Configure Log Shipper SIEM Mappings

Configure Log Shipper SIEM Mappings

A write-access user can configure SIEM mappings to ingest the events and alerts from a Netskope tenant into their SIEM platform. A write-access user should configure Netskope and SIEM destination plugin, and also configure a business rule if they plan to ingest only selective alerts and events.

  1. Go to Log Shipper > SIEM Mappings.
    image33.png

    Here, Total Logs Sent and Total WebTx Sent will indicate the number of logs/webtx getting ingested to Destination Configuration. Count will be based on the Destination Configuration.

  2. Click Add SIEM Mapping.
  3. Select a Source Configuration, Destination Configuration and Business Rule.
    image34.png
  4. Click Save.

    Note

    As soon as the SIEM mapping is saved, Cloud Exchange will do a historical pull for events (default period: 1 hour) and alerts (default period: 7 days).

  5. To get historical pull data, click the Pull Historial Data icon from the SIEM mapping actions.
    LS-Pull-Historical-Data.png
  6. Select Historical From – To date with date time from calender and click on Pull.
    LS-Pull-Historical-Data-Options.png

Now all the incoming alerts and events with historical data should be ingested into your destination configuration.

Share this Doc

Configure Log Shipper SIEM Mappings

Or copy link

In this topic ...