WebTx Plugin for Log Shipper

WebTx Plugin for Log Shipper

This document explains how to configure the WebTX Plugin for the Log Shipper module on the Netskope Cloud Exchange platform. If Log Shipper needs to transmit web transaction logs to a 3rd-party source, the Netskope WebTx plugin must be configured to extract those logs from Netskope.

Log Shipper does not filter on specific fields contained in the Web Transaction logs. Refer to Transaction Event Fields for more information. There are no options to select fields in the WebTx plugin configuration parameters. All logs will be sent to the destination configured in the SIEM mapping.


You need to have Web Transactions v2 enabled on your Netskope tenant (if not, contact your CSM to get this feature enabled). Refer to Transaction Events for more information.


To complete this configuration, you need:

WebTx v2 Supported Plugins (aka Event Streaming)
  • Syslog v2.0 (CEF, JSON)
  • AlienVault v2.0 (CEF, JSON)
  • Arcsight v2.0 (CEF, JSON)
  • Azure Sentinel v2.0 (JSON)
  • IBM Qradar v2.0 (CEF, JSON)
  • LogRhythm v2.0 (CEF, JSON)
  • Rapid7 v2.0 (CEF, JSON)
  • Solarwinds v2.0 (CEF, JSON)
  • Azure Storage (tar.gz)
  • AWS Storage (tar.gz)
  • Google Cloud Storage (tar.gz)
CE Version Compatibility

This plugin is compatible with all the supported Netskope CE Versions.

WebTx Plugin Support

This plugin is used to pull WebTx data from the Netskope Tenant. 

Event Types No
Alert Types No
WebTx Yes

Web Transactions v2 should be enabled on the Netskope tenant.

API Details

Current core architecture uses pubsublite SDK for pulling WebTx logs from Google PubSub.


  1. Get your Event Streaming info from your Netskope tenant.
  2. Configure the Log Shipper WebTx plugin.
  3. Configure a supported WebTx v2 plugin.
  4. Configure SIEM Mappings for WebTX.

Get Event Streaming Information

  1. Log in to your Netskope tenant and go to Settings > Tools > Event Streaming.
  2. Copy the Subscription Endpoint.
  3. Click Generate and Download Key to get a Subscription Key.

Configure the WebTx Plugin

  1. In Cloud Exchange, go to Settings > General and enable the Log Shipper module.
  2. Go to Log Shipper and click Plugins > Configure New Plugin.
  3. Search for and select the Netskope WebTx box to open the plugin creation pages.
  4. For Basic Information, enter a Configuration Name.
  5. Click Next.
  6. For Configuration Parameters, enter your Subscription Key and Subscription Endpoint, and then click Save.

Configure Log Shipper SIEM Mappings for the WebTx Plugin

  1. Go to Log Shipper > SIEM Mappings.
  2. Click Add SIEM Mapping.
  3. Select your Netskope WebTx plugin as the source.
  4. Select your Syslog plugin as the destination.
  5. Click Save.

After the SIEM mapping is added, the data will start getting parsed, transformed, and ingested into the syslog platform.

Validate the WebTx Plugin

Validate the Pull

To validate the pulling of WebTx from the Netskope tenant.

  1. Go to the Logging and search for the parsed logs.

Validate the Push

To validate the plugin workflow on Netskope Cloud Exchange.

  1. Go to Logging and search for ingested logs with the filter message contains ingested.
  2. The ingested logs will be filtered.
Share this Doc

WebTx Plugin for Log Shipper

Or copy link

In this topic ...