Skip to content

Commit

Permalink
Netskope Update (demisto#29463)
Browse files Browse the repository at this point in the history
  • Loading branch information
@eepstain @xsoar-bot
eepstain authored and xsoar-bot committed Oct 5, 2023
1 parent 1ca90c4 commit e402d09
Show file tree
Hide file tree
Showing 4 changed files with 17 additions and 7 deletions.
12 changes: 8 additions & 4 deletions Packs/Netskope/ModelingRules/NetskopeEventCollector_1_3/NetskopeEventCollector_1_3.xif
View file
Expand Up @@ -40,7 +40,8 @@ filter source_log_event = "page"
xdm.target.location.longitude = to_float(dst_longitude),
xdm.target.location.region = dst_region,
xdm.target.location.timezone = dst_timezone,
xdm.target.port = dstport,
xdm.target.port = to_integer(dstport),
xdm.source.port = to_integer(srcport),
xdm.target.sent_bytes = server_bytes,
xdm.target.url = page,
xdm.target.user.identifier = userkey;
Expand Down Expand Up @@ -109,7 +110,8 @@ filter source_log_event = "application"
xdm.target.location.longitude = to_float(dst_longitude),
xdm.target.location.region = dst_region,
xdm.target.location.timezone = dst_timezone,
xdm.target.port = dstport,
xdm.target.port = to_integer(dstport),
xdm.source.port = to_integer(srcport),
xdm.target.sent_bytes = server_bytes,
xdm.target.url = coalesce(page, web_url),
xdm.target.user.identifier = userkey;
Expand Down Expand Up @@ -178,7 +180,8 @@ filter source_log_event = "alert"
xdm.target.location.longitude = to_float(dst_longitude),
xdm.target.location.region = dst_region,
xdm.target.location.timezone = dst_timezone,
xdm.target.port = dstport,
xdm.target.port = to_integer(dstport),
xdm.source.port = to_integer(srcport),
xdm.target.sent_bytes = server_bytes,
xdm.target.url = coalesce(page, web_url),
xdm.target.user.identifier = userkey;
Expand Down Expand Up @@ -219,7 +222,8 @@ filter source_log_event = "network"
xdm.target.domain = type_web,
xdm.target.host.hostname = dsthost,
xdm.target.ipv4 = dstip,
xdm.target.port = dstport,
xdm.target.port = to_integer(dstport),
xdm.source.port = to_integer(srcport),
xdm.target.sent_bytes = server_bytes,
xdm.target.user.identifier = userkey,
xdm.network.http.referrer = referer,
Expand Down
4 changes: 2 additions & 2 deletions .../Netskope/ModelingRules/NetskopeEventCollector_1_3/NetskopeEventCollector_1_3_schema.json
View file
Expand Up @@ -17,7 +17,7 @@
"is_array": false
},
"dstport": {
"type": "string",
"type": "int",
"is_array": false
},
"hostname": {
Expand Down Expand Up @@ -49,7 +49,7 @@
"is_array": false
},
"srcport": {
"type": "string",
"type": "int",
"is_array": false
},
"timestamp": {
Expand Down
6 changes: 6 additions & 0 deletions Packs/Netskope/ReleaseNotes/3_2_3.md
View file
@@ -0,0 +1,6 @@

#### Modeling Rules

##### Netskope Modeling Rule

Updated the Modeling Rule mapping, adding the srcport field to the XDM xdm.source.port field.
2 changes: 1 addition & 1 deletion Packs/Netskope/pack_metadata.json
View file
Expand Up @@ -2,7 +2,7 @@
"name": "Netskope",
"description": "Cloud access security broker that enables to find, understand, and secure cloud apps.",
"support": "xsoar",
"currentVersion": "3.2.2",
"currentVersion": "3.2.3",
"author": "Cortex XSOAR",
"url": "https://www.paloaltonetworks.com/cortex",
"email": "",
Expand Down

0 comments on commit e402d09

Please sign in to comment.