Netskope Active REST API log source parameters for Netskope Active
If QRadar® does not automatically detect the log source, add a Netskope Active log source on the QRadar Console by using the Netskope Active REST API protocol.
Important: The IBM®
QRadar DSM for Netskope Active
is deprecated.
To continue taking advantage of this integration, please download the Netskope Security Cloud DSM from the IBM Security App Exchange website (https://exchange.xforce.ibmcloud.com/hub/extension/ff97aaadc10ed96b0e05d1a1f24af2f7).
When using the Netskope Active REST API protocol, there are specific parameters that you must use.
The following table describes the parameters that require specific values to collect Netskope
Active REST API events from Netskope Active:
| Parameter | Value |
|---|---|
| Log Source type | Netskope Active |
| Protocol Configuration | Netskope Active REST API |
| IP or Hostname | <customer_tenant_name>.goskope.com |
| Authentication Token | The authentication token is generated in the Netskope WebUI and is the only credential that is required for Netskope Active REST API usage. To access the token generation option in the Netskope WebUI, select . |
| Automatically Acquire Server Certificates | If you choose Yes from the list, QRadar automatically downloads the certificate and begins trusting the target server. The correct server must be entered in the IP or Hostname field. |
| Throttle | The maximum number of events per second. The default is 5000. |
| Recurrence | You can specify when the log source attempts to obtain data. The format is M/H/D for Minutes/Hours/Days. The default is 1 M. |
| Collection Type |
|