Skope IT Events & Alerts
About Skope IT Events & Alerts
Skope IT events and alerts track connections made in your network. To view Skope IT events and alerts, go to Skope IT > Events and Alerts in the Netskope UI to view Application Events, Endpoint Events, Page Events, About Network Events, and Alerts.
The Audit and Infrastructure log pages are now located in Settings. For Audit logs, go to Settings > Administration. For Infrastructure logs, go to Settings > Security Cloud Platform > On-Premises Infrastructure and scroll to the bottom of the page.
You can select from a wide range of time filter options. Your most recent time filter selection will be displayed when you revisit the page.
Types of Events and Alerts
Event Type | Information Provided | Data Sources |
Application Events | Information related to mapped user activities or actions. | Primarily generated by Real-time Protection and API-enabled Protection users. |
Page Events | Information related to the amount of bytes transferred for a connection. | From the appliance for Risk Insights customers and certain Real-time Protection users activities will also generate page events. |
Network Events | Information related to private apps and firewall traffic. | Network events are groups of fields representing L3 to L7 parameters with other relevant variables that help customers achieve deeper analysis on their network traffic. The main use cases are traffic monitoring, delated network troubleshooting and threat hunting. |
Endpoint Events | Information related to your users and USB storage devices for policy violations. | Netskope generates an alert for this event when events violate your device or content control policies. |
Alerts | Information related to specific risky behaviors. | Determined through threat protection, behavior analytics, or Netskope policy engines. |
Note: For a comprehensive list of queries supported for these individual event pages, please see the Skope IT Queries Library.
Mapping of Skope IT Events and Alerts to Netskope Products
Risk Insights | CASB API | CASB Inline | SWG | CFW | NPA | |
Application Events | Limited, not enough data to detect app activities. | Yes | Yes | Yes | No | No |
Page Events | Yes | No | Yes | Yes | No | No |
Network Events | No | No | No | No | Yes | Yes |
Alerts | Limited | Yes, based on policy | Yes, based on policy | Yes, based on policy |
Skope IT Events and Alerts Data Retention
Log retention time is the duration for which logs are stored and accessible for analysis or audit purposes. The following is a table of data retention periods:
Event Type | Retention Period (Days) | Extension Period (Days) |
Application Events | 90 | 365 |
Page Events | 90 | 365 |
Network Events – NPA | 30 | – |
Network Events – CFW | 30 | – |
Alerts | 90 | 365 |
Endpoint Events | 90 | 365 |
The extension period is subject to the entitlement of the related log extension SKU.