Netskope : Activity from Watchlist User
Vendor Documentation
Classification
Rule Name | Rule Type | Classification | Common Event |
|---|---|---|---|
| Base Rule | Activity | Watchlist Hit |
Mapping with LogRhythm Schema
| Device Key in Log Message | LogRhythm Schema | Data Type |
|---|---|---|
| Device vendor | N/A | N/A |
| device product | N/A | N/A |
| Device version | N/A | N/A |
| Device event class id | <vmid> | Text/String |
| Event name | <policy> | Text/String |
| Severity of the event | <severity> | Text/String |
| appSessionId | N/A | N/A |
| sourceAddress | <sip> | IP Address |
| destinationAddress | <dip> | IP Address |
| requestClientApplication | N/A | N/A |
| sourceServiceName | <process> | Text/String |
| sourceUserName | <login> | Text/String |
| deviceExternalId | N/A | N/A |
| deviceAction | N/A | N/A |
| timestamp | N/A | N/A |
| managementId | N/A | N/A |
| appcategory | <subject> | Text/String |
| hostname | <sname> | Text/String |
| os | N/A | N/A |