All scripts
sase
Expert
3–10 min

Netskope DLP Policy Deployer

Deploy and reconcile Netskope DLP rules/profiles from declarative YAML — dictionary/profile/rule sync, drift detection vs the live tenant, dry-run diff and idempotent apply with rollback.

Netskope
Open in GeneratorOpen in Platform
You're viewing a preview

The full script, parameters, and execution console are available with a free account.

Already have access? Sign in →

Capabilities

  • Netskope REST API v2 auth
  • DLP dictionary + profile sync
  • Rule-to-profile binding
  • Declarative YAML desired-state
  • Drift detection vs live tenant
  • Dry-run diff preview
  • Idempotent apply + rollback
  • Scored HTML report

Required inputs

Parameters the script accepts. Defaults shown; some are vendor- or context-gated.

ParameterTypeDefaultNotes
Desired-state YAML
desired_state
stringdlp_policies.yaml
Reconcile mode (drift|enforce)
reconcile_mode
stringdrift
Minimum DLP severity managed
severity_floor
stringmedium
Rollback on apply error
rollback_on_error
booltrue

Hint 1Name your vendors and OS versions

Mention the exact platforms you run (Netskope) so the generated sase logic uses the right CLI/NETCONF syntax.

Hint 2State your real thresholds

Provide concrete values for Desired-state YAML, Reconcile mode (drift|enforce), Minimum DLP severity managed instead of the defaults — they shape what counts as a fault.

Hint 3Prioritize the checks you need

This tool can netskope REST API v2 auth and dLP dictionary + profile sync. Ask for the subset relevant to your incident to keep output focused.

Hint 4Describe your inventory format

Tell the assistant whether your device list is CSV, YAML, or JSON and which columns it has, so parsing matches your data.

Sample inventory schema

Authoritative shape of the device/policy data this script consumes.

dlp_policies.yaml
yaml
Mock declarative desired-state — DLP profiles, rules, actions and severity
yaml
# Desired-state DLP policy for the Netskope tenant.
# The deployer reconciles this against the live tenant (dry-run by default).
profiles:
  PCI-Profile:
tenants.csv
csv
Target Netskope tenant(s) — host + Vault path for the API token
terminal
tenant,base_url,vault_path,severity_floor
acme-prod,https://acme.goskope.com,netops/netskope/prod,medium
acme-stage,https://acme-stage.goskope.com,netops/netskope/stage,low

Expected output

Reference terminal output the script should produce — used as a stylistic and structural target.

terminal
[2026-06-12] INFO  Netskope DLP: loading desired-state dlp_policies.yaml...
[2026-06-12] INFO  Fetching live DLP profiles + rules from tenant...

==================== DRY-RUN · PLANNED CHANGES ====================
ACTION   PROFILE                 RULE                 RESULT
+ ADD    GDPR-Profile            EU-PII-Block         would create (block)
~ UPDATE PCI-Profile             CC-Number-Alert      block → alert
- DRIFT  Legacy-Profile          SSN-Test             live-only (enforce would delete)
= KEEP   PCI-Profile             CC-Number-Block      in-sync
==================================================================