Netskope : Quarantine Event

Vendor Documentation

https://www.netskope.com/blog/block-quarantine-zero-day-malware-cloud

Classification

Rule Name	Rule Type	Classification	Common Event
Netskope : Quarantine Event	Base Rule	Activity	Quarantine

Mapping with LogRhythm Schema

Device Key in Log Message	LogRhythm Schema	Data Type
Device Vendor	N/A	N/A
Device Product	N/A	N/A
Device Version	N/A	N/A
Device Event Class ID	<vmid>	Text/String
Name of the event	<policy>	Text/String
Severity of the event	<severity>	Text/String
accessMethod	N/A	N/A
act	N/A	N/A
appcategory	<subject>	Text/String
browser	N/A	N/A
cci	N/A	N/A
ccl	N/A	N/A
device	N/A	N/A
deviceClassification	N/A	N/A
deviceExternalId	N/A	N/A
dst	<dip>	IP Address
fsize	<size>	Number
hostname	N/A	N/A
managementId	N/A	N/A
md5	<hash>	Text/String
object	<object>	Text/String
os	N/A	N/A
policy	N/A	N/A
qTransactionId	N/A	N/A
requestClientApplication	N/A	N/A
sourceServiceName	<process>	Text/String
src	<sip>	IP Address
suser	<login>	Text/String
timestamp	N/A	N/A

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.