Skip to main content

Netskope Help

Configure Log Shipper SIEM Mappings

A write-access user can configure SIEM mappings to ingest the events and alerts from a Netskope tenant into their SIEM platform. A write-access user should configure Netskope and SIEM destination plugin, and also configure a business rule if they plan to ingest only selective alerts and events.

  1. Go to Log Shipper > SIEM Mappings.

    image33.png

    Here, Total Logs Sent and Total WebTx Sent will indicate the number of logs/webtx getting ingested to Destination Configuration. Count will be based on the Destination Configuration.

  2. Click Add SIEM Mapping.

  3. Select a Source Configuration, Destination Configuration and Business Rule.

    image34.png
  4. Click Save.

  5. To get historical pull data, click the Pull Historial Data icon from the SIEM mapping actions.

    LS-Pull-Historical-Data.png
  6. Select Historical From - To date with date time from calender and click on Pull.

    LS-Pull-Historical-Data-Options.png

Now all the incoming alerts and events with historical data should be ingested into your destination configuration.