v1**: Query parameter (`token=...`)
    * **v2**: Header (`Netskope-Api-Token: ...`)

    Living Security uses v2 authentication. Generate a new token from **Settings → Tools → REST API v2** (not the legacy v1 token page).
  </Accordion>
</AccordionGroup>
