Configure the Netskope Plugin for Log Shipper
This document explains how to configure the Cloud Exchange integration with the Log Shipper module of the Netskope Cloud Exchange platform.
Prerequisites
To complete this configuration, you need:
A Netskope Tenant (or multiple, for example, production and development/test instances) that is already configured in Cloud Exchange.
A Netskope Cloud Exchange tenant with the Log Shipper module already configured.
Workflow
Configure the Netskope plugin for Log Shipper.
Configure Log Shipper Business Rules and SIEM mappings.
Validate the Netskope plugin for Log Shipper.
In Cloud Exchange, go to Settings and click Plugins
Select the Netskope (CLS) box to open the plugin creation page.
Enter a Configuration Name.
Select your Tenant from the dropdown.
Click Next.
Choose Alert Types. (This will filter alerts based on types you select.)
Note
This filter will not be applied if you have an Alert filter at the Tenant level starting with v4.1.0. In this case, the filter at the Tenant level will override this filter setting.
Choose Event Types. (This will filter events based on types you select.)
Number of days to pull the data for initial run.
Click Save.
In Log Shipper, go to Business Rules.
Click Create New Rule.
Enter a Rule Name and build the appropriate filter query condition on the field(s) for the business rule. You can also type the query manually by pressing the Filter Query button.
Click the Save button.
In Log Shipper, go to SIM Mappings.
Click Add SIEM Mappings.
Click the Business Rule dropdown and choose the Business rule you created previously.
Select the Source and Destination Configuration dropdown between which the SIEM mapping will be configured based in selected Business Rule.
Click Save.
To verify the plugin is working correctly, go to LogShipper > SIEM Mappings, confirm that the proper count of the logs are sent under Total Logs Sent column for the configured SIEM Mapping
 |
WebTx Plugin Field Descriptions
Field | Description |
|---|---|
Configuration Name | Name of the WebTx plugin. |
Service Account JSON | Specifies the Events Streaming Subscription Key from your Netskope tenant. |
Subscription Path | Specifies the Events Streaming Subscription Endpoint from your Netskope tenant. |