Skip to main content
Skip table of contents

Netskope : Anomaly Event

Vendor Documentation

https://www.netskope.com/blog/the-eight-must-haves-for-successful-anomaly-detection

Classification

Rule Name

Rule Type

Classification

Common Event

Base RuleSuspicious
Suspicious User Activity

Mapping with LogRhythm Schema

Device Key in Log MessageLogRhythm SchemaData Type
Device VendorN/AN/A
Device ProductN/A N/A
Device VersionN/AN/A
Device Event Class ID<vmid>Text/String
Name of the event<vendorinfo>, <tag1>Text/String
Severity of the event<severity>Text/String
act<action>Text/String
anomalyEventTypeN/AN/A
cciN/AN/A
cclN/AN/A
dst<dip>IP Address
requestClientApplicationN/AN/A
ActionN/AN/A
sourceServiceName<process>Text/String
src<sip>IP Address
suser<login>Text/String
timestampN/AN/A
url<url>Text/String
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close