The Netskope Security Cloud provides visibility, real-time data, and threat protection when accessing cloud services, websites, and private apps from anywhere, on any device. 

Device Details

Vendor

Netskope

Device Type

Cloud Application Security Broker

Supported Model Name/Number

Netskope

Supported Software Version(s)

v2

Collection Method

Syslog CEF

Configurable Log Output?

No

Log Source Type

Syslog CEF

Log Processing Policy

LogRhythm Default v2.0

Exceptions

N/A

Additional Information

N/A


Prerequisites

  • Deployment of application and its credentials.


Supported Log Messages

Type

Product Version

Supported Schema Fields

Netskope : Action Allowed by PolicyN/A<vmid>, <policy>, <severity>, <result>, <subject>, <dip>, <sip>, <login>, <url>
Netskope : Activity from Watchlist UserN/A<vmid>, <policy>, <severity>, <session>, <subject>, <dip>, <sname>, <sip>, <login>
Netskope : Anomaly EventN/A<vmid>, <vendorinfo>, <severity>, <action>, <dip>, <sip>, <login>, <url>
Netskope : Application EventN/A<vmid>, <severity>, <session>, <subject>, <dip>, <sip>, <login>, <url>
Netskope : Audit EventN/A<vmid>, <severity>, <action>, <login>
Netskope : Compromised Credential IdentifiedN/A<vmid>, <severity>, <account>, <login>
Netskope : DLP DetectionN/A<vmid>, <policy>, <severity>, <subject>, <dip>, <size>, <hash>, <object>, <sip>, <login>, <url>

Netskope : Infrastructure Event

N/A

<vmid>, <severity>, <object>, <vendorinfo>

Netskope : Legal Hold EventN/A<vmid>, <severity>, <subject>, <hash>, <object>, <policy>, <login>
Netskope : Malsite EventN/A<vmid>, <severity>, <action>, <subject>, <dip>, <session>, <threatname>, <threatid>, <sip>, <login>, <url>
Netskope : Malware EventN/A<vmid>, <severity>, <action>, <subject>, <dip>, <size>, <hash>, <threatname>, <threatid>, <object>, <hash>, <sip>, <login>, <url>
Netskope : Network EventN/A<vmid>, <severity>, <action>, <bytesin>, <packetsin>, <dport>, <dip>, <session>, <policy>, <protname>, <bytesout>, <packetsout>, <seconds>, <sname>, <sport>, <sip>, <login>
Netskope : Page Events DetectedN/A<vmid>, <severity>, <subject>, <bytesin>, <dip>, <bytesout>, <sip>, <login>, <url>
Netskope : Policy Threat EventN/A<vmid>, <threatname>, <severity>, <result>, <subject>, <dip>, <sip>, <login>, <url>
Netskope : Quarantine EventN/A<vmid>, <policy>, <severity>, <subject>, <dip>, <size>, <hash>, <object>, <sip>, <login>
Netskope : Remediation EventN/A<vmid>, <severity>, <action>, <subject>, <dip>, <size>, <hash>, <threatname>, <object>, <policy>, <sip>, <login>, <url>

Netskope : Security Assessment

N/A

<vmid>, <severity>, <action>, <subject>, <policy>, <vendorinfo>, <login>


Revision History

KB Version

Log Type

Change Type

Details

KB 7.1.573.0Netskope CEF (New Base Rules)New Base Rule / Sub Rule

New device created with 17 new Base Rules.