The official Netskope Python SDK — a modern, typed, and intuitive interface to the Netskope REST API v2.
Project description
Netskope Python SDK
The official Netskope Python SDK — a modern, typed, and intuitive interface to the Netskope REST API v2.
Why This SDK?
- Hierarchical namespaces —
client.alerts.list(),client.scim.users.create()— explore the entire API through autocomplete - Automatic pagination — just iterate, no page loops needed
- Full type safety — Pydantic v2 models with complete type annotations
- Sync + Async — choose the right client for your use case
- Automatic retries — exponential backoff with jitter for transient errors
- Rich exceptions — specific error types with request IDs for support escalation
- Minimal dependencies — only
httpx+pydantic - Python 3.11+ — modern Python, no legacy baggage
Installation
pip install netskope-py-sdk
Quick Start
from netskope import NetskopeClient
# Create a client (or set NETSKOPE_TENANT and NETSKOPE_API_TOKEN env vars)
client = NetskopeClient(
tenant="mycompany.goskope.com",
api_token="your-v2-api-token",
)
# List high-severity alerts — pagination is automatic
for alert in client.alerts.list(query='severity eq "high"'):
print(f"{alert.alert_name} — {alert.user} — {alert.severity}")
# Query network events
for event in client.events.list("network", query='user eq "alice@example.com"'):
print(f"{event.src_ip} → {event.dst_ip}")
# Manage URL allow/block lists
blocklist = client.url_lists.create("threat-iocs", ["malware.example.com"])
client.url_lists.deploy() # deploy pending changes
# List publishers
for pub in client.publishers.list():
print(f"{pub.publisher_name} — {pub.status}")
# SCIM user provisioning
for user in client.scim.users.list():
print(f"{user.user_name} active={user.active}")
Async Usage
from netskope import AsyncNetskopeClient
async with AsyncNetskopeClient(tenant="...", api_token="...") as client:
async for alert in client.alerts.list():
print(alert.alert_name)
Configuration
Environment Variables
| Variable | Description |
|---|---|
NETSKOPE_TENANT |
Tenant hostname (e.g. mycompany.goskope.com) |
NETSKOPE_API_TOKEN |
REST API v2 token |
Client Options
client = NetskopeClient(
tenant="mycompany.goskope.com",
api_token="...",
timeout=60.0, # request timeout (seconds)
max_retries=5, # retry count for transient errors
backoff_factor=1.0, # exponential backoff base
)
Multiple Tenants
prod = NetskopeClient(tenant="prod.goskope.com", api_token=prod_token)
staging = NetskopeClient(tenant="staging.goskope.com", api_token=staging_token)
API Reference
Alerts
# List with JQL filtering
alerts = client.alerts.list(query='alert_type eq "DLP"')
for alert in alerts:
print(alert.alert_name, alert.severity, alert.user)
# Get a single alert
alert = client.alerts.get("alert-id-123")
# Page-level access
for page in client.alerts.list().pages():
print(f"Page: {len(page.items)} items, {page.total} total")
# Collect all at once (with safety limit)
all_alerts = client.alerts.list().to_list(max_items=5000)
Events
from datetime import datetime
# Query by event type
for event in client.events.list("application"):
print(event.user, event.app, event.activity)
# Network events with time range
for event in client.events.list(
"network",
start_time=datetime(2026, 1, 1),
end_time=datetime(2026, 3, 1),
):
print(event.src_ip, event.dst_ip)
# Supported types: alert, application, network, page, incident,
# audit, infrastructure, clientstatus, epdlp, transaction
URL Lists
# CRUD operations
url_list = client.url_lists.create("blocklist", ["bad.com", "evil.org"])
url_list = client.url_lists.update(url_list.id, urls=["bad.com", "evil.org", "new.bad.com"])
client.url_lists.delete(url_list.id)
# Deploy all pending changes
client.url_lists.deploy()
