Netskope Help

Microsoft CAS Plugin for Log Shipper

This document explains how to configure the Microsoft CAS integration with the Log Shipper module of the Netskope Cloud Exchange platform. This integration allows for forwarding Netskope generated events to Microsoft Cloud App Security for additional analysis and reporting.

Prerequisites

To complete this configuration, you need:

  • A Netskope Tenant (or multiple, for example, production and development/test instances).

  • A Netskope Cloud Exchange tenant with the Log Shipper module already configured.

  • A Microsoft CAS instance.

Workflow
  1. Configure the Microsoft CAS Data Source.

  2. Configure the Microsoft CAS plugin.

  3. Create Log Shipper Business Rules.

  4. Create Log Shipper SIEM mappings.

  5. Validate the plugin.

  1. Go to your Microsoft CAS instance at: https://<instance-name>.portal.cloudappsecurity.com/.

    image1.png
  2. Log in to your CAS instance.

    image2.png
  3. Click Settings and then click Log Collectors.

    image3.png
  4. Click Add data source.

    image4.png
  5. Enter a name and select Source and Receiver type, and then click Add.

    image5.png
  1. In Cloud Exchange, click Settings and then Plugins.

  2. Select the Microsoft Cloud App Security box to open the plugin creation dialog.

  3. Enter a Configuration Name.

  4. Select the valid Mapping. (Default Mappings for all plugins are available).

    image6.png
  5. Click Next.

    image7.png
  6. Enter the Portal URL, API Token, and Data Source. Enter valid extensions if you have other than the default one.

  7. Click Save.

    image8.png
  1. Go to Log Shipper > Business Rules.

    image9.png
  2. Click Create New Rule.

    image10.png
  3. Enter a Rule Name and select the filters to use.

  4. Click Save

    image11.png
  1. Go to Log Shipper > SIEM Mappings and click Add SIEM Mapping.

    image12.png
  2. Select a Source Configuration, Business Rule, and Destination Configuration.

  3. Click Save.

    image13.png

To validate the plugin workflow, you can check from Netskope Cloud Exchange and and your MCAS instance.

To validate from Netskope Cloud Exchange:

  1. Go to Logging.

    image14.png

To validate from the MCAS instance:

  1. Go to Setting Governance Log.

    image15.png