Sumo Logic collection solution for netskope
Project description
sumologic-netskope-collector
Solution to pull data from Netskope to Sumo Logic
Installation
-
Getting a token from Netskope portal
- Login to Netskope as the Tenant Admin. Netskope REST APIs use an auth token to make authorized calls to the API. The token can be obtained from the UI by following the below steps
- Go to the API portion of the Netskope UI ( Settings > Tools > Rest API)
- Copy the existing token to your clipboard Alternatively, you can generate a new token and copy that
-
Add a Hosted Collector and HTTP Source
- To create a new Sumo Logic Hosted Collector, perform the steps in Configure a Hosted Collector.
- Add an HTTP Logs and Metrics Source.
Under Advanced you'll see options regarding timestamps and time zones and when you select Timestamp parsing specify the custom time stamp format as shown below:
Format: epoch
Timestamp locator:
\"timestamp\": (.*),
-
Configuring the sumologic-netskope collector Below instructions assume pip is already installed if not then, see the pip docs on how to download and install pip.
sumologic-netskope-collector is compatible with python 3.7 and python 2.7. It has been tested on ubuntu 18.04 LTS and Debian 4.9.130. Login to a Linux machine and download and follow the below steps:
-
Install the collector using below command
pip install sumologic-netskope-collector -
Create a configuration file netskope.yaml in home directory using the sample.yaml file(in sumologic-netskope folder). Add the SUMO_ENDPOINT and TOKEN parameters obtained from step 1 and step 2 and replacing the "netskope domain" variable with your Netskope portal domain.
SumoLogic: SUMO_ENDPOINT: <SUMO LOGIC HTTP URL> Netskope: TOKEN: <NETSKOPE API TOKEN> NETSKOPE_EVENT_ENDPOINT: <netskope domain>/api/v1/events NETSKOPE_ALERT_ENDPOINT: <netskope domain>/api/v1/alerts -
Create a cron job for running the collector every 5 minutes by using the crontab -e and adding the below line
*/5 * * * * /usr/bin/python -m sumonetskopecollector.netskope > /dev/null 2>&1
-
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file sumologic-netskope-collector-1.0.10.tar.gz.
File metadata
- Download URL: sumologic-netskope-collector-1.0.10.tar.gz
- Upload date:
- Size: 10.6 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.2.0 pkginfo/1.6.1 requests/2.25.0 setuptools/41.2.0 requests-toolbelt/0.9.1 tqdm/4.54.1 CPython/3.8.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 4e78e83daa0e11c1b194946a53a4cc35f971da50bf83379b4f39fe584f547aac |
|
| MD5 | 479c4be612e8f6618ec6a6e985bde89f |
|
| BLAKE2b-256 | 7eb3fb8dddbb926b6d4e252ca07d897166c8d6c6a9838c71b2103c583f655e0c |
File details
Details for the file sumologic_netskope_collector-1.0.10-py3-none-any.whl.
File metadata
- Download URL: sumologic_netskope_collector-1.0.10-py3-none-any.whl
- Upload date:
- Size: 11.3 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.2.0 pkginfo/1.6.1 requests/2.25.0 setuptools/41.2.0 requests-toolbelt/0.9.1 tqdm/4.54.1 CPython/3.8.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 780abcaed5a9f74b9fbac30110289a14c037a6a3f62fd20bf7c691703bf6497e |
|
| MD5 | 20dcf742cada5703371de5f2828f9942 |
|
| BLAKE2b-256 | 31417607d1af1c9e52c3546cd38cef73f5fa99e33d2d6bd97ff3380374fb8ae7 |
