Netskope Help

Filter Data Sources

The Netskope tenant UI has an additional filter to help you narrow down what's displayed on all the primary pages based on the access method. Access method shows how the cloud app traffic was discovered in the Netskope Cloud. This could be Netskope Client, Secure Forwarder, iOS VPN (Mobile Profile), Network devices (for log uploads), and so on.

Navigate to Settings > General > Data Source > EDIT SOURCE and then select the data source to look for events specifically generated from these sources.

The following table is a sample of data sources. Your list may vary depending on your specific tenant set up.

Data Source

Definition

All Data Sources

Select this radio button to enable all the data sources to collect events generated from all available data sources.

Reverse Proxy

Events generated through Netskope's reverse proxy. Supported third party vendors include: Okta, Ping, ADFS, and OneLogin.

Client

Events generated through the Netskope client installed on your user end points.

proxysg

Events generated through Symantec's secure web gateway.

Secure Forwarder

Events generated from Netskope's secure forwarder (software which encrypts and securely forwards events from on-premises devices to the Netskope secure cloud).

May be associated with a Netskope appliance if you have them installed in your system.

In addition, secure forwarder is one of the four modes by which Netskope's virtual appliance operates.

Explicit Proxy

The Netskope proxy receives events from other web filters such as Blue Coat or Websense.

Local Proxy

The Netskope proxy receives events from DP on-premises (inside the corporate firewall).

Mobile Profile

Events generated through an MDM. Netskope supports the following types of MDM: MobileIron Cloud, MobileIron Core, AirWatch, Intune, and XenMobile.

McAfee

Events generated from the Mcafee Web GW log collector.

GRE

Events generated through a GRE tunneling protocol.

A GRE capable router, like Cisco or Juniper, encapsulates a payload packet inside a GRE packet, which it then encapsulates in a transport protocol, such as IP.

proxysg-http-main

Events generated through Symantec's secure web gateway HTTP main logs.

API Connector

Events generated through API Data Protection. This list will vary based on your specific set up. Log in to your tenant and click API Data Protection for your list.

asa

Events generated from Cisco-ASA log collector. Netskope supports log formats asa and asa-syslog.

custom-CEF_Parser1

Any custom parser you created that is tenant specific appears with 'custom-' as a prefix to the parser name you provide. Typically, this is Risk Insights (OPLP) traffic.

custom-CEF_Parser2

Any custom parser you created that is tenant specific appears with 'custom-' as a prefix to the parser name you provide. Typically, this is Risk Insights (OPLP) traffic.

panw

Events generated from Palo Alto Networks log files.

websense

Events generated from Websense (Forcepoint) web proxy.