I would like to know if anyone in the community has ever encountered the need to integrate Elastic SaaS with Netskope SaaS directly, from Cloud to Cloud, without depending on collectors or other external elements such as VMs.
I don't think this is possible, you need extra pieces both on Netskope side (Cloud Exchange) and on Elastic side (Elastic Agent).
So you will need extra VMs to get your Netskope logs into your Elastic.
For example, this is the documentation from Netskope on how to integrate with Elasticsearch: Elastic Plugin for Log Shipper - Netskope Knowledge Portal
That's the point, it doesn't make much sense to need on-premises resources and have this traffic going through the internal data center if both solutions are in the cloud.
I thought that maybe someone in the community could have discovered a way to build a new custom connector in the Elastic cloud to connect directly to the Netskope API and collect these logs.
I found this same documentation that shows an already mapped way to do the integration, in this case I was checking if there was a way that was not yet mapped and documented.
It is because how these tools were designed.
Elastic Cloud for example, only provides Elasticsearch nodes, Kibana nodes and a limited Elastic Agent to run a Fleet Server and an APM server, if you need Logstash or other Elastic Agent integrations you will need to run it in your own hardware.
To integrate with netskope you need an Elastic Agent running the Netskope integration, which cannot run on the cloud, this is valid for all integrations in fact, Elastic Agent needs to run on your own hardware.
Netskope is similar, they do not offer Cloud Exchange as a SaaS if I'm not wrong, you need to install, configure and run it in your own hardware.
I believe that this limited Elastic Agent to run a Fleet Server that Elastic Cloud provides should have more capabilities then.
Today, talking to an Elastic employee, he mentioned that Elastic SaaS allows direct integrations through custom APIs and Netskope allows API calls to query alerts, hoping that it will be possible to create this direct integration.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.