Netskope Help

Manage Log Shipper Business Rules

Only an Admin can manage Log Shipper Business Rules.

Create Log Shipper Business Rules

Admins can create business rules to filter out the logs they want to ingest in their SIEM platforms. A default business rule with name All is provided out of the box which matches all the alerts and events.

  1. Go to Log Shipper > Business Rules.

  2. Click Create New Rule.

  3. Enter a rule name.

  4. Select or enter a query in the alert/event filter. At least one filter must be selected.

  5. Click Save.

Perform an Action on a Log Shipper Business Rule

Admins can manage all the business rules from a single place on the platform at the Business Rules page. Admin can edit the query for business rules, or delete the business rules from this page.

Delete a Log Shipper Business Rule

To delete a business rule, select the “trash” icon on the rule and confirm the action.