Netskope Events Alert
This data pipeline extracts the Alert events from Netskope technology using the data export API.

This Pipeline integrates with Logs from the Netskope Platform using the HTTP Pull Listener, transforming it from JSON to CSV format.
Listen
The Listener pulls events using the Configure as YAML option, using the following YAML:
withTemporalWindow: true
temporalWindow:
duration: 5h
offset: 5h
tz: UTC
format: Epoch
withAuthentication: false
withEnumerationPhase: false
collectionPhase:
paginationType: none
request:
method: GET
url: "https://summa.goskope.com/api/v2/events/dataexport/events/alert?operation=next&index=onum_event_alert_001"
headers:
- name: Accept
value: application/json
- name: Netskope-Api-Token
value: "XXX"
output:
select: ".result"
map: "."
outputMode: element
Transform Netskope data
Parser
The parser extracts the individual fields coming from the Netskope JSON into more detailed fields, including status, data and index.

Flat JSON
We need to flatten the incoming JSON into key-value pairs that can be sent on in the CSV.

Message Builder
We use the Message Builder action to transform the fields to CSV format, using a comma as the delimiter.
You can now send on your CSV containing OKTA logs to your preferred destination using a sink.
Last updated
Was this helpful?