Netskope: Action Allowed by Policy
Vendor Documentation
Classification
Rule Name | Rule Type | Classification | Common Event |
|---|---|---|---|
| Base Rule | Activity | Web Activity Allowed | |
| Netskope : Policy Alert | Sub Rule | Activity | General Alert Log Message |
| Netskope : Traffic Blocked By Policy | Sub Rule | Failed Activity | Web Activity Blocked |
| Netskope : Encryption Forced By Policy | Sub Rule | Network Traffic | Encrypt Packet |
| Netskope : Quarantined By Policy | Sub Rule | Activity | Quarantine |
| Netskope : Action Restricted By Policy | Sub Rule | Failed Activity | Web Activity Blocked |
| Netskope : User Alerted To Action | Sub Rule | Activity | General Alert Log Message |
Mapping with LogRhythm Schema
| Device Key in Log Message | LogRhythm Schema | Data Type |
|---|---|---|
| Device Vendor | N/A | N/A |
| Device Product | N/A | N/A |
| Device Version | N/A | N/A |
| Device Event Class ID | <vmid> | Text/String |
| Name of the event | <policy> | Text/String |
| Severity of the event | <severity> | Text/String |
| appSessionID | <session> | Text/String |
| act | <action> <tag1> | Text/String |
| appcategory | <subject> | Text/String |
| browser | N/A | N/A |
| device | N/A | N/A |
| dst | <dip> | IP Address |
| hostname | <dname> | Text/String |
| os | N/A | N/A |
| policy | N/A | N/A |
| requestClientApplication | N/A | N/A |
| sourceServiceName | <process> | Text/String |
| src | <sip> | IP Address |
| suser | <login> | Text/String |
| timestamp | N/A | N/A |
| url | <url> | Text/String |