Netskope: Audit Event
Vendor Documentation
Classification
Rule Name | Rule Type | Classification | Common Event |
|---|---|---|---|
| Netskope: Audit Event | Base Rule | Other Audit | General Audit Message |
| Netskope : User Logon Success | Sub Rule | Authentication Success | User Logon |
| Netskope : User Logout Success | Sub Rule | Authentication Success | User Logoff |
| Netskope : User Logon Failure | Sub Rule | Authentication Failure | User Logon Failure |
| Netskope : SSO User Logon Success | Sub Rule | Authentication Success | User Logon |
| Netskope : Password Changed | Sub Rule | Account Modified | Password Modified |
| Netskope : Admin Created | Sub Rule | Account Created | User Account Created |
| Netskope : Admin Deleted | Sub Rule | Account Deleted | User Account Deleted |
| Netskope : Admin Disabled | Sub Rule | Access Revoked | Account Disabled |
| Netskope : Admin Edited | Sub Rule | Account Modified | User Account Attribute Modified |
| Netskope : Admin Enabled | Sub Rule | Access Granted | Account Enabled |
| Netskope : Admin Unlocked | Sub Rule | Access Granted | Account Unlocked |
| Netskope : Admin Settings Updated | Sub Rule | Account Modified | User Account Attribute Modified |
| Netskope : Object\Policy Created | Sub Rule | Access Success | Object Created |
| Netskope : Object\Policy Deleted | Sub Rule | Access Success | Object Deleted/Removed |
| Netskope : User Locked | Sub Rule | Access Revoked | Account Locked |
| Netskope : Object\Policy Modified | Sub Rule | Access Success | Object Modified |
| Netskope : Configuration Pushed | Sub Rule | Configuration | Configuration Loaded : System |
Mapping with LogRhythm Schema
| Device Key in Log Message | LogRhythm Schema | Data Type |
|---|---|---|
| Device vendor | N/A | N/A |
| Device product | N/A | N/A |
| Device version | N/A | N/A |
| Device event class ID | <vmid> | Text/String |
| Event name | N/A | N/A |
| The severity of the event | <severity> | Text/String |
| SupportingData | <dip> | IP Address |
| <account> | Text/String | |
| auditLogEvent | <action> <tag1> | Text/String |
| auditType | <objecttype> | Text/String |
| suser | <login> | Text/String |
| timestamp | N/A | N/A |