Log Shipper Syslog Mapping
Log Shipper Syslog Mapping
Prerequisites
- CloudExchange > 3.3
- Basic Cloud Exchange setup (Netskope tenant API v1 and v2 setup)
- Source Netskope plugin – Netskope Log Shipper or Netskope WebTx for Log Shipper
- Destination Netskope plugin – Syslog v1.2.0
Supported Default Mappings
- Syslog
- Rapid7
- QRadar
- LogRythm
- Microsoft Cloud App Security
- Azure Sentinel
- CSCC
- Chronicle
- Elastic
- ArcSight
- Microsoft Defender
- ThirdPartyTrust
- SolarWinds
- AlienVault
- Secureworks
- Custom
Description
Cloud Exchange uses a mapping file to translate Netskope field names to third party field names. For example, Netskope has a label Source IP and our default mapping file translates it to src.
Click play to watch a video.
Select a Mapping
With our drop-down mapping files, you can pick which destination formation you would like to use. You can also edit or create a mapping file.
Create/Edit a Mapping File
Cloud Exchange doesn’t allow you to edit a default mapping file. If you would like to make a change to a mapping file, select Create copy of this file under Action.
Go to Settings > Log Shipper > Mapping.
Note: You must be logged in as write-access user.
After you give this new mapping file a name, edit the fields you would like to.
The Netskope Field selector lists all available fields coming from Netskope for Alerts, Events and WebTx logs. The Target Field is what it will be translated to.