First of all, sorry if that sounds like a stupid question, but i did try to find a straight forward way online, and, all points to certain configurations via Cloud Exchange Plugins.
Here is my szenario, it actually is fairly simple.
I need to integrate a customers Netskope Environment (and no, I have no other details at this point as this is still exploratory) to a SIEM, the SIEM is not one of the big names. In most other cases, we have done Integrations either via an API that is available, via Storage Buckets, or, usually the most straight forward, via simple Syslog.
Given this, aside from this link:
- are there other ways for Syslog integration? I found this one somewhere but i do not think this is still or ever was applicable?
2.1.1 Log in to the Netskope Admin Console:
• Open your web browser and navigate to the Netskope Admin Console.
• Enter your credentials to log in.
2.1.2 Navigate to Settings:
• Once logged in, go to the Settings menu, usually found on the left sidebar.
2.1.3 Access External Integrations:
• Under the Settings menu, find and select External Integrations.
• From the dropdown or list, choose Syslog.
2.1.4 Configure Syslog Settings:
• In the Syslog configuration section, click on Add Syslog Server to start setting up your SIEM integration.
• Enter the following details:o Server Name: A friendly name for your Syslog server.
o IP Address: The IP address of your SIEM server.
o Port: Enter the non-standard port number you want to use.
o Protocol: Select either TCP or UDP as per your requirement.
o Format: Choose the log format (e.g., JSON, CEF) that your SIEM supports.
2.1.5 Set Log Types:
• Specify which types of logs you want to forward to your SIEM (e.g., alert logs, audit logs).
• You may also have options to filter logs based on severity or other criteria.
Also, the storage bucket option, is it a feasible approach for Netskope?
Again, sorry if this sounds like a stupid question but i thought i give it a try here
Cheers