Netskope Data Connector for Microsoft Sentinel
Solution: Netskopev2
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
| Attribute | Value |
|---|---|
| Publisher | Netskope |
| Support Tier | Partner |
| Support Link | https://www.netskope.com/services#support |
| Categories | domains |
| Version | 3.1.4 |
| Author | Netskope |
| First Published | 2024-03-18 |
| Last Updated | 2024-03-18 |
| Solution Folder | Netskopev2 |
| Marketplace | Azure Marketplace · Rating: ★☆☆☆☆ 1.0/5 (1 ratings) · Popularity: 🔵 Medium (75%) |
Netskope solution for Microsoft Sentinel enables you to ingest Netskope alerts and events into Microsoft Sentinel. The connector provides visibility into Netskope Platform Events and Alerts in Microsoft Sentinel to improve monitoring and investigation capabilities.
Contents
Data Connectors
This solution provides 3 data connector(s):
- Netskope Alerts and Events (via Codeless Connector Framework)
- Netskope Data Connector 🔶
- Netskope Web Transactions Data Connector 🔶
🔶 CLv1: This connector ingests into a table that uses the legacy Custom Log V1 schema format with type-suffixed column names (e.g.
_s,_d,_b,_t,_g). Note: identification is based on column name suffixes which are also permitted in CLv2, so this classification may not always be accurate.
Tables Used
This solution uses 32 table(s):
🔶 CLv1: This table uses the legacy Custom Log V1 schema format with type-suffixed column names (e.g.
_s,_d,_b,_t,_g). Note: identification is based on column name suffixes which are also permitted in CLv2, so this classification may not always be accurate.
Content Items
This solution includes 37 content item(s):
| Content Type | Count |
|---|---|
| Parsers | 30 |
| Workbooks | 4 |
| Playbooks | 2 |
| Analytic Rules | 1 |
Analytic Rules
| Name | Severity | Tactics | Tables Used |
|---|---|---|---|
| Netskope - WebTransaction Error Detection | Medium | Execution | NetskopeWebtxErrors_CL |
Workbooks
Playbooks
| Name | Description | Tables Used |
|---|---|---|
| NetskopeDataConnectorsTriggerSync | Playbook to sync timer trigger of all Netskope data connectors. | - |
| NetskopeWebTxErrorEmail | This playbook sends email when Netskope Web Transaction data connector error is detected. | - |
Parsers
Additional Documentation
📄 Source: Netskopev2/README.md
Quick Links
- Alerts & Events (CCF): Sending Alerts and Events to Microsoft Sentinel using the Codeless Connector Platform
- Web Transactions (CCF): Integration: Web Transactions from Netskope Log Streaming to Microsoft Sentinel
- Netskope Log Streaming Connector Documentation: View Documentation
Overview
The Netskope Microsoft Sentinel Solution integrates Netskope logs (events, alerts, and WebTransactions) into Microsoft Sentinel for centralized monitoring and investigation.
Note: Work to update this solution is currently in progress. For any questions, please contact tech-alliances@netskope.com.
Contents
Data Connectors
- NetskopeAlertsEvents_RestAPI_CCP (Recommended)
Fetches alerts and events from Netskope using Microsoft's Codeless Connector Framework. - NetskopeDataConnector (Deprecated)
Azure Functions–based data connector to fetch alerts and events from Netskope. - NetskopeWebTransactionsDataConnector (Deprecated)
Docker–based data connector to fetch Netskope WebTx logs.
Note: Installation steps for each data connector are available on their respective UI pages within Microsoft Sentinel.
Workbook
Note: The workbook is only compatible with the Azure Functions–based data connector data, and not compatible with NetskopeAlertsEvents_RestAPI_CCP or Netskope CE data.
Parsers
Note: The parsers are only compatible with the Azure Functions–based data connector data, and not compatible with NetskopeAlertsEvents_RestAPI_CCP or Netskope CE data.
Support
Release Notes
| Version | Date Modified (DD-MM-YYYY) | Change History |
|---|---|---|
| 3.1.4 | 30-03-2026 | Fix space in name. Rename to Netskope Alerts and Events (via Codeless Connector Framework) |
| 3.1.3 | 20-03-2026 | Rename to Netskope Alerts and Events(via Codeless Connector Framework) |
| 3.1.2 | 31-10-2025 | Added Dropdown in CCF UI page for data ingestion |
| 3.1.1 | 15-10-2025 | Added CCF WebTx Parser and Dashboard |
| 3.1.0 | 12-08-2025 | Added Parsers and Dashboards for CCP and CE Data. |
| 3.0.3 | 08-04-2025 | Updated index value of api endpoint in CCP Data Connector poller files. |
| 3.0.2 | 30-05-2024 | Updated python packages of Netskope Data Connector. |
| 3.0.1 | 03-05-2024 | Repackaged for Parser issue fix on reinstall. |
| 3.0.0 | 03-04-2024 | Initial Solution Release. |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