Skope IT Events & Alerts
About Skope IT Events & Alerts
Skope IT events and alerts track connections made in your network. To view Skope IT events and alerts, go to Skope IT > Events and Alerts in the Netskope UI to view Application Events, Endpoint Events, Page Events, About Network Events, and Alerts.
The Audit and Infrastructure log pages are now located in Settings. For Audit logs, go to Settings > Administration. For Infrastructure logs, go to Settings > Security Cloud Platform > On-Premises Infrastructure and scroll to the bottom of the page.
You can select from a wide range of time filter options. Your most recent time filter selection will be displayed when you revisit the page.
Types of Events and Alerts
| Event Type | Information Provided | Data Sources |
| Application Events | Information related to mapped user activities or actions. | Primarily generated by Real-time Protection and API-enabled Protection users. |
| Page Events | Information related to the amount of bytes transferred for a connection. | From the appliance for Risk Insights customers and certain Real-time Protection users activities will also generate page events. |
| Network Events | Information related to private apps and firewall traffic. | Network events are groups of fields representing L3 to L7 parameters with other relevant variables that help customers achieve deeper analysis on their network traffic. The main use cases are traffic monitoring, delated network troubleshooting and threat hunting. |
| Endpoint Events | Information related to your users and USB storage devices for policy violations. | Netskope generates an alert for this event when events violate your device or content control policies. |
| Alerts | Information related to specific risky behaviors. | Determined through threat protection, behavior analytics, or Netskope policy engines. |
Note: For a comprehensive list of queries supported for these individual event pages, please see the Skope IT Queries Library.
Mapping of Skope IT Events and Alerts to Netskope Products
| Risk Insights | CASB API | CASB Inline | SWG | CFW | NPA | |
| Application Events | Limited, not enough data to detect app activities. | Yes | Yes | Yes | No | No |
| Page Events | Yes | No | Yes | Yes | No | No |
| Network Events | No | No | No | No | Yes | Yes |
| Alerts | Limited | Yes, based on policy | Yes, based on policy | Yes, based on policy |
Skope IT Events and Alerts Data Retention
Log retention time is the duration for which logs are stored and accessible for analysis or audit purposes. The following event types are retained:
-
Application Events
-
Page Events
-
Network Events – Netskope Private Access (NPA)
-
Network Events – Cloud Firewall (CFW)
-
Alerts
-
Endpoint Events
The following table lists the retention and extension periods.
| Data Collection | Skope IT3 | Reports | Extended Data Retention (Skope IT and Reports) | Netskope Advanced Analytics2 |
|---|---|---|---|---|
| Application Events | 90 | 90 | 3651 | 7 days to 13 months |
| Page Events | 90 | 90 | 3651 | 7 days to 13 months |
| Network Events for Private Access | 30 | 30 | 30 | 7 days to 13 months |
| Network Events for Cloud Firewall | 30 | 30 | 30 | 7 days to 13 months |
| Alerts | 90 | 90 | 3651 | 7 days to 13 months |
| Endpoint Events | 90 | N/A | 3651 | 7 days to 13 months |
| Audit Logs3 | 90 | N/A | 3651 | N/A |
| DLP Incidents3 | 90 | N/A | 3651 | 7 days to 13 months |
| Web Transaction Logs | N/A | N/A | N/A | 7 days to 13 months |
| Device (Client Event Data) | N/A | N/A | 365 | 7 days to 13 months |
| SSPM4 | N/A | N/A | N/A | Latest Scan Results |
| 1 :: Netskope Standard Reporting Extended Data Retention extends data retention in accounts from 90 days to 1 year to allow you to run queries on a larger data set. Netskope does not offer CFW, NPA, and Transaction Event Logs extended storage in Skope IT / Reports. Bet practice is to purchase transaction events streaming service to stream the logs to the storage of your choice. | ||||
| 2 :: Netskope Advanced Analytics storage is based on data usage and supports data collections listed in the Netskope Advanced Analytics column. | ||||
| 3 :: DLP Incidents is visible in the 'Incidents' section of the Admin UI. Audit logs can be found in the Admin settings page. Extended data retention for these two data collections are also available. | ||||
| 4 :: 'SSPM Evaluation Results' shows the latest scan results based on query run date or dashboard load. | ||||
To learn more: Data Retention
