Skip to main content

Netskope Help

Netskope Transaction Events

The HTTP Transaction events are critical for enterprises for deeper visibility as companies move to adopt cloud products. Netskope already provides page, app events, etc. that are rolled up and summarized to avoid "noisy" web traffic. The rolled up view is great for admins, in addition, transaction events provide granular information about the web sites that users have accessed.

Configure Transaction Events

You will need a subscription endpoint URL and subscription key to access the streamed events.

To retrieve the subscription key and path:

  1. Navigate to Settings > Tools > REST API v2 > New Token. The Create REST API Token window displays.

  2. Click the Add Endpoint dropdown and select the /api/v2/events/token/transaction_events endpoint to create the API token.

    Create_REST_API_Token.jpg
  3. Select the Read radio button in the Privilege column.

  4. Click Save. A confirmation box displays stating the token creation is successful.

    REST_API_copy_token.jpg
  5. Click Copy Token to save it for later use in your API requests and add it to the Netskope API token header.

  6. Navigate to REST API v2 > API Documentation. A new Swagger UI tab will open. You can access the API Documentation from the Create REST API Token window as well. Click Token_Authorize_button.jpg , the Available Authorizations pop-up opens, paste the saved token in the Value field and click Authorize.

    API_Authorization.jpg
  7. From the Swagger UI tab, under to the Events section, navigate to the /api/v2/events/token/transaction_events endpoint and click the line. The details display, click Try it out. Select decode section > true in the dropdown > click Execute.

    Transaction_Events_Token.jpg

    Upon successful execution, the response will carry the subscription key and subscription path.

Log in to your Netskope UI and go to Settings > Tools > Event Streaming. Copy your subscription endpoint and generate your download key from the Event Streaming page.

Important

The REGENERATE ENDPOINT button generates a new subscription path. Once a new subscription path is generated, a new subscription key must be generated by clicking on the GENERATE AND DOWNLOAD KEY button.

The old subscription path and key expires. With a new subscription path, event streaming will start fresh from the beginning of the retention period, i.e., 7 days ago by default.

TRX_Event_Streaming.jpg

Once the transaction events feature is enabled in your account, you’ll be able to consume the data from the subscription endpoint.

To receive the events from the subscription, refer to the Receiving messages from Lite subscriptions link .

The Netskope SDK also provides an example of using the REST API v2 token as authentication which provides the subscription endpoint URL and subscription key internally to use the Google SDK.

In addition, you can receive messages with various Client libraries. Netskope retains transaction events for seven days by default if not consumed.

There are different access methods for transaction events:

  • Google SDK

  • Netskope Splunk Integration

  • Netskope Cloud Exchange

Google SDK

The enhanced transaction events streaming is delivered through a streaming mechanism. 

The transaction event near real-time subscription messages have the following format:

Attributes

  • Content-Encoding. gzip - currently the only available value

  • Log-Count - number of events enclosed in the message data

  • Fields - transaction event fields for each transaction event

Data

  • The message data contains gzip compressed transaction events

Refer to the sample code to receive and decode the transaction events.

Netskope Splunk Integration

The Netskope App (Add-on) for Splunk has dashboards for visualization of Events, Alerts, and Web Transaction details. This information is populated on the dashboard.

Users can get  information related to data collected in addition to transforming and parsing data with the Add-on app available from splunkbase.

Click the following links to set up the Netskope Splunk Integration:

Netskope Cloud Exchange

Netskope Cloud Exchange is available for download on GitHub and accompanying installation documentation is available:

Transaction Events Streaming Service Data Retention Policy

Transaction Events are retained in the streaming service for up to seven days for admins to pull, for error recovery on the customer client side. The data is kept in a series of files by the streaming service. The garbage collection service will remove all files older than seven days, with the exception of the most recent data file.

For most customers during normal operational load, there will be numerous data files in a given hour. However, for some customers with a small data volume, (e.g. who have not implemented Netskope widely or in an active proof of concept phase), the most recent data file might accumulate events for more than seven days resulting in a longer data retention period.