cloud.netskope
Introduction
The tags beginning with cloud.netskope
identify events generated by Netskope.
Valid tags and data tablesÂ
The full tag must have 3 levels. The first two are fixed as cloud.netskope
. The third level identifies the type of events sent.
These are the valid tags and corresponding data tables that will receive the parsers' data:
Product / Service | Tags | Data tables |
---|---|---|
Netskope cloud |
|
|
For more information, read more About Devo tags.
Table structure
These are the fields displayed in this table:
cloud.netskope.events
Field | Type | Field transformation | Source field name | Extra fields |
---|---|---|---|---|
eventdate |
| Â | Â | Â |
timestamp |
| timestamp(timestamp__tmp * 1000) | timestamp__tmp | Â |
insertion_epoch_timestamp |
| timestamp(_insertion_epoch_timestamp__tmp * 1000) | _insertion_epoch_timestamp__tmp | Â |
type |
| Â | Â | Â |
traffic_type |
| Â | Â | Â |
category |
| Â | Â | Â |
appcategory |
| Â | Â | Â |
url |
| Â | Â | Â |
user |
| Â | Â | Â |
app_session_id |
| Â | Â | Â |
acked |
| Â | Â | Â |
alert_name |
| Â | Â | Â |
srcip |
| Â | Â | Â |
dstip |
| Â | Â | Â |
dstport |
| Â | Â | Â |
dsthost |
| Â | Â | Â |
client_bytes |
| Â | Â | Â |
server_bytes |
| Â | Â | Â |
user_id |
| Â | Â | Â |
act_user |
| Â | Â | Â |
owner |
| Â | Â | Â |
activity |
| Â | Â | Â |
shared_with |
| Â | Â | Â |
app |
| Â | Â | Â |
policy |
| Â | Â | Â |
shared_domains |
| Â | Â | Â |
action |
| Â | Â | Â |
file_path |
| Â | Â | Â |
browser |
| Â | Â | Â |
site |
| Â | Â | Â |
object |
| Â | Â | Â |
file_size |
| Â | Â | Â |
device |
| Â | Â | Â |
mime_type |
| Â | Â | Â |
alert |
| Â | Â | Â |
instance_id |
| Â | Â | Â |
app_activity |
| Â | Â | Â |
md5 |
| Â | Â | Â |
session_begin |
| Â | Â | Â |
scan_type |
| Â | Â | Â |
os |
| Â | Â | Â |
exposure |
| Â | Â | Â |
organization_unit |
| (organization_unit__tmp = "") ? null('') : organization_unit__tmp | organization_unit__tmp | Â |
file_type |
| Â | Â | Â |
userkey |
| Â | Â | Â |
ns_activity |
| Â | Â | Â |
access_method |
| Â | Â | Â |
status |
| Â | Â | Â |
msg |
| msg__tmp | Â | |
object_id |
| Â | Â | Â |
id |
| Â | Â | Â |
modified |
| Â | Â | Â |
object_type |
| Â | Â | Â |
cci |
| Â | Â | Â |
suppression_key |
| Â | Â | Â |
ccl |
| Â | Â | Â |
alert_type |
| Â | Â | Â |
file_lang |
| Â | Â | Â |
instance |
| Â | Â | Â |
dlp_incident_id |
| Â | Â | Â |
dlp_rule_severity |
| Â | Â | Â |
dlp_rule_count |
| Â | Â | Â |
dlp_parent_id |
| Â | Â | Â |
dlp_profile |
| Â | Â | Â |
dlp_rule |
| Â | Â | Â |
dlp_file |
| Â | Â | Â |
count |
| Â | Â | Â |
from_user |
| Â | Â | Â |
aggregated_user |
| Â | Â | Â |
req_cnt |
| Â | Â | Â |
serial |
| Â | Â | Â |
fromlogs |
| Â | Â | Â |
numbytes |
| Â | Â | Â |
resp_cnt |
| Â | Â | Â |
log_file_name |
| Â | Â | Â |
useragent |
| Â | Â | Â |
page_duration |
| Â | Â | Â |
netskope_activity |
| Â | Â | Â |
other_categories |
| Â | Â | Â |
src_geoip_src |
| Â | Â | Â |
ur_normalized |
| Â | Â | Â |
user_category |
| Â | Â | Â |
user_name |
| Â | Â | Â |
user_role |
| Â | Â | Â |
userip |
| Â | Â | Â |
collaborated |
| Â | Â | Â |
internal_collaborator_count |
| Â | Â | Â |
request_id |
| Â | Â | Â |
sha256 |
| Â | Â | Â |
title |
| Â | Â | Â |
total_collaborator_count |
| Â | Â | Â |
true_obj_category |
| Â | Â | Â |
true_obj_type |
| Â | Â | Â |
suppression_start_time |
| suppression_start_time__tmp | Â | |
suppression_end_time |
| suppression_end_time__tmp | Â | |
src_latitude |
| src_latitude_tmp | Â | |
src_longitude |
| src_longitude_tmp | Â | |
dst_latitude |
| dst_latitude_tmp | Â | |
dst_longitude |
| dst_longitude_tmp | Â | |
src_location |
| Â | Â | Â |
src_country |
| Â | Â | Â |
src_zipcode |
| Â | Â | Â |
src_region |
| Â | Â | Â |
dst_location |
| Â | Â | Â |
dst_country |
| Â | Â | Â |
dst_zipcode |
| Â | Â | Â |
dst_region |
| Â | Â | Â |
web_url |
| Â | Â | Â |
org |
| Â | Â | Â |
message |
| Â | Â | Â |
hostchain |
|  |  | ✓ |
tag |
|  |  | ✓ |
rawMessage |
|  | rawSource | ✓ |