Netskope Web Transaction Events for Microsoft Sentinel

Solution: NetskopeWebTx

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Solutions Index

---

Attribute	Value
Publisher	Netskope
Support Tier	Partner
Support Link	https://www.netskope.com/services#support
Categories	domains
Version	1.0.1
Author	Netskope
First Published	2026-02-10
Last Updated	2026-04-09
Solution Folder	NetskopeWebTx
Marketplace	Azure Marketplace · Popularity: ⚪ Very Low (0%)

The Netskope Web Transactions solution enables streaming of web transaction logs from Netskope to Microsoft Sentinel via Azure Blob Storage and Event Grid. It provides comprehensive visibility into web traffic, user activity, application usage, and security policy enforcement.

Included Content: - 1 Data Connector (CCP-based Blob Storage connector) - 1 Workbook (Web Transactions Dashboard) - 10 Analytics Rules

Contents

• Data Connectors
• Tables Used
• Content Items
• Additional Documentation

Data Connectors

This solution provides 1 data connector(s):

• Netskope Web Transaction Connector (via Blob Storage)

Tables Used

This solution uses 1 table(s):

Table	Used By Connectors	Used By Content
NetskopeWebTransactions_CL	Netskope Web Transaction Connector (via Blob Storage)	Analytics, Workbooks

Content Items

This solution includes 12 content item(s):

Content Type	Count
Analytic Rules	10
Workbooks	1
Parsers	1

Analytic Rules

Name	Severity	Tactics	Tables Used
Netskope - Anomalous User Behavior (High Volume from Unmanaged Device)	Medium	Exfiltration, Collection	NetskopeWebTransactions_CL
Netskope - Data Movement Tracking (Upload/Download Monitoring)	Informational	Exfiltration, Collection	NetskopeWebTransactions_CL
Netskope - Excessive Downloads Detection (Spike vs Baseline)	Medium	Exfiltration, Collection	NetskopeWebTransactions_CL
Netskope - Heavy Personal Cloud Storage Usage (Shadow IT)	Medium	Exfiltration, Collection	NetskopeWebTransactions_CL
Netskope - Impossible Travel Detection (Two Countries in Less Than 1 Hour)	High	InitialAccess, CredentialAccess	NetskopeWebTransactions_CL
Netskope - Large Outbound Data Transfer / Sensitive Upload (DLP)	High	Exfiltration	NetskopeWebTransactions_CL
Netskope - New Risky App Access vs 7-Day Baseline	Medium	InitialAccess, Discovery	NetskopeWebTransactions_CL
Netskope - Repeated or Critical Policy Violations	High	DefenseEvasion, Exfiltration	NetskopeWebTransactions_CL
Netskope - Suspicious Network Context (Unusual IPs/Geo/Ports)	Medium	CommandAndControl, Exfiltration, Discovery	NetskopeWebTransactions_CL
Netskope - Unsanctioned/Risky Cloud App Access (Shadow IT)	Medium	InitialAccess, Exfiltration	NetskopeWebTransactions_CL

Workbooks

Name	Tables Used
NetskopeWebTx_Workbook	NetskopeWebTransactions_CL

Parsers

Name	Description	Tables Used
NetskopeWebtx	-	NetskopeWebTransactions_CL (read)

Additional Documentation

📄 Source: NetskopeWebTx/README.md

Overview

This solution enables ingestion of Netskope Web Transaction logs into Microsoft Sentinel for security monitoring, threat detection, and compliance analysis.

Contents

Data Connectors

• NetskopeWebTxConnector - Codeless Connector Platform (CCP) connector using Azure Blob Storage and Event Grid

Workbooks

• Netskope Web Transactions Dashboard - Comprehensive visualization including:
• User Activity Analysis
• Application & Category Usage
• Geographic Traffic Analysis
• HTTP Methods & Status Codes
• SSL Errors & Bypass Events
• Data Quality Monitoring

Analytics Rules (10 Rules)

1. Impossible Travel Detection - Users accessing from multiple countries within 1 hour
2. Excessive Downloads Detection - Spike vs 7-day baseline analysis
3. Unsanctioned/Risky Cloud App Access - Shadow IT detection
4. New Risky App vs Baseline - First-seen risky applications
5. Large Data Upload (DLP) - Potential data exfiltration
6. Policy Violations - Repeated or critical policy blocks
7. Anomalous User Behavior - High volume from unmanaged devices
8. Personal Cloud Storage Usage - Shadow IT storage apps
9. Suspicious Network Context - Unusual IPs/Geo/Ports
10. Data Movement Tracking - Upload/Download monitoring

Prerequisites

• Microsoft Sentinel workspace
• Azure Blob Storage account with Netskope Web Transaction logs
• Event Grid System Topic on the storage account
• Appropriate RBAC permissions

Deployment

1. Deploy the Data Connector ARM template
2. Configure blob container settings
3. Deploy Analytics Rules
4. Import the Workbook

Log Table

NetskopeWebTransactions_CL

Version

1.0.0

Release Notes

Version	Date Modified (DD-MM-YYYY)	Change History
3.0.0	11-02-2026	Includes all CCF connector definitions and configurations.

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Solutions Index