Configure Log Shipper SIEM Mappings
Configure Log Shipper SIEM Mappings
A write-access user can configure SIEM mappings to ingest the events and alerts from a Netskope tenant into their SIEM platform. A write-access user should configure Netskope and SIEM destination plugin, and also configure a business rule if they plan to ingest only selective alerts and events.
- Go to Log Shipper > SIEM Mappings.
Here, Total Logs Sent and Total WebTx Sent will indicate the number of logs/webtx getting ingested to Destination Configuration. Count will be based on the Destination Configuration.
- Click Add SIEM Mapping.
- Select a Source Configuration, Destination Configuration and Business Rule.
- Click Save.
Note
As soon as the SIEM mapping is saved, Cloud Exchange will do a historical pull for events (default period: 1 hour) and alerts (default period: 7 days).
- To get historical pull data, click the Pull Historial Data icon from the SIEM mapping actions.
- Select Historical From – To date with date time from calender and click on Pull.
Now all the incoming alerts and events with historical data should be ingested into your destination configuration.