Netskope Active sample event messages

Use these sample event messages to verify a successful integration with IBM QRadar.

Important: The IBM QRadar DSM for Netskope Active is deprecated.

To continue taking advantage of this integration, please download the Netskope Security Cloud DSM from the IBM Security App Exchange website (https://exchange.xforce.ibmcloud.com/hub/extension/ff97aaadc10ed96b0e05d1a1f24af2f7).

Netskope Active sample messages when you use the Netskope Rest API protocol

Tip: Due to formatting, paste the message formats into a text editor and then remove any carriage return or line feed characters.

Sample 1: The following sample event message shows an anomaly collaboration event.

{“dstip”:”XXXXX”,”dst_location”:”XXXXX”,”last_timestamp”:1436237104,”latency_total”:74,”app”
:”Google Hangouts”,”profile_id”:”XXXX”,”last_country”:”XX”,”device”:”Windows Device”,”src_location”:”N/A”
,”alert_type”:”anomaly”,”id”:66483,”app_session_id”:XXXXX,”event_type”:”proximity”,”risk_level”:
”high”,”client_bytes”:3109,”last_location”:XXXX],”dst_region”:”XXX”,”last_device”:”Windows Device”,”conn_durat
ion”:XXX,”dst_country”:”XXX”,”resp_cnt”:3,”ccl”:”high”,”src_zipcode”:”N/A”,”req_cnt”:3,”src_timezone”:
”unknown”,”server_bytes”:2012,”type”:”connection”,”access_method”:”Client”,”latency_min”:24,
”organization_unit”:”“,”dst_latitude”:XXXX,”timestamp”:1436237457,”src_region”:”N/A”,”src_latitude”:XX,
”connection_id”:XXX,”dst_longitude”:-XXX,”alert”:”yes”,”app_action_cnt”:0,”last_app”:”Google Hangouts”,”user”
:”XXX”,”src_longitude”:-XX,”srcip”:”XXXXX”,”src_country”:”XX”,”last_region”:”CO”,”appcategory”:”Collaboration
”,”conn_endtime”:1436237457,”count”:1,”acked”:”false”,”_id”:”XXXX”,”dst_zipcode”:”XXX”,”risk
_level_id”:2,”sv”:”unknown”,”latency_max”:25,”numbytes”:5121,”alert_name”:”proximity”,”conn_
starttime”:1436237210,”userip”:”XXXX”,”telemetry_app”:”“,”browser”:”Chrome”,”os”:”Windows 8.1”}

Sample 2: The following sample event message shows a successful user login audit event.

{“supporting_data”:{“data_values”:[“XXX”,”XXXX],”data_type”:”user”},”severity_level”:2,”time
stamp”:1419922155,”organization_unit”:”“,”ccl”:”unknown”,”user”:”XXXXXX”,”audit_log_event”:”Login Succes
sful”,”_id”:”XXXXXX”,”type”:”admin_audit_logs”,”appcategory”:”n/a”}