Skip to main content
Skip table of contents

Netskope : Audit Event

Vendor Documentation

Classification

Rule Name

Rule Type

Classification

Common Event

Netskope: Audit EventBase RuleOther AuditGeneral Audit Message
Netskope: User Logon SuccessSub RuleAuthentication SuccessUser Logon
Netskope: User Logout SuccessSub RuleAuthentication SuccessUser Logoff
Netskope: User Logon FailureSub RuleAuthentication FailureUser Logon Failure
Netskope: SSO User Logon SuccessSub RuleAuthentication SuccessUser Logon
Netskope: Password ChangedSub RuleAccount ModifiedPassword Modified
Netskope: Admin CreatedSub RuleAccount CreatedUser Account Created
Netskope: Admin DeletedSub RuleAccount DeletedUser Account Deleted
Netskope: Admin DisabledSub RuleAccess RevokedAccount Disabled
Netskope: Admin EditedSub RuleAccount ModifiedUser Account Attribute Modified
Netskope: Admin EnabledSub RuleAccess GrantedAccount Enabled
Netskope: Admin UnlockedSub RuleAccess GrantedAccount Unlocked
Netskope: Admin Settings UpdatedSub RuleAccount ModifiedUser Account Attribute Modified
Netskope: Object\Policy CreatedSub RuleAccess SuccessObject Created
Netskope: Object\Policy DeletedSub RuleAccess SuccessObject Deleted/Removed
Netskope: User LockedSub RuleAccess RevokedAccount Locked
Netskope: Object\Policy ModifiedSub RuleAccess SuccessObject Modified
Netskope: Configuration PushedSub RuleConfigurationConfiguration Loaded: System

Mapping with LogRhythm Schema

Device Key in Log MessageLogRhythm SchemaData Type
Device vendorN/AN/A
Device productN/A N/A
Device versionN/AN/A
Device event class ID<vmid>Text/String
Event nameN/AN/A
The severity of the event<severity>Text/String
N/A<dip>IP Address
<account>Text/String
audit log event<action>
<tag1>
Text/String
typeN/AN/A
user<login>Text/String
timestampN/AN/A
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.