Syslog - Netskope CEF

Device Details

Vendor	Netskope
Device Type	Cloud Application Security Broker
Supported Model Name/Number	Netskope
Supported Software Version(s)	v2
Collection Method	Syslog CEF
Configurable Log Output?	No
Log Source Type	Syslog CEF
Log Processing Policy	LogRhythm Default v2.0
Exceptions	N/A
Additional Information	N/A

Prerequisites

Deployment of application and its credentials.

Supported Log Messages

Type	Product Version	Supported Schema Fields
Netskope: Action Allowed By Policy	N/A	<vmid>, <policy>, <severity>, <session>, <result>, <subject>, <dip>, <sip>, <login>, <url>, <process>, <tag1>
Netskope: Activity From Watchlist User	N/A	<vmid>, <policy>, <severity>, <subject>, <dip>, <sname>, <sip>, <login>, <process>
Netskope: Anomaly Event	N/A	<vmid>, <vendorinfo>, <tag1>, <severity>, <action>, <dip>, <sip>, <login>, <url>, <process>
Netskope: Application Event	N/A	<vmid>, <severity>, <session>, <subject>, <dip>, <sip>, <login>, <url>, <process>
Netskope: Audit Event	N/A	<vmid>, <severity>, <dip>, <account>, <action>, <tag1>, <login>
Netskope: Compromised Credential Identified	N/A	<vmid>, <severity>, <account>, <login>
Netskope: DLP Detection	N/A	<vmid>, <policy>, <severity>, <subject>, <dip>, <size>, <hash>, <object>, <sip>, <login>, <url>, <process>, <hash>
Netskope: Infrastructure Event	N/A	<vmid>, <severity>, <object>, <vendorinfo>
Netskope: Legal Hold Event	N/A	<vmid>, <severity>, <subject>, <hash>, <object>, <policy>, <login>, <process>
Netskope: Malasite Events	N/A	<vmid>, <severity>, <action>, <subject>, <dip>, <session>, <threatname>, <threatid>, <sip>, <login>, <url>
Netskope: Malware Event	N/A	<vmid>, <severity>, <action>, <subject>, <dip>, <size>, <dname>, <hash>, <threatname>, <threatid>, <object>, <hash>, <sip>, <login>, <url>, <process>
Netskope: Network Event	N/A	<vmid>, <severity>, <action>, <bytesin>, <packetsin>, <dport>, <dip>, <session>, <policy>, <protname>, <bytesout>, <packetsout>, <seconds>, <sname>, <sport>, <sip>, <login>, <process>
Netskope: Page Events Detected	N/A	<vmid>, <severity>, <subject>, <bytesin>, <dip>, <bytesout>, <sip>, <login>, <url>, <process>
Netskope: Policy Threat Event	N/A	<vmid>, <threatname>, <severity>, <result>, <subject>, <dip>, <sip>, <login>, <url>, <process>
Netskope: Quarantine Event	N/A	<vmid>, <policy>, <severity>, <subject>, <dip>, <size>, <hash>, <object>, <sip>, <login>, <process>
NetSkope: Remediation Event	N/A	<vmid>, <severity>, <action>, <subject>, <dip>, <size>, <hash>, <threatname>, <object>, <policy>, <sip>, <login>, <url>, <process>, <tag1>
Netskope: Security Assessment	N/A	<vmid>, <severity>, <action>, <subject>, <policy>, <vendorinfo>, <login>, <process>

Revision History

KB Version	Log Type	Change Type	Details
KB 7.1.573.0	Netskope CEF (New Base Rules)	New Base Rule / Sub Rule	A new device was created with 17 new Base Rules.