Skip to main content

Netskope Help

Log Shipper Syslog Mapping
Prerequisites
  • CloudExchange > 3.3

  • Basic Cloud Exchange setup (Netskope tenant API v1 and v2 setup)

  • Source Netskope plugin - Netskope Log Shipper or Netskope WebTx for Log Shipper

  • Destination Netskope plugin - Syslog v1.2.0

Supported Default Mappings
  • Syslog

  • Rapid7

  • QRadar

  • LogRythm

  • Microsoft Cloud App Security

  • Azure Sentinel

  • CSCC

  • Chronicle

  • Elastic

  • ArcSight

  • Microsoft Defender

  • ThirdPartyTrust

  • SolarWinds

  • AlienVault

  • Secureworks

  • Custom

Description

Cloud Exchange uses a mapping file to translate Netskope field names to third party field names. For example, Netskope has a label Source IP and our default mapping file translates it to src.

Click play to watch a video.

 
Select a Mapping

With our drop-down mapping files, you can pick which destination formation you would like to use. You can also edit or create a mapping file.

image1.png
Create/Edit a Mapping File

Cloud Exchange doesn’t allow you to edit a default mapping file. If you would like to make a change to a mapping file, select Create copy of this file under Action.

Go to Settings > Log Shipper > Mapping.

Note: You must be logged in as write-access user.

image2.png

After you give this new mapping file a name, edit the fields you would like to.

The Netskope Field selector lists all available fields coming from Netskope for Alerts, Events and WebTx logs. The Target Field is what it will be translated to.

image3.png