netskope/casb
Vendor | Netskope, Inc. |
Author | CrowdStrike |
Version | 0.2.0 |
Minimum LogScale Version | 1.20.0 |
The Netskope CASB package can be used to parse incoming syslog CEF Logs from Netskope and then visualize the data using the dashboards provided.
Package Prerequisites
Netskope
Netskope Logshipper plugin
Log Ingest token assigned to netskope-casb parser
Setup and Installation
Create a new Log Shipper in Netskope and configure it with your Log Receiver's IP address and TCP/UDP port. During configuration, select all fields and values. Next, configure SIEM mappings as described here. Install the Falcon Log Collector.
The HEC Log Shipper will forward all events to your LogScale repository. You can use logshipper.log to debug should any problems arise. Logshipper also sends logs retroactively, so it will send all logs that already exist to your LogScale instance.
Installing the Package in LogScale
Find the repository where you want to send the Netskope Reveal X data, or create a new one.
Navigate to your repository in the LogScale interface, click Settings and then on the left.
Click
and install the LogScale package for Netskope (i.e. netskope/casb).When the package has finished installing, click
on the left (still under the ).In the right panel, click
to create a new token. Give the token an appropriate name (e.g. the name of the server the token is ingesting logs for).Before leaving this page, view the ingest token and copy it to your clipboard — to save it temporarily elsewhere.
Now that you have a repository set up in LogScale along with an ingest token you're ready to send logs to LogScale.