Netskope Certified Cloud Security Expert (NCCSE) — Question 31
You have deployed Netskope to all users of the organization and you are now ready to begin ingesting all events, alerts, and Web transactions into your SIEM as a part of your requirements.
What are three ways in which you would accomplish this task? (Choose three.)
Answer options
- A. Use custom API calls to ingest to a data lake and then into your SIEM.
- B. Use the Netskope Publisher to a stream syslog to your SIEM.
- C. Use syslog directly to Splunk.
- D. Use Cloud Log Shipper to an IaaS storage repository and then into your SIEM.
Correct answer: A, B, D
Explanation
The correct methods involve using custom API calls to facilitate data ingestion into a data lake and from there into the SIEM, utilizing the Netskope Publisher for syslog streaming to the SIEM, and employing Cloud Log Shipper for transferring data to IaaS storage before integrating with the SIEM. Option C is incorrect as it specifies a direct connection to Splunk, which does not align with the other options that involve specific tools and methods for SIEM integration.