WebTX v2.0.0 Plugin for Log Shipper

WebTX v2.0.0 Plugin for Log Shipper

This document explains how to configure the WebTX Plugin on the Netskope Cloud Exchange platform. If Log Shipper needs to transmit Netskope web transaction logs to a third-party source, the Netskope WebTx plugin must be configured to extract those logs from Netskope.

Prerequisites

  • Event Streaming is enabled on the Netskope Tenant.
  • A Netskope Cloud Exchange tenant with the Log Shipper module already configured.
  • A Netskope Tenant must be configured in Cloud Exchange and the v2 token must have following endpoint access permissions:
    • /api/v2/events/token/transaction_events
    • /api/v2/events/metrics/transactionevents
  • Connectivity to the following hosts:
    • us-west1-pubsublite.googleapis.com (for US customers)
    • europe-west3-pubsublite.googleapis.com (for EU customers).
    • Alternatively, ensure Cloud Exchange can access *.googleapis.com (wildcard).
CE Version Compatibility

This plugin is compatible with all the supported Netskope CE 5.1.0.

WebTx Plugin Support

This plugin is used to pull WebTx data from Netskope Tenant. To access the plugin, you would need the Netskope Tenant.

Event Types No
Alert Types No
WebTx Yes
Permissions
  • Web Transactions v2 should be enabled on the Netskope tenant.
  • Permissions to generate a v2 token.
API Details

Current core architecture uses pubsublite SDK for pulling WebTx logs from Google PubSub.

Workflow

  1. Generate a v2 token.
  2. Configure Netskope WebTx Plugin.
  3. Configure a Third Party Plugin (WebTx v2 supported).
  4. Configure SIEM Mapping with Netskope WebTx Plugin as Source and Third Party Plugin as destination.

Click play to watch a video.

 

Generate a v2 Token

  1. In your Netskope tenant, go to Settings > Tools > REST API v2.
  2. Click New Token.
  3. Enter a Tenant Name.
  4. Enter an Expire time. Select from Day(s), Hour(s), Week(s), Year(s).
  5. Click Add Endpoint, select the Read privilege for the /api/v2/events/token/transaction_events and /api/v2/events/metrics/transactionevents endpoints. For more details, go to REST API Scopes.A screenshot of a computer

Description automatically generated
  6. Click Save.
  7. Copy the token. It will be required when configuring the Netskope Tenant plugin in Cloud Exchange. Go here to configure the Netskope Tenant plugin.

Configure the Netskope WebTx Plugin

  1. In Cloud Exchange, go to Settings > General and enable the Log Shipper module.
  2. In Settings, go to Plugins.
  3. Search for and select the Netskope WebTx plugin box.
  4. Enter a configuration name and select a Tenant.
  5. Click Next.
  6. Select Yes or No to Allow Empty Values in WebTx logs from the dropdown.
  7. Click Save.

Add a SIEM Mapping

In order to add SIEM Mappings, a third-party Log Shipper plugin, like Syslog, has to be configured before proceeding. You need both a source and destination plugin (configurations) to create the SIEM mapping.

  1. Go to Log Shipper > SIEM Mappings and click Add SIEM Mapping.
  2. Select the Source plugin (Netskope WebTx), Destination plugin (Syslog). The Business Rule will be disabled.
  3. Click Save.

After the SIEM mapping is added, the data will start getting parsed, transformed, and ingested into the syslog platform.

Validate the WebTx Plugin

Validate the Pull

To validate the pulling of WebTx from the Netskope tenant, go to the Logging in Cloud Exchange and search for the parsed logs.

Validate the Push

To validate the plugin workflow in Netskope Cloud Exchange.

  1. Go to Logging and search for ingested logs with the filter message contains ingested.
  2. The ingested logs will be filtered.

Troubleshooting the WebTx Plugin

Receiving Error While Configuring the WebTx plugin

Getting the error: Value error, The Netskope tenant API V2 token does not have the permissions configured. Refer to the list of endpoints for which the token is missing permission. **

Cause: The provided v2 token in the selected tenant does not have the minimum required permissions to configure the tenant in CE.

What to do:

Update the v2 token permissions and add the permissions for following endpoints if they are missing: /api/v2/events/token/transaction_events , /api/v2/events/metrics/transactionevents.

Share this Doc

WebTX v2.0.0 Plugin for Log Shipper

Or copy link

In this topic ...