Netskope Active REST API log source parameters for Netskope Active

If QRadar® does not automatically detect the log source, add a Netskope Active log source on the QRadar Console by using the Netskope Active REST API protocol.

Important: The IBM® QRadar DSM for Netskope Active is deprecated.

To continue taking advantage of this integration, please download the Netskope Security Cloud DSM from the IBM Security App Exchange website (

When using the Netskope Active REST API protocol, there are specific parameters that you must use.

The following table describes the parameters that require specific values to collect Netskope Active REST API events from Netskope Active:
Table 1. Netskope Active REST API log source parameters for the Netskope Active DSM
Parameter Value
Log Source type Netskope Active
Protocol Configuration Netskope Active REST API
IP or Hostname <customer_tenant_name>
Authentication Token The authentication token is generated in the Netskope WebUI and is the only credential that is required for Netskope Active REST API usage. To access the token generation option in the Netskope WebUI, select Settings > REST API.
Automatically Acquire Server Certificates If you choose Yes from the list, QRadar automatically downloads the certificate and begins trusting the target server. The correct server must be entered in the IP or Hostname field.
Throttle The maximum number of events per second. The default is 5000.
Recurrence You can specify when the log source attempts to obtain data. The format is M/H/D for Minutes/Hours/Days. The default is 1 M.
Collection Type
All Events
Select to collect all events.
Alerts Only
Select to collect only alerts.