Publishers
# List all publishers
for pub in client.publishers.list():
print(f"{pub.publisher_name}: {pub.status} ({pub.apps_count} apps)")
# Create a publisher
new_pub = client.publishers.create(name="aws-us-east-1")
# Get by ID
pub = client.publishers.get(publisher_id=42)
Private Apps (ZTNA)
# List private apps
for app in client.private_apps.list():
print(f"{app.app_name} → {app.host}:{app.port}")
# Create a private app
app = client.private_apps.create(
name="internal-dashboard",
host="10.0.0.5",
port="443",
protocols=["TCP"],
publisher_ids=[1, 2],
)
SCIM (Users & Groups)
# Users
for user in client.scim.users.list():
print(user.user_name, user.active)
user = client.scim.users.create(
user_name="alice@example.com",
email="alice@example.com",
display_name="Alice Smith",
)
# Groups
for group in client.scim.groups.list():
print(f"{group.display_name}: {len(group.members)} members")
Incidents
# List incidents
for incident in client.incidents.list(query='severity eq "critical"'):
print(incident.incident_id, incident.severity, incident.status)
# Get user risk score
uci = client.incidents.get_uci("user@example.com")
print(f"Risk score: {uci.score}")
# Get UBA anomalies
anomalies = client.incidents.get_anomalies(["user@example.com"])
Steering & Infrastructure
# Get steering config
config = client.steering.get_config("npa")
# List PoPs
for pop in client.steering.list_pops():
print(f"{pop.name} — {pop.region}")
# List IPSec tunnels
for tunnel in client.steering.list_tunnels():
print(f"{tunnel.name}: {tunnel.status}")
Error Handling
from netskope import (
NetskopeError,
AuthenticationError,
NotFoundError,
RateLimitError,
ForbiddenError,
)
try:
alert = client.alerts.get("nonexistent")
except NotFoundError as e:
print(f"Not found: {e.message}")
print(f"Request ID: {e.request_id}") # for support escalation
except RateLimitError as e:
print(f"Rate limited — retry after {e.retry_after}s")
except AuthenticationError:
print("Invalid or expired API token")
except ForbiddenError:
print("Token lacks required scope")
except NetskopeError as e:
print(f"SDK error: {e}")
Context Managers
# Sync
with NetskopeClient(tenant="...", api_token="...") as client:
alerts = client.alerts.list().to_list()
# Async
async with AsyncNetskopeClient(tenant="...", api_token="...") as client:
alerts = await client.alerts.list().to_list()
Logging
import logging
# See all requests at INFO level
logging.getLogger("netskope").setLevel(logging.INFO)
# Full request/response debug (tokens redacted)
logging.getLogger("netskope").setLevel(logging.DEBUG)
Requirements
- Python 3.11+
httpx>= 0.27pydantic>= 2.0
License
MIT
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
netskope_py_sdk-1.0.3.tar.gz
(58.4 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file netskope_py_sdk-1.0.3.tar.gz.
File metadata
- Download URL: netskope_py_sdk-1.0.3.tar.gz
- Upload date:
- Size: 58.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/2.2.1 CPython/3.14.0 Darwin/25.3.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
65aa6cbb89a48fb3b92f5430b4c5398d5dbcec76999caed4b24e3eefdfa2a575
|
|
| MD5 |
01954743af4da9e544e48123e733c4e3
|
|
| BLAKE2b-256 |
5a48d45cd8a3a5baa559874a5e85888a02da28c0bc430fb4b986b54ee1f4fd9a
|
File details
Details for the file netskope_py_sdk-1.0.3-py3-none-any.whl.
File metadata
- Download URL: netskope_py_sdk-1.0.3-py3-none-any.whl
- Upload date:
- Size: 39.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/2.2.1 CPython/3.14.0 Darwin/25.3.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
b4000f35b9830aadb563a58d6a6726c4df77ef1878dfd3e6bfd6e590ad5eaac7
|
|
| MD5 |
d56544b69d50bdf0d00c2051a47a7bf9
|
|
| BLAKE2b-256 |
6562e12c49d8049ed786e8d0fca65d3beaacd668710414853ca83439379317c6
|
