Netskope¶
Netskope provides web filtering telemetry. Cyderes ingests Netskope Audit, Alert Pages, and Application logs. Netskope Audit logs are generated by critical activities done by an admin in the Netskope platform. Alert logs generated by Netskope include policy, DLP, and watch list alerts. Page and Application events are supplementary to alerts. Cyderes utilizes this information to track unauthorized or malicious web behaviors on endpoints. They can be configured independently or together.
Chronicle Data Types¶
- NETSKOPE_ALERT
Note
Netskope has deprecated their V1 API, as a result Cyderes currently provides support for deploying integrations only with valid V2 API credentials.
Configuration V2 API¶
Please refer to the Netskope V2 REST API documentation on how to create a V2 API token.
Provide Read privileges to the resources you need from the following supported Netskope API endpoints:
- api/v2/events/data/alert
- api/v2/events/data/audit
- api/v2/events/data/page
- api/v2/events/data/application
Gather Information¶
Please include the credential's expiration date if available
Provide the following information to Cyderes to complete implementation:
- Netskope Tenant Name - company specific tenant URL
- Netskope API Token - the API token generated
- Netskope Resources - which resources you would like to ingest (Alert, Audit, Page, Application)