Document toolboxDocument toolbox

cloud.netskope

Introduction

The tags beginning with cloud.netskope identify events generated by Netskope.

Valid tags and data tables 

The full tag must have 3 levels. The first two are fixed as cloud.netskope. The third level identifies the type of events sent.

These are the valid tags and corresponding data tables that will receive the parsers' data:

Product / Service

Tags

Data tables

Product / Service

Tags

Data tables

Netskope cloud

cloud.netskope.events

cloud.netskope.events

For more information, read more About Devo tags.

Table structure

These are the fields displayed in this table:

cloud.netskope.events

Field

Type

Field transformation

Source field name

Extra fields

Field

Type

Field transformation

Source field name

Extra fields

eventdate

timestamp

 

 

 

timestamp

timestamp

timestamp(timestamp__tmp * 1000)

timestamp__tmp

 

insertion_epoch_timestamp

timestamp

timestamp(_insertion_epoch_timestamp__tmp * 1000)

_insertion_epoch_timestamp__tmp

 

type

str

 

 

 

traffic_type

str

 

 

 

category

str

 

 

 

appcategory

str

 

 

 

url

str

 

 

 

user

str

 

 

 

app_session_id

str

 

 

 

acked

str

 

 

 

alert_name

str

 

 

 

srcip

ip4

 

 

 

dstip

ip4

 

 

 

dstport

int4

 

 

 

dsthost

str

 

 

 

client_bytes

int8

 

 

 

server_bytes

int8

 

 

 

user_id

str

 

 

 

act_user

str

 

 

 

owner

str

 

 

 

activity

str

 

 

 

shared_with

str

 

 

 

app

str

 

 

 

policy

str

 

 

 

shared_domains

str

 

 

 

action

str

 

 

 

file_path

str

 

 

 

browser

str

 

 

 

site

str

 

 

 

object

str

 

 

 

file_size

int8

 

 

 

device

str

 

 

 

mime_type

str

 

 

 

alert

str

 

 

 

instance_id

str

 

 

 

app_activity

str

 

 

 

md5

str

 

 

 

session_begin

int4

 

 

 

scan_type

str

 

 

 

os

str

 

 

 

exposure

str

 

 

 

organization_unit

str

(organization_unit__tmp = "") ? null('') : organization_unit__tmp

organization_unit__tmp

 

file_type

str

 

 

 

userkey

str

 

 

 

ns_activity

str

 

 

 

access_method

str

 

 

 

status

str

 

 

 

msg

str

msg__tmp

 

object_id

str

 

 

 

id

str

 

 

 

modified

str

 

 

 

object_type

str

 

 

 

cci

int4

 

 

 

suppression_key

str

 

 

 

ccl

str

 

 

 

alert_type

str

 

 

 

file_lang

str

 

 

 

instance

str

 

 

 

dlp_incident_id

str

 

 

 

dlp_rule_severity

str

 

 

 

dlp_rule_count

int4

 

 

 

dlp_parent_id

str

 

 

 

dlp_profile

str

 

 

 

dlp_rule

str

 

 

 

dlp_file

str

 

 

 

count

int4

 

 

 

from_user

str

 

 

 

aggregated_user

str

 

 

 

req_cnt

int4

 

 

 

serial

str

 

 

 

fromlogs

str

 

 

 

numbytes

int8

 

 

 

resp_cnt

int4

 

 

 

log_file_name

str

 

 

 

useragent

str

 

 

 

page_duration

int4

 

 

 

netskope_activity

str

 

 

 

other_categories

str

 

 

 

src_geoip_src

int4

 

 

 

ur_normalized

str

 

 

 

user_category

str

 

 

 

user_name

str

 

 

 

user_role

str

 

 

 

userip

ip4

 

 

 

collaborated

str

 

 

 

internal_collaborator_count

int4

 

 

 

request_id

int8

 

 

 

sha256

str

 

 

 

title

str

 

 

 

total_collaborator_count

int4

 

 

 

true_obj_category

str

 

 

 

true_obj_type

str

 

 

 

suppression_start_time

timestamp

suppression_start_time__tmp

 

suppression_end_time

timestamp

suppression_end_time__tmp

 

src_latitude

float8

src_latitude_tmp

 

src_longitude

float8

src_longitude_tmp

 

dst_latitude

float8

dst_latitude_tmp

 

dst_longitude

float8

dst_longitude_tmp

 

src_location

str

 

 

 

src_country

str

 

 

 

src_zipcode

str

 

 

 

src_region

str

 

 

 

dst_location

str

 

 

 

dst_country

str

 

 

 

dst_zipcode

str

 

 

 

dst_region

str

 

 

 

web_url

str

 

 

 

org

str

 

 

 

message

str

 

 

 

hostchain

str

 

 

✓

tag

str

 

 

✓

rawMessage

str

 

rawSource

✓