Configure Log Shipper SIEM Mappings
A write-access user can configure SIEM mappings to ingest the events and alerts from a Netskope tenant into their SIEM platform. A write-access user should configure Netskope and SIEM destination plugin, and also configure a business rule if they plan to ingest only selective alerts and events.
Go to Log Shipper > SIEM Mappings.
Here, Total Logs Sent and Total WebTx Sent will indicate the number of logs/webtx getting ingested to Destination Configuration. Count will be based on the Destination Configuration.
Click Add SIEM Mapping.
Select a Source Configuration, Destination Configuration and Business Rule.
Click Save.
To get historical pull data, click the Pull Historial Data icon from the SIEM mapping actions.
Select Historical From - To date with date time from calender and click on Pull.
Now all the incoming alerts and events with historical data should be ingested into your destination configuration.