Log Shipper Syslog Mapping

Log Shipper Syslog Mapping

Prerequisites

  • CloudExchange > 3.3
  • Basic Cloud Exchange setup (Netskope tenant API v1 and v2 setup)
  • Source Netskope plugin – Netskope Log Shipper or Netskope WebTx for Log Shipper
  • Destination Netskope plugin – Syslog v1.2.0

Supported Default Mappings

  • Syslog
  • Rapid7
  • QRadar
  • LogRythm
  • Microsoft Cloud App Security
  • Azure Sentinel
  • CSCC
  • Chronicle
  • Elastic
  • ArcSight
  • Microsoft Defender
  • ThirdPartyTrust
  • SolarWinds
  • AlienVault
  • Secureworks
  • Custom

Description

Cloud Exchange uses a mapping file to translate Netskope field names to third party field names. For example, Netskope has a label Source IP and our default mapping file translates it to src.

Click play to watch a video.

 

Select a Mapping

With our drop-down mapping files, you can pick which destination formation you would like to use. You can also edit or create a mapping file.

image1.png

Create/Edit a Mapping File

Cloud Exchange doesn’t allow you to edit a default mapping file. If you would like to make a change to a mapping file, select Create copy of this file under Action.

Go to Settings > Log Shipper > Mapping.

Note: You must be logged in as write-access user.

image2.png

After you give this new mapping file a name, edit the fields you would like to.

The Netskope Field selector lists all available fields coming from Netskope for Alerts, Events and WebTx logs. The Target Field is what it will be translated to.

image3.png
Share this Doc

Log Shipper Syslog Mapping

Or copy link

In this topic ...