Netskope Out-of-the-Box Data Collection Integration

Netskope Out-of-the-Box Data Collection Integration

Notes
To learn more about Out-of-the-box Integrations and their benefits, please refer to this article.

Configure Netskope Next Gen Secure Web Gateway

1. Log in to your Netskope UI.


2. Navigate to Event Streaming . Following the next path Settings > Tools > Event Streaming.


3. Copy your subscription endpoint and generate your download key from the Event Streaming page.

Warning
Keep in mind that generating a new endpoint or key may make any other existing integrations stop working.
Notes
Netskope event streaming is intended to feed a single consumer. Using it with multiple consumers (integrations) will cause unexpected behaviors. If you are already collecting Netskope metadata for other solutions like SIEMs, contact us to identify a different way to inject it to Lumu.

4. Contact Netskope support to update the transaction events format to “Format 3”.  Netskope Format 3 offers a richer data stream, enabling Lumu to better analyze traffic and provide you with more useful context about incidents. This step is not strictly mandatory but it is highly recommended to take the most out of Lumu and Netskope.

Add Integration

1. Log in to our Lumu account through the Lumu Portal and navigate to the integrations screen.


2. Locate the Netskope Next Gen SWG integration in the available apps area and click to add, then click to view details.


3. Familiarize yourself with the integration details available in the app description and click the button below to activate the integration.


4. To activate the integration, add a Name . By default, this integration will be tagged as unlabeled activity; however, you can select a label of your preference for additional visibility.


5. Add the Netskope credentials: Subscription Endpoint and Subscription Key. These parameters were obtained in the steps of the Configure Netskope Next Gen Secure Web Gateway section. Now select “Activate”.


6. The integration is now created and active. Now, the Lumu Portal will display the details of the created integration:



Setup Grouping Rules

Grouping Rules are powerful tools to organize and streamline the traffic received by your collectors by making full use of Lumu’s Labels. Consult the relevant article on our technical documentation to learn more about Grouping Rules.




    Still can’t find an answer?
    Send a message to our experts.
    Contact Us

        • Related Articles

        • Lumu Out-of-the-box Integrations

          For getting started with Lumu integrations with third-party solutions, consult our Integrations guide. Lumu's Out-of-the-box (OOTB) integrations are a seamless and convenient way to integrate Lumu with other solutions in your cyberdefense stack to ...

        • Netskope Log Streaming Custom Data Collection Integration

          In this article, you will find out how to configure your Netskope Log Streaming subscription and its Lumu Custom Data Collection integration to pull, transform, and inject the Web Transactions by Netskope Log Streaming into Lumu to enhance the ...

        • Kubernetes (K8s) Out-of-the-box Data Collection Integration

          To learn more about Out-of-the-box Integrations and their benefits, please refer to this article. In this article, you will find out how to configure your Kubernetes cluster to record and collect DNS data from your cluster network and have it sent to ...

        • AWS Out-of-the-Box Data Collection Integration

          To learn more about Out-of-the-box Integrations and their benefits, please refer to this article. In this article, you will find out how to configure Amazon Web Services (AWS) to pull and collect data from your network in the form of logs, and have ...

        • Cisco Umbrella Out-of-the-Box Data Collection Integration

          To learn more about Out-of-the-box Integrations and their benefits, please refer to this article. Requirements A Cisco Umbrella DNS Security Essentials subscription or above An active Lumu Defender Subscription Setup Cisco Umbrella Rest API Client ...