Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel,
n'hésitez pas à nous contacter.
Overview
Netskope provides solutions to protect data and defend against threats across cloud services, applications, and web traffic. It enables secure access to the internet and cloud environments through tools like Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), and Zero Trust Network Access (ZTNA). Netskope’s transaction event logs provide detailed records of user web activity, including URLs accessed, HTTP call details, and certificate/SSL information, enabling granular visibility and forensic analysis of web traffic.
Use this integration to collect Netskope transaction event logs in Datadog, via an Amazon S3 bucket.
Setup
To set up the Netskope integration, you need to do three things:
- Set up Netskope Log Streaming to send logs to an Amazon S3 bucket.
Note: The Netskope Log Streaming integration currently only supports AWS. - Install Datadog CloudFormation Template to forward the logs from the S3 bucket to Datadog.
- Set up your Amazon S3 bucket to send events to the Cloudformation Template
Install the Netskope Logs Forwarder
- Set up Netskope Log Streaming to forward logs to an Amazon S3 bucket that you own, and make note of the bucket name.
In AWS, go to the CloudFormation page. Click on the Create Stack button, then click With new resources.
On the Create Stack page, use the following values:
- Prepare Template: Choose an existing template
- Template Source: Amazon S3 URL
- Amazon S3 URL:
https://saas-ints-serverless-cf-template-storage-us1-prod.s3.us-east-1.amazonaws.com/dd-netskope-cloudformation-template-1.0.0.yaml
If it is the first time installing this template, you may be asked to create AWS resouces:
DatadogNetskopeLogsLambda, the Lambda itselfDatadogNetskopeLogsLambdaExecutionRole, the role for running the LambdaLambdaBasicExecutionPolicy, the policy for running the LambdaS3ReadAccessPolicy, the policy to allow the Stack to read from your bucketLambdaInvokePermission, permission to run the Lambda
On the Specify Details page, set the following parameters:
Stack Name: Enter a name of your choiceDdApiKey: Your Datadog API keyDdSite: Your Datadog siteBucketName: The name of the Amazon S3 bucket that Netskope Logs Streaming is forwarding your logs to
On the Configure Stack Options page, you may optionally set the follow paramters:
- Add AWS tags (these are only tags for AWS infrastructure, and will not be sent to Datadog)
- Provide an existing IAM role
- Set the Stack Failure options
On the Review & Create page, review your options, and update them as needed. Then, click Submit to create the Stack.
In the Stack, find the Lambda that was created, and make note of the ARN for it.
In Amazon S3, find your bucket, and select the Properties tab.
Scroll down to Event Notifications and click on Create event notification
On the Create Event Notification page, set the following parameters:
Event Name: Enter a name of your choicePrefix: Enter stream_1/, which is the prefix that Netskope Transactions logs useSuffix: Leave blankEvent types: Select All object create events
Still on the Create Event Notification page, select the Lambda that the CloudFormation Stack created:
- Enter
DatadogNetskopeLogsLambda, or use the Lambda ARN from above
Press Save Changes to created the Event Notification.
Verification
- In Amazon S3, ensure that Netskope is forwarding log files to the S3 bucket.
- In AWS Lambda, check your Lambda function’s Monitor tab, and check the logs for each run for errors.
- In Datadog’s Log Explorer, search for your Netskope logs with
source:netskope.
Data Collected
Metrics
Netskope does not include any metrics.
Service Checks
Netskope does not include any service checks.
Events
Netskope does not include any events.
Troubleshooting
Need help? Contact Datadog support.
