Netskope Events Alert

This data pipeline extracts the Alert events from Netskope technology using the data export API.

This Pipeline integrates with Logs from the Netskope Platform using the HTTP Pull Listener, transforming it from JSON to CSV format.

Listen

The Listener pulls events using the Configure as YAML option, using the following YAML:

withTemporalWindow: true
temporalWindow:
  duration: 5h
  offset: 5h
  tz: UTC
  format: Epoch
withAuthentication: false
withEnumerationPhase: false
collectionPhase:
  paginationType: none
  request:
    method: GET
    url: "https://summa.goskope.com/api/v2/events/dataexport/events/alert?operation=next&index=onum_event_alert_001"
    headers:
      - name: Accept
        value: application/json
      - name: Netskope-Api-Token
        value: "XXX"
  output:
    select: ".result"
    map: "."
    outputMode: element

Transform Netskope data

Parser

The parser extracts the individual fields coming from the Netskope JSON into more detailed fields, including status, data and index.

Flat JSON

We need to flatten the incoming JSON into key-value pairs that can be sent on in the CSV.

Message Builder

We use the Message Builder action to transform the fields to CSV format, using a comma as the delimiter.

You can now send on your CSV containing OKTA logs to your preferred destination using a sink.

PreviousCrowdStrike Event Stream Logs - Falcon API NextOKTA System Log API

Last updated 2 months ago

Was this helpful?