Netskope
Collect security events from your Netskope platform including application usage, network traffic, alerts, DLP incidents, and user activity.
Ingest Methods
RunReveal offers the following ways to ingest Netskope logs:
API Polling
Netskope supports API polling to collect audit logs from your Netskope account.
For detailed setup instructions, see the Integration documentation.
Setup
- Go to Sources in RunReveal
- Click the Netskope source tile
- Give it a name and click Connect Source
- Fill in the required fields with your Netskope API credentials
RunReveal will poll the Netskope API periodically to fetch new logs. Historical logs will be backfilled on first sync.
Schema
The following columns are exposed for this source. RunReveal applies schema normalization across all sources, ensuring uniform field names and data types for cross-source queries and reusable detection logic.
Table: netskope_logs (69 columns)
netskope_logs (69 columns)| Column | Type |
|---|---|
workspaceID | String |
sourceID | String |
sourceType | String |
sourceTTL | UInt32 |
receivedAt | DateTime |
id | String |
eventTime | DateTime |
eventName | String |
eventID | String |
srcIP | String |
srcASCountryCode | String |
srcASNumber | UInt32 |
srcASOrganization | String |
srcCity | String |
srcConnectionType | String |
srcISP | String |
srcLatitude | Float64 |
srcLongitude | Float64 |
srcUserType | String |
dstIP | String |
dstASCountryCode | String |
dstASNumber | UInt32 |
dstASOrganization | String |
dstCity | String |
dstConnectionType | String |
dstISP | String |
dstLatitude | Float64 |
dstLongitude | Float64 |
dstUserType | String |
actor | Map(String, String) |
tags | Map(String, String) |
resources | Array(String) |
serviceName | String |
enrichments | Array(Tuple(data Map(String, String), name String, provider String, type String, value String)) |
readOnly | Bool |
| Column | Type |
|---|---|
rawLog | String |
netskopeEventID | String |
timestamp | UInt64 |
eventType | String |
user | String |
app | String |
activity | String |
alertType | String |
severity | String |
policy | String |
device | String |
location | String |
category | String |
ccl | String |
cci | UInt32 |
accessMethod | String |
trafficType | String |
protocol | String |
url | String |
page | String |
object | String |
objectType | String |
instanceID | String |
fromUser | String |
toUser | String |
fileType | String |
fileName | String |
fileSize | UInt64 |
dlpProfile | String |
dlpRule | String |
browserSessionID | String |
connectionID | String |
requestID | String |
transactionID | String |