WebTX v2.0.0 Plugin for Log Shipper
WebTX v2.0.0 Plugin for Log Shipper
This document explains how to configure the WebTX Plugin on the Netskope Cloud Exchange platform. If Log Shipper needs to transmit Netskope web transaction logs to a third-party source, the Netskope WebTx plugin must be configured to extract those logs from Netskope.
Prerequisites
- Event Streaming is enabled on the Netskope Tenant.
- A Netskope Cloud Exchange tenant with the Log Shipper module already configured.
- A Netskope Tenant must be configured in Cloud Exchange and the v2 token must have following endpoint access permissions:
- /api/v2/events/token/transaction_events
- /api/v2/events/metrics/transactionevents
- Connectivity to the following hosts:
- us-west1-pubsublite.googleapis.com (for US customers)
- europe-west3-pubsublite.googleapis.com (for EU customers).
- Alternatively, ensure Cloud Exchange can access *.googleapis.com (wildcard).
CE Version Compatibility
This plugin is compatible with all the supported Netskope CE 5.1.0.
WebTx Plugin Support
This plugin is used to pull WebTx data from Netskope Tenant. To access the plugin, you would need the Netskope Tenant.
Event Types | No |
Alert Types | No |
WebTx | Yes |
Permissions
- Web Transactions v2 should be enabled on the Netskope tenant.
- Permissions to generate a v2 token.
API Details
Current core architecture uses pubsublite SDK for pulling WebTx logs from Google PubSub.
Workflow
- Generate a v2 token.
- Configure Netskope WebTx Plugin.
- Configure a Third Party Plugin (WebTx v2 supported).
- Configure SIEM Mapping with Netskope WebTx Plugin as Source and Third Party Plugin as destination.
Click play to watch a video.
Generate a v2 Token
- In your Netskope tenant, go to Settings > Tools > REST API v2.
- Click New Token.
- Enter a Tenant Name.
- Enter an Expire time. Select from Day(s), Hour(s), Week(s), Year(s).
- Click Add Endpoint, select the Read privilege for the /api/v2/events/token/transaction_events and /api/v2/events/metrics/transactionevents endpoints. For more details, go to REST API Scopes.
- Click Save.
- Copy the token. It will be required when configuring the Netskope Tenant plugin in Cloud Exchange. Go here to configure the Netskope Tenant plugin.
Configure the Netskope WebTx Plugin
- In Cloud Exchange, go to Settings > General and enable the Log Shipper module.
- In Settings, go to Plugins.
- Search for and select the Netskope WebTx plugin box.
- Enter a configuration name and select a Tenant.
- Click Next.
- Select Yes or No to Allow Empty Values in WebTx logs from the dropdown.
- Click Save.
Add a SIEM Mapping
In order to add SIEM Mappings, a third-party Log Shipper plugin, like Syslog, has to be configured before proceeding. You need both a source and destination plugin (configurations) to create the SIEM mapping.
- Go to Log Shipper > SIEM Mappings and click Add SIEM Mapping.
- Select the Source plugin (Netskope WebTx), Destination plugin (Syslog). The Business Rule will be disabled.
- Click Save.
After the SIEM mapping is added, the data will start getting parsed, transformed, and ingested into the syslog platform.
Validate the WebTx Plugin
Validate the Pull
To validate the pulling of WebTx from the Netskope tenant, go to the Logging in Cloud Exchange and search for the parsed logs.
Validate the Push
To validate the plugin workflow in Netskope Cloud Exchange.
- Go to Logging and search for ingested logs with the filter message contains ingested.
- The ingested logs will be filtered.
Troubleshooting the WebTx Plugin
Receiving Error While Configuring the WebTx plugin
Getting the error: Value error, The Netskope tenant API V2 token does not have the permissions configured. Refer to the list of endpoints for which the token is missing permission. **
Cause: The provided v2 token in the selected tenant does not have the minimum required permissions to configure the tenant in CE.
What to do:
Update the v2 token permissions and add the permissions for following endpoints if they are missing: /api/v2/events/token/transaction_events , /api/v2/events/metrics/transactionevents.