Netskope Function uploads to Netskope_CL but workbook does not refer to the table #8938
Comments
|
Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal. |
|
Hi @anthonysomerset, thanks for flagging this issue, we will soon get back to you on this. Thanks! |
|
Hi @anthonysomerset, we have reached out to concerned team for this issue, we will get back once there is an update. |
3 similar comments
|
Hi @anthonysomerset, we have reached out to concerned team for this issue, we will get back once there is an update. |
|
Hi @anthonysomerset, we have reached out to concerned team for this issue, we will get back once there is an update. |
|
Hi @anthonysomerset, we have reached out to concerned team for this issue, we will get back once there is an update. |
|
Hi @anthonysomerset, we have reached out to concerned team for this issue, we will get back to you by 13 Oct 2023. |
|
Hello @anthonysomerset, thank you for raising the issue. Netskope uses Log Shipper to push logs to Microsoft Sentinel. In Log Shipper user have option to provide table name but they suggest default names like Netskope_Events_CL, Netskope_Alerts_CL, Netskope_WebTX_CL etc, so that provided workbook and playbook can function properly. Looks like workbook is not yet updated to support Azure Functions app based connector ingested data. |
|
so i don't have Log Shipper at all I am going off the original instructions in Sentinel and this Repo - this suggests that the instructions are wrong or incomplete or out of date. This should be rectified depending on what the correct situation is |
|
from what i can tell, log shipper/cloud exchange is NEW functionality relative to the azure function based solution I think the right way forward is to deprecate the azure function approach in favour of linking to the Netskope documentation for Cloud Exchange/Log Shipper and the documentation updated to reflect that |
|
Hi @anthonysomerset, hopefully you are unblocked. In the meantime, if you are a Netskope customer, you can reach out to them as well for clarification and latest instructions. |
|
Hi @elforb, I see you are original committer of Netskope Solution. Can you please have a look @anthonysomerset concerns? |
|
Hi @elforb, can you please look into the above comment? |
|
Hi @elforb, can you please look into the above comment, would really appreciate your response here. |
|
Hi @anthonysomerset, thanks for raising this concern here. But since this solution is partner supported solution you would need to raise a ticket in Netskope support queue. Please raise this concern with them here - https://www.netskope.com/services#support |
Describe the bug
Netskope Data Connector ingests to the Netskope_CL table, however the provided workbook is expecting data to exist in the following tables:
Netskope_Events_CL
Netskope_Alerts_CL
Netskope_WebTX_CL
as a result the workbook does not work
To Reproduce
Steps to reproduce the behavior:
Expected behavior
Workbook should work, either by updating it to refer to correct tables or update the connector function and/or parser to support the new tables
Screenshots
If applicable, add screenshots to help explain your problem.
Desktop (please complete the following information):
Additional context
Guessing that something is out of sync between the connector/parser and the workbook
The text was updated successfully, but these errors were encountered: