Configure Log Shipper SIEM Mappings

Configure Log Shipper SIEM Mappings

A write-access user can configure SIEM mappings to ingest the events and alerts from a Netskope tenant into their SIEM platform. A write-access user should configure Netskope and SIEM destination plugin, and also configure a business rule if they plan to ingest only selective alerts and events.

  1. Go to Log Shipper > SIEM Mappings.

    Here, Total Logs Sent and Total WebTx Sent will indicate the number of logs/webtx getting ingested to Destination Configuration. Count will be based on the Destination Configuration.

  2. Click Add SIEM Mapping.
  3. Select a Source Configuration, Destination Configuration and Business Rule.
  4. Click Save.
  5. To get historical pull data, click the Pull Historial Data icon from the SIEM mapping actions.
  6. Select Historical From – To date with date time from calender and click on Pull.

Now all the incoming alerts and events with historical data should be ingested into your destination configuration.

Share this Doc
In this topic ...