Skope IT Events & Alerts

About Skope IT Events & Alerts

Skope IT events and alerts track connections made in your network. To view Skope IT events and alerts, go to ​Skope IT​ > ​Events and Alerts​ in the Netskope UI to view Application Events, Endpoint Events, Page Events, About Network Events, and Alerts

The Audit and Infrastructure log pages are now located in Settings.  For Audit logs, go to Settings > Administration. For Infrastructure logs, go to Settings > Security Cloud Platform > On-Premises Infrastructure and scroll to the bottom of the page.
You can select from a wide range of time filter options. Your most recent time filter selection will be displayed when you revisit the page.

Types of Events and Alerts​

Event TypeInformation ProvidedData Sources
​Application Events​​Information related to mapped user activities or actions.​​Primarily generated by Real-time Protection and API-enabled Protection users.​
​Page Events​​Information related to the amount of bytes transferred for a connection.​​From the appliance for Risk Insights customers and certain Real-time Protection users activities will also generate page events.​
​Network Events​​​Information related to private apps and firewall traffic.​
​Network events are groups of fields representing L3 to L7 parameters with other relevant variables that help customers achieve deeper analysis on their network traffic. The main use cases are traffic monitoring, delated network troubleshooting and threat hunting. 
Endpoint EventsInformation related to your users and USB storage devices for policy violations.Netskope generates an alert for this event when events violate your device or content control policies.
Alerts ​Information related to specific risky behaviors​.Determined through threat protection, behavior analytics, or Netskope policy engines​.
Note: For a comprehensive list of queries supported for these individual event pages, please see the Skope IT Queries Library.

Mapping of Skope IT Events and Alerts to Netskope Products

Risk InsightsCASB APICASB InlineSWGCFWNPA
Application EventsLimited, not enough data to detect app activities.YesYesYesNoNo
Page EventsYesNoYesYesNoNo
Network EventsNoNoNoNoYesYes
AlertsLimitedYes, based on policyYes, based on policyYes, based on policy

Skope IT Events and Alerts Data Retention

Log retention time is the duration for which logs are stored and accessible for analysis or audit purposes. The following is a table of data retention periods:

Event TypeRetention Period (Days)Extension Period (Days)
Application Events90365
Page Events90365
Network Events – NPA30
Network Events – CFW30
Alerts90 365
Endpoint Events90365
The extension period is subject to the entitlement of the related log extension SKU.
Share this Doc

Skope IT Events & Alerts

Or copy link

In this topic ...