Skip to content

Netskope

Netskope provides web filtering telemetry. Cyderes ingests Netskope Audit, Alert Pages, and Application logs. Netskope Audit logs are generated by critical activities done by an admin in the Netskope platform. Alert logs generated by Netskope include policy, DLP, and watch list alerts. Page and Application events are supplementary to alerts. Cyderes utilizes this information to track unauthorized or malicious web behaviors on endpoints. They can be configured independently or together.

Chronicle Data Types

  • NETSKOPE_ALERT

Configuration

Please refer to the Netskope RBAC V3 documentation to configure the API key.

Provide Read privileges to the resources you need from the following supported Netskope API endpoints:

  • api/v2/events/data/alert
  • api/v2/events/data/audit
  • api/v2/events/data/page
  • api/v2/events/data/application

Gather Information

Note

Please include the credential's expiration date if available

Provide the following information to Cyderes to complete implementation:

  • Netskope Tenant Name - company specific tenant URL
  • Netskope API Key - the API key generated
  • Netskope Resources - which resources you would like to ingest (Alert, Audit, Page, Application)