Ask the community

Incident Report automation

JacoG
Partner
Partner

Hi Guys,

 

I am still very new in the Netskope world and this might seem a very simple question, but I don't know how to do it 🙂

 

Is it possible to generate a report of all High and Critical level incidents over all Fields (DLP, Comp Credentials, BA, Malware, Malicious Sites) in a single report on a daily basis?

 

The reports section with the building of widgets does not make too much sense to me yet.

 

It would have been nice to filter on the incidents page and then have a button to apply the filter to generate a report based on the filters.

 

Please, if anyone can assist with this, it would be greatly appreciated 🙂

 

JG

3 Replies 3
qyost
Contributor III

Does the following get you what you're looking for?   You could also create something similar in Advanced Analytics.

SkopeIt -> Alerts
Then hit the advanced search button to get the query language bar. qyost_1-1683207185901.png

 

(acked eq 'false') and (severity in ['Critical','High'] )

 

 

qyost_2-1683207367988.png

 



--
-Q.
qyost
Contributor III

Here's the AA version. I had to use a custom filter again to OR across the multiple alert types :

 

 ${alert_event.sa_rule_severity} = "critical" OR ${alert_event.sa_rule_severity} = "critical" OR ${alert_event.dlp_rule_severity} = "Critical" OR ${alert_event.severity_level} = "critical" OR ${alert_event.malware_severity} = "critical" OR  ${alert_event.sa_rule_severity} = "high" OR ${alert_event.sa_rule_severity} = "high" OR ${alert_event.dlp_rule_severity} = "High" OR ${alert_event.severity_level} = "high" OR ${alert_event.malware_severity} = "high"

 

 

qyost_3-1683209490898.png

 

 

--
-Q.

You could also leverage the Incidents reports/dashboards in AA. 

Marcelo Souza
Netskope Product Adoption Lead
Subscribe
Labels

In order to view this content, you will need to sign in to your account. Simply click the "Sign In" button below

Sign In