Filter Data Sources

Filter Data Sources

The Netskope tenant UI has an additional filter to help you narrow down what’s displayed on all the primary pages based on the access method. Access method shows how the cloud app traffic was discovered in the Netskope Cloud. This could be Netskope Client, Secure Forwarder, iOS VPN (Mobile Profile), Network devices (for log uploads), and so on.

Navigate to Settings > General > Data Source > EDIT SOURCE and then select the data source to look for events specifically generated from these sources.

The following table is a sample of data sources. Your list may vary depending on your specific tenant set up.

Data SourceDefinition
All Data SourcesSelect this radio button to enable all the data sources to collect events generated from all available data sources.
Reverse ProxyEvents generated through Netskope’s reverse proxy. Supported third party vendors include: Okta, Ping, ADFS, and OneLogin.
ClientEvents generated through the Netskope client installed on your user end points.
proxysgEvents generated through Symantec’s secure web gateway.
Secure ForwarderEvents generated from Netskope’s secure forwarder (software which encrypts and securely forwards events from on-premises devices to the Netskope secure cloud).

May be associated with a Netskope appliance if you have them installed in your system.

In addition, secure forwarder is one of the four modes by which Netskope’s virtual appliance operates.

Explicit ProxyThe Netskope proxy receives events from other web filters such as Blue Coat or Websense.
Local ProxyThe Netskope proxy receives events from DP on-premises (inside the corporate firewall).
Mobile ProfileEvents generated through an MDM. Netskope supports the following types of MDM: MobileIron Cloud, MobileIron Core, AirWatch, Intune, and XenMobile.
McAfeeEvents generated from the Mcafee Web GW log collector.
GREEvents generated through a GRE tunneling protocol.

A GRE capable router, like Cisco or Juniper, encapsulates a payload packet inside a GRE packet, which it then encapsulates in a transport protocol, such as IP.

proxysg-http-mainEvents generated through Symantec’s secure web gateway HTTP main logs.
API ConnectorEvents generated through API Data Protection. This list will vary based on your specific set up. Log in to your tenant and click API Data Protection for your list.
asaEvents generated from Cisco-ASA log collector. Netskope supports log formats asa and asa-syslog.
custom-CEF_Parser1Any custom parser you created that is tenant specific appears with ‘custom-‘ as a prefix to the parser name you provide. Typically, this is Risk Insights (OPLP) traffic.
custom-CEF_Parser2Any custom parser you created that is tenant specific appears with ‘custom-‘ as a prefix to the parser name you provide. Typically, this is Risk Insights (OPLP) traffic.
panwEvents generated from Palo Alto Networks log files.
websenseEvents generated from Websense (Forcepoint) web proxy.
Share this Doc

Filter Data Sources

Or copy link

In this topic ...