Skip to main content

Netskope Help

Manage Log Shipper Business Rules

Only an Admin can manage Log Shipper Business Rules.

Create Log Shipper Business Rules

Admins can create business rules to filter out the logs they want to ingest in their SIEM platforms. A default business rule with name All is provided out of the box which matches all the alerts and events.

  1. Go to Log Shipper > Business Rules.

  2. Click Create New Rule.

    image29.png
  3. Enter a rule name.

  4. Select or enter a query in the alert/event filter. At least one filter must be selected.

  5. Enter the folder name that you want to add it to, or you can select an existing folder. At max you can go up to 3 level of hierarchy.

  6. Click Save.

    image30.png
Perform an Action on a Log Shipper Business Rule

Admins can manage all the business rules from a single place on the platform on the Log Shipper Business Rules page. An Admin can clone or edit a business rule, or delete the business rule from this page in the Action column.

image31.png
Delete a Log Shipper Business Rule

To delete a business rule, select the Trash icon on the rule and confirm the action.

image32.png