Netskope Help

Azure Storage Plugin for Log Shipper

This document explains how to configure Azure Cloud Storage with the Log Shipper module of the Netskope Cloud Exchange platform. This integration allows pushing the data and creating blobs inside the container in Azure Blob Storage.

Prerequisites

To complete this configuration, you need:

  • A Netskope Tenant (or multiple, for example, production and development/test instances).

  • A Netskope Cloud Exchange tenant with the Log Shipper module already configured.

  • An Azure Cloud instance.

Workflow
  1. Configure an Azure Cloud account.

  2. Configure the Azure Cloud Storage plugin.

  3. Configure Log Shipper SIEM mappings.

  4. Validate the plugin.

  1. Go to your Azure instance https://portal.azure.com/.

    image1.png
  2. Log in to your Azure Cloud instance.

    image2.png
  3. Click on Storage Accounts, Click + Create and provide a unique Storage Account name, and then click on Review + Create. Shortly, a Storage Account will be created and deployment will be completed.

  4. Click on Home, and go to Storage Accounts, Search for your storage account.

  5. In the left pane, under Security + networking, click on Access Keys and copy the connection string, it will be required when configuring the Azure Cloud plugin.

    image3.png
  1. Go to Settings and click Plugins.

  2. Select the Azure Cloud Storage box to open the plugin creation dialog.

  3. Enter a Configuration Name.

    image4.png
  4. Click Next.

    image5.png
  5. Enter your Azure Connection String, Container Name, Object Prefix, Minimum File Size, and Minimum Duration.

    • Container names must start with a letter or number, and can contain only letters, numbers, and the dash character.

    • Every dash character must be immediately preceded and followed by a letter or number; consecutive dashes are not permitted in container names.

    • All letters in a container name must be lowercase.

    • Container names must be from 3 through 63 characters long.

  6. Click Save.

    image6.png
  1. Go to Log Shipper, click SIEM Mappings and then Add SIEM Mapping.

    image8.png
  2. Select Source Configuration, and Destination Configuration.

  3. Click Save.

    image9.png

In order to validate the configuration, you must have Azure instance and/or SIEM mappings.

To validate from Netskope Cloud Exchange:

  • Go to Logging. Logs will be seen regarding File name and data ingested into Azure.

image10.png

To validate Azure Storage Plugin:

  1. In your Azure instance From Storage accounts.

  2. Go to Storage Accounts and search your storage account from the list.

  3. In the left pane, under Data Storage, click on Containers. The container name which has been given while configuring the plugin would be seen in the list. If the Container has already been there, files will be appended, else a new Container would be created and then files will be pushed.

    image11.png
  4. Click on a Container Name and files pushed into Azure will be seen, and by clicking on the file, the Download option appears to view the content locally.

    image13.png