In this scenario, you have deployed the Netskope client in Web mode, which is a feature that allows you to steer your users' web traffic to Netskope for inspection and policy enforcement. However, some users report that their messenger application is no longer working, even though you have a specific real-time policy that allows this application. Upon further investigation, you discover that the messenger application is using proprietary encryption, which means that Netskope cannot decrypt or inspect the traffic from this application.
To resolve this issue, you need to permit access to all the users and maintain some visibility. The configuration change that would accomplish this task is to add a policy in the SSL decryption section to bypass the messenger domain(s). This will allow Netskope to skip the decryption process for the traffic from the messenger application and pass it through without any modification. However, Netskope will still be able to log some basic information about the traffic, such as source, destination, bytes, etc., for visibility purposes.
Changing the real-time policy to block the messenger application, creating a new custom cloud application using the custom connector, or editing the steering configuration and adding a steering exception for the messenger application are not configuration changes that would accomplish this task, as they would either prevent access to the application, require additional steps or resources, or reduce visibility. References: [Netskope Client], Netskope Security Cloud Operation & Administration (NSCO&A) - Classroom Course, Module 4: Decryption Policy.

* From the Netskope Console in the device detail view, select Collect Log:
* Step 1:Access the Netskope Admin Console.
* Step 2:Navigate to the specific device detail view.
* Step 3:Locate and select the "Collect Log" option.

When creating a real-time policy for cloud applications, you can use access method and device classification as source criteria, in addition to users, groups, and organizational units. Access method refers to how the user accesses the cloud application, such as browser, sync client, mobile app, etc. Device classification refers to the type of device used by the user, such as managed or unmanaged, Windows or Mac, etc. These criteria can help you define granular policies based on different scenarios and risks. Reference: [Creating Real-Time Policies for Cloud Applications]

To obtain and export a list of all hosts including domains and IP addresses that a user accessed through Netskope Private Access for the past seven days, you can follow these steps:
Access the Netskope Web UI: Log in to your Netskope admin console.
Navigate to SkopeIT:
Go to the SkopeIT section in the Netskope admin console.
Private Apps page in SkopeIT:
In the SkopeIT section, navigate to the "Private Apps" page.
Here, you can find detailed information about the private applications accessed by users, including the domains and IP addresses.
Use the filter options to specify the user and the time range (past seven days).
Export the data as needed for your investigation.
Network Events page in SkopeIT:
In the SkopeIT section, navigate to the "Network Events" page.
This page provides a comprehensive list of network events, including details about the hosts accessed through Netskope Private Access.
Again, use the filter options to specify the user and the time range.
Export the data for reporting purposes.
These two locations within the SkopeIT section of the Netskope Web UI will provide you with the necessary data to meet your security team's requirements.
Reference:
Netskope Knowledge Portal: Using SkopeIT for Network and Private Apps Analysis.

To allow access to an application using Netskope Private Access (NPA) with Private Apps steering already enabled for all users, follow these steps:
Create a Private App:
Go to the Netskope admin console.
Navigate to the Private Access section.
Create a new Private App by specifying the necessary details such as app name, IP address, ports, and protocols. This step is essential for defining the private application that users will access through NPA.
Create a Real-time Protection "Allow" Policy:
Navigate to the Policies section in the Netskope admin console.
Create a new Real-time Protection policy.
Set the policy action to "Allow".
Define the criteria for the policy to match the traffic directed to the newly created Private App.
Apply the policy to the relevant users or groups to ensure that access to the Private App is allowed.
Ensure Other Required Settings:
Ensure that SSO (Single Sign-On) is properly configured if it is needed for user authentication.
Verify that Private App steering is enabled for all users, which might already be the case as per the scenario.
Reference:
Netskope API Documentation: Configuring Private Apps and Real-time Protection Policies.
By following these steps, you ensure that the private app is properly defined and that users are allowed to access it through the appropriate Real-time Protection policies. This approach leverages Netskope's capabilities to manage and secure access to private applications seamlessly.