Netskope : Compromised Credential Identified

Vendor Documentation

https://www.netskope.com/press-releases/new-netskope-report-shows-compromised-credentials-continue-to-haunt-cloud-app-usage

Classification

Rule Name	Rule Type	Classification	Common Event
Netskope : Compromised Credential Identified	Base Rule	Compromise	Account Compromised

Mapping with LogRhythm Schema

Device Key in Log Message	LogRhythm Schema	Data Type
Device Vendor	N/A	N/A
Device Product	N/A	N/A
Device Version	N/A	N/A
Device Event Class ID	<vmid>	Text/String
Name of the event	N/A	N/A
Severity of the event	<severity>	Text/String
ccBreachDate	N/A	N/A
ccBreachMediaReferences	N/A	N/A
ccBreachScore	N/A	N/A
ccEmailSource	N/A	N/A
ccMatchedUsername	<account>	Text/String
suser	<login>	Text/String
timestamp	N/A	N/A