Device Details
|
Vendor |
Netskope |
|---|---|
|
Device Type |
Cloud Application Security Broker |
|
Supported Model Name/Number |
Netskope |
|
Supported Software Version(s) |
v2 |
|
Collection Method |
Syslog |
|
Configurable Log Output? |
CEF |
|
Log Source Type |
Syslog - Netskope |
|
Log Processing Policy |
LogRhythm Default v2.0 |
|
Exceptions |
N/A |
|
Additional Information |
N/A |
Prerequisites
-
Deployment of application and its credentials.
Supported Log Messages
|
Type |
Product Version |
Supported Schema Fields |
|---|---|---|
|
Netskope: Action Allowed By Policy |
N/A |
<vmid>, <policy>, <severity>, <session>, <action>, <subject>, <dip>, <dname>, <sip>, <login>, <url>, <process>, <tag1> |
|
Netskope: Activity From Watchlist User |
N/A |
<vmid>, <policy>, <severity>, <subject>, <dip>, <sname>, <sip>, <login>, <process> |
|
Netskope: Anomaly Event |
N/A |
<vmid>, <vendorinfo>, <tag1>, <severity>, <action>, <dip>, <sip>, <login>, <url>, <process> |
|
Netskope: Application Event |
N/A |
<vmid>, <severity>, <session>, <subject>, <dip>, <sip>, <login>, <url>, <process> |
|
Netskope: Audit Event |
N/A |
<vmid>, <severity>, <dip>, <account>, <action>, <tag1>, <objecttype>, <login> |
|
Netskope: Compromised Credential Identified |
N/A |
<vmid>, <severity>, <account>, <login> |
|
Netskope: DLP Detection |
N/A |
<vmid>, <policy>, <severity>, <subject>, <dip>, <size>, <hash>, <object>, <sip>, <login>, <url>, <process>, <hash> |
|
Netskope: Infrastructure Event |
N/A |
<vmid>, <severity>, <object>, <vendorinfo> |
|
Netskope: Legal Hold Event |
N/A |
<vmid>, <severity>, <subject>, <hash>, <object>, <policy>, <login>, <process> |
|
Netskope: Malsite Event |
N/A |
<vmid>, <severity>, <action>, <tag1>, <subject>, <dip>, <dname>, <session>, <threatname>, <threatid>, <policy>, <sip>, <login>, <url> |
|
Netskope: Malware Event |
N/A |
<vmid>, <severity>, <action>, <subject>, <dip>, <size>, <dname>, <hash>, <threatname>, <threatid>, <object>, <sip>, <login>, <url>, <process> |
|
Netskope: Network Event |
N/A |
<vmid>, <severity>, <action>, <bytesin>, <packetsin>, <dport>, <dip>, <session>, <policy>, <protname>, <bytesout>, <packetsout>, <seconds>, <sname>, <sport>, <sip>, <login>, <process> |
|
Netskope: Page Events Detected |
N/A |
<vmid>, <severity>, <subject>, <bytesin>, <dip>, <bytesout>, <sip>, <login>, <url>, <process> |
|
Netskope: Policy Threat Event |
N/A |
<vmid>, <threatname>, <severity>, <result>, <subject>, <dip>, <sip>, <login>, <url>, <process> |
|
Netskope: Quarantine Event |
N/A |
<vmid>, <policy>, <severity>, <subject>, <dip>, <size>, <hash>, <object>, <sip>, <login>, <process> |
|
NetSkope: Remediation Event |
N/A |
<vmid>, <severity>, <action>, <subject>, <dip>, <size>, <hash>, <threatname>, <object>, <policy>, <sip>, <login>, <url>, <process>, <tag1> |
|
Netskope: Security Assessment |
N/A |
<vmid>, <severity>, <action>, <subject>, <policy>, <vendorinfo>, <login>, <process> |
|
Netskope: UBA |
N/A |
<vmid>, <severity>, <action>, <tag1>, <subject>, <dip>, <dname>, <sip>, <login>, <url> |
Revision History
|
KB Version |
Log Type |
Change Type |
Details |
|---|---|---|---|
|
KB 7.1.573.0 |
Syslog - Netskope CEF |
New Base Rule / Sub Rule |
A new device was created with 17 new Base Rules. |