search
Knowledge BaseRelease NotesRequest Demo

Netskope Logs

Panther supports pulling logs directly from Netskope

hashtag
Overview

Panther has the ability to fetch Netskope logs by querying the Netskope REST API v2arrow-up-right.

hashtag
How to onboard Netskope logs to Panther

You'll start creating the Netskope source in Panther, generate an API token in Netskope, then return to Panther to finish log source creation.

hashtag
Step 1: Start creating a Netskope source in Panther

  1. In the left-side navigation bar of your Panther Console, click Configure > Log Sources.

  2. Click Create New.

  3. Search for “Netskope,” then click its tile.

  4. In the slide-out panel, click Start Setup.

  5. Enter a descriptive Name for the source, e.g., "My Netskope logs."

  6. Click Setup.

hashtag
Step 2: Create an API token in Netskope

  1. In a separate web browser tab, open the Netskope Admin Consolearrow-up-right.

  2. In the left-side navigation bar, click Settings.

  3. In the left-side navigation bar of the Settings page, click Tools > REST API v2.

  4. Click New Token.

  5. In the popup modal, configure the following fields:

    • Token Name: Enter a descriptive name.

    • Expire In: Set an appropriate expiration period.

    • Scope: Click Add Endpoint and select the /api/v2/events/dataexport/events/audit scope.

  6. Click Save.

  7. In the confirmation modal, click Copy Token and store the value in a secure location, as you will need it in the next step.

hashtag
Step 3: Finish creating the Netskope source in Panther

  1. Navigate back to the Panther Console, to the Set Credentials page where you left off after completing Step 1.

  2. In the Netskope Domain field, enter the domain name of your Netskope tenant (e.g., corp.goskope.com).

  3. In the API Key field, paste the API token value you copied from the Netskope Admin console in Step 2.

  4. Click Setup. You will be directed to a success screen:\

    The success screen reads, "Everything looks good! Panther will now automatically pull & process logs from your account"

    • You can optionally enable one or more Detection Packsarrow-up-right.

    • The Trigger an alert when no events are processed setting defaults to YES. We recommend leaving this enabled, as you will be alerted if data stops flowing from the log source after a certain period of time. The timeframe is configurable, with a default of 24 hours.\

      The "Trigger an alert when no events are processed" toggle is set to YES. The "How long should Panther wait before it sends you an alert that no events have been processed" setting is set to 1 Day

hashtag
Panther-managed detections

See Panther-managed rules for Netskope in the panther-analysis GitHub repositoryarrow-up-right.

hashtag
Supported log types

hashtag
Netskope.Audit

Netskope.Audit logs represent activity within a Netskope instance. For more information, see Netskope's Logging documentationarrow-up-right.

PreviousMongoDB Atlas LogsNextNginx Logs

Last updated

Was this helpful?