Syslog - Netskope CEF
Device Details
Vendor | Netskope |
|---|---|
Device Type | Cloud Application Security Broker |
Supported Model Name/Number | Netskope |
Supported Software Version(s) | v2 |
Collection Method | Syslog |
Configurable Log Output? | CEF |
Log Source Type | Syslog - Netskope |
Log Processing Policy | LogRhythm Default v2.0 |
Exceptions | N/A |
Additional Information | N/A |
Prerequisites
- Deployment of application and its credentials.
Supported Log Messages
| Type | Product Version | Supported Schema Fields |
|---|---|---|
| Netskope: Action Allowed By Policy | N/A | <vmid>, <policy>, <severity>, <session>, <action>, <subject>, <dip>, <dname>, <sip>, <login>, <url>, <process>, <tag1> |
| Netskope: Activity From Watchlist User | N/A | <vmid>, <policy>, <severity>, <subject>, <dip>, <sname>, <sip>, <login>, <process> |
| Netskope: Anomaly Event | N/A | <vmid>, <vendorinfo>, <tag1>, <severity>, <action>, <dip>, <sip>, <login>, <url>, <process> |
| Netskope: Application Event | N/A | <vmid>, <severity>, <session>, <subject>, <dip>, <sip>, <login>, <url>, <process> |
| Netskope: Audit Event | N/A | <vmid>, <severity>, <dip>, <account>, <action>, <tag1>, <objecttype>, <login> |
| Netskope: Compromised Credential Identified | N/A | <vmid>, <severity>, <account>, <login> |
| Netskope: DLP Detection | N/A | <vmid>, <policy>, <severity>, <subject>, <dip>, <size>, <hash>, <object>, <sip>, <login>, <url>, <process>, <hash> |
Netskope: Infrastructure Event | N/A | <vmid>, <severity>, <object>, <vendorinfo> |
| Netskope: Legal Hold Event | N/A | <vmid>, <severity>, <subject>, <hash>, <object>, <policy>, <login>, <process> |
| Netskope: Malsite Event | N/A | <vmid>, <severity>, <action>, <tag1>, <subject>, <dip>, <dname>, <session>, <threatname>, <threatid>, <policy>, <sip>, <login>, <url> |
| Netskope: Malware Event | N/A | <vmid>, <severity>, <action>, <subject>, <dip>, <size>, <dname>, <hash>, <threatname>, <threatid>, <object>, <sip>, <login>, <url>, <process> |
| Netskope: Network Event | N/A | <vmid>, <severity>, <action>, <bytesin>, <packetsin>, <dport>, <dip>, <session>, <policy>, <protname>, <bytesout>, <packetsout>, <seconds>, <sname>, <sport>, <sip>, <login>, <process> |
| Netskope: Page Events Detected | N/A | <vmid>, <severity>, <subject>, <bytesin>, <dip>, <bytesout>, <sip>, <login>, <url>, <process> |
| Netskope: Policy Threat Event | N/A | <vmid>, <threatname>, <severity>, <result>, <subject>, <dip>, <sip>, <login>, <url>, <process> |
| Netskope: Quarantine Event | N/A | <vmid>, <policy>, <severity>, <subject>, <dip>, <size>, <hash>, <object>, <sip>, <login>, <process> |
| NetSkope: Remediation Event | N/A | <vmid>, <severity>, <action>, <subject>, <dip>, <size>, <hash>, <threatname>, <object>, <policy>, <sip>, <login>, <url>, <process>, <tag1> |
Netskope: Security Assessment | N/A | <vmid>, <severity>, <action>, <subject>, <policy>, <vendorinfo>, <login>, <process> |
| Netskope: UBA | N/A | <vmid>, <severity>, <action>, <tag1>, <subject>, <dip>, <dname>, <sip>, <login>, <url> |
Revision History
KB Version | Log Type | Change Type | Details |
|---|---|---|---|
| KB 7.1.573.0 | Syslog - Netskope CEF | New Base Rule / Sub Rule | A new device was created with 17 new Base Rules. |