cloud.netskope

[ 1 Introduction ] [ 2 Valid tags and data tables ] [ 3 Table structure ]

Introduction

The tags beginning with cloud.netskope identify events generated by Netskope.

Valid tags and data tables

The full tag must have 3 levels. The first two are fixed as cloud.netskope. The third level identifies the type of events sent.

These are the valid tags and corresponding data tables that will receive the parsers' data:

Product / Service	Tags	Data tables

Product / Service	Tags	Data tables
Netskope cloud	`cloud.netskope.events`	`cloud.netskope.events`

For more information, read more About Devo tags.

Table structure

These are the fields displayed in this table:

cloud.netskope.events

Field	Type	Field transformation	Source field name	Extra fields

Field	Type	Field transformation	Source field name	Extra fields
eventdate	`timestamp`
timestamp	`timestamp`	`timestamp(timestamp__tmp * 1000)`	timestamp__tmp
insertion_epoch_timestamp	`timestamp`	`timestamp(_insertion_epoch_timestamp__tmp * 1000)`	_insertion_epoch_timestamp__tmp
type	`str`
traffic_type	`str`
category	`str`
appcategory	`str`
url	`str`
user	`str`
app_session_id	`str`
acked	`str`
alert_name	`str`
srcip	`ip4`
dstip	`ip4`
dstport	`int4`
dsthost	`str`
client_bytes	`int8`
server_bytes	`int8`
user_id	`str`
act_user	`str`
owner	`str`
activity	`str`
shared_with	`str`
app	`str`
policy	`str`
shared_domains	`str`
action	`str`
file_path	`str`
browser	`str`
site	`str`
object	`str`
file_size	`int8`
device	`str`
mime_type	`str`
alert	`str`
instance_id	`str`
app_activity	`str`
md5	`str`
session_begin	`int4`
scan_type	`str`
os	`str`
exposure	`str`
organization_unit	`str`	`(organization_unit__tmp = "") ? null('') : organization_unit__tmp`	organization_unit__tmp
file_type	`str`
userkey	`str`
ns_activity	`str`
access_method	`str`
status	`str`
msg	`str`		msg__tmp
object_id	`str`
id	`str`
modified	`str`
object_type	`str`
cci	`int4`
suppression_key	`str`
ccl	`str`
alert_type	`str`
file_lang	`str`
instance	`str`
dlp_incident_id	`str`
dlp_rule_severity	`str`
dlp_rule_count	`int4`
dlp_parent_id	`str`
dlp_profile	`str`
dlp_rule	`str`
dlp_file	`str`
count	`int4`
from_user	`str`
aggregated_user	`str`
req_cnt	`int4`
serial	`str`
fromlogs	`str`
numbytes	`int8`
resp_cnt	`int4`
log_file_name	`str`
useragent	`str`
page_duration	`int4`
netskope_activity	`str`
other_categories	`str`
src_geoip_src	`int4`
ur_normalized	`str`
user_category	`str`
user_name	`str`
user_role	`str`
userip	`ip4`
collaborated	`str`
internal_collaborator_count	`int4`
request_id	`int8`
sha256	`str`
title	`str`
total_collaborator_count	`int4`
true_obj_category	`str`
true_obj_type	`str`
suppression_start_time	`timestamp`		suppression_start_time__tmp
suppression_end_time	`timestamp`		suppression_end_time__tmp
src_latitude	`float8`		src_latitude_tmp
src_longitude	`float8`		src_longitude_tmp
dst_latitude	`float8`		dst_latitude_tmp
dst_longitude	`float8`		dst_longitude_tmp
src_location	`str`
src_country	`str`
src_zipcode	`str`
src_region	`str`
dst_location	`str`
dst_country	`str`
dst_zipcode	`str`
dst_region	`str`
web_url	`str`
org	`str`
message	`str`
hostchain	`str`			✓
tag	`str`			✓
rawMessage	`str`		rawSource	✓