How to Deploy the Netskope for Splunk Apps

Affected Products:

• Netskope

To deploy Netskope for Splunk:

1. Open your browser and go to your organization’s Splunk environment.
2. Log in to your organization’s Splunk environment with an account that can install apps.
   
3. From the Splunk home screen, click Find More Apps.
   
4. Once the Browse More Apps screen loads, click the Find apps by keyword, technology search box, type Netskope, and then press Enter.
   
   Note: For more information about Netskope Add-on for Splunk, reference the app information about Splunkbase (https://splunkbase.splunk.com/app/3808/) .
5. Click the green Install button for the app named Netskope Add-on for Splunk.
   
6. If prompted to log in:
   1. Populate your Splunk Username.
   2. Populate your Splunk Password.
   3. Accept the terms and conditions.
   4. Click Login and Install.
      
      Otherwise, go to Step 7.
7. Once installation completes, click Restart Now.
   
   Note: A restart of Splunk services is required before app configuration can proceed. If you cannot restart your Splunk services, click Restart Later and come back to this article later to continue the configuration.
   
   
8. Once prompted, click OK.
   
9. From the login page, populate your credentials to log back into your Splunk environment and then click Sign In.
   
10. Once logged in, the Browse More Apps page displays and the Netskope Add-on For Splunk displays. Click Open App to continue configuration.
    
11. The Configuration page displays, and the Account tab is selected. Click the green Add button.
    
12. From the Add Account window:
    1. Populate an Account Name.
    2. Populate your [TENANT].goskope.com environment Hostname URL.
    3. Populate your Netskope REST API Token.
    4. Optionally, add or remove Input Types. By default, Events and Alerts are pre-selected.
       1. To add an input type, click in the Input Types field. Additional values are displayed. Select any of these additional values to collect these input types.
       2. To remove an input type, click the X next to the input type.
    5. Click Add.
       
       Note:

       • [TENANT] = The tenant name in your environment
       • Multiple accounts can be created to separate input types. For example, Netskope_Events could be created in addition to Netskope_Alerts. Complete Step 12 and then repeat steps 11 and 12 until all desired accounts are created, to create multiple accounts.
       • For more information, reference How to Retrieve the Netskope REST API Key.
       • More Input Types are created, updated, and changed as the Netskope for Splunk Add-On is updated. Your input types may differ from the example image.
13. If a proxy server is required for your Splunk services to connect to the Netskope cloud, click the Proxy tab. Otherwise, go to Step 15.
    
14. From the Proxy menu:
    1. Select Enable.
    2. Select a Proxy Type.
    3. Populate a Host.
    4. Populate a Port.
    5. Populate a Username.
    6. Populate a Password.
    7. Click Save.
       
15. Click the Logging tab. By default, the Log level is set to INFO. Optionally, adjust this level and then click Save.
    
    Note: Changing the logging level may be used in troubleshooting.
16. Click the Add-on Settings tab. You can use this page to adjust your Base Event Type index if required.
    
17. Click the Inputs link towards the top of the page to configure the Inputs.
    
18. The Inputs page displays and our selected inputs from Step 12 are displayed.
    
19. By default, all inputs the app creates are disabled. From the Actions column, click Action and then select Enable for each Input you would like to enable.
    
20. From the upper left of the Splunk page, click Search.
    
21. Once the Search page displays, you should see event data in the What to Search box. Populated event data confirms that your configuration is working.
    
22. This completes the Installation and Configuration of the Netskope Add-on For Splunk. Return to the Find More Apps page by clicking the App: Netskope Add-on For Splunk menu at the top of the page and then click Find More Apps.
    
23. Click the Find apps by keyword, technology search box, type Netskope, and then press Enter.
    
    Note: For more information about Netskope App for Splunk, reference the app information about Splunkbase (https://splunkbase.splunk.com/app/3414/) .
24. When the search page loads, click the green Install button for Netskope App for Splunk.
    
25. If prompted to log in:
    1. Populate your Splunk Username.
    2. Populate your Splunk Password.
    3. Accept the terms and conditions.
    4. Click Login and Install.
       
       Otherwise, go to Step 26.
26. Click Open the App to launch the Netskope App for Splunk page.
    
27. Your Netskope App for Splunk begins to display data it has collected from your Netskope environment.
    

If no data is displayed, contact Dell ProSupport for assistance. For more information, reference How to Get Support for Netskope.

For support, US-based customers may contact Dell Data Security ProSupport at 877.459.7304, Option 1, Ext. 4310039, or using the Chat Portal. To contact support outside the US, reference ProSupport’s International Contact Numbers. For additional insights and resources, go to the Dell Security Community Forum.