Netskope : Network Event

Vendor Documentation

https://resources.netskope.com/cloud-security-events-conferences-expos

Classification

Rule Name	Rule Type	Classification	Common Event
Netskope : Network Event	Base Rule	Network Traffic	General Traffic Log
Netskope : Network Traffic Allowed	Sub Rule	Network Allow	Traffic Allowed by Network Firewall
Netskope : Network Traffic Denied	Sub Rule	Network Deny	Traffic Denied by Network Firewall

Mapping with LogRhythm Schema

Device Key in Log Message	LogRhythm Schema	Data Type
Device vendor	N/A	N/A
device product	N/A	N/A
Device version	N/A	N/A
Device event class id	<vmid>	Text/String
Event name	N/A	N/A
Severity of the event	<severity>	Text/String
sourceAddress	<sip>	IP Address
destinationAddress	<dip>	IP Address
requestClientApplication	N/A	N/A
sourceServiceName	<process>	Text/String
sourceUserName	<login>	Text/String
sourceHostName	<sname>	Text/String
sourcePort	<sport>	Number
startTime	N/A	N/A
endTime	N/A	N/A
destinationPort	<dport>	Number
timestamp	N/A	N/A
ccl	N/A	N/A
cci	N/A	N/A
clientBytes	<bytesin>	Number
serverBytes	<bytesout>	Number
device	N/A	N/A
os	N/A	N/A
client_packets	<packetsin>	Number
policy	<policy>	Text/String
traffic_type	N/A	N/A
action	<action> <tag1>	Text/String
requestMethod	N/A	N/A
osVersion	N/A	N/A
network_Session_Id	<session>	Text/String
transportProtocol	<protname>	Text/String
server_packets	<packetsout>	Number
sessionDuration	<seconds>	Number
tunnel_type	N/A	N/A
tunnel_up_time	N/A	N/A
tunnel_id	N/A	N/A