# Netskope Events Alert
This data pipeline extracts the Alert events from Netskope technology using the data export API.
This Pipeline integrates with Logs from the Netskope Platform using the [**HTTP Pull** Listener](https://docs.onum.com/the-workspace/listeners/listener-integrations/pull-data-from-http-endpoints), transforming it from JSON to CSV format.
## Listen
The Listener pulls events using the **Configure as YAML** option, using the following YAML:
```
withTemporalWindow: true
temporalWindow:
duration: 5h
offset: 5h
tz: UTC
format: Epoch
withAuthentication: false
withEnumerationPhase: false
collectionPhase:
paginationType: none
request:
method: GET
url: "..."
headers:
- name: Accept
value: application/json
- name: Netskope-Api-Token
value: "XXX"
output:
select: ".result"
map: "."
outputMode: element
```
{% hint style="info" %}
See the article dedicated to setting up Netskope API event alerts [here](https://docs.onum.com/marketplace/falcon-onum-marketplace/pulling-pipelines/netskope-events-alert).
{% endhint %}
## Transform Netskope data
### Parser
The parser extracts the individual fields coming from the Netskope JSON into more detailed fields, including status, data and index.
### Flat JSON
We need to flatten the incoming JSON into key-value pairs that can be sent on in the CSV.
### Message Builder
We use the [**Message Builder**](https://docs.onum.com/the-workspace/pipelines/actions/formatting/message-builder) Action to transform the fields to CSV format, using a comma as the delimiter.
You can now send on your CSV containing OKTA logs to your preferred destination using a sink.
.png?alt=media&token=82a4506e-5c2a-496d-ad20-f1237ba17ec7)
.png?alt=media&token=906154eb-60c9-4026-901c-7508879c6306)