Zscaler Internet Access
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
| Attribute | Value |
|---|---|
| Publisher | Zscaler |
| Support Tier | Partner |
| Support Link | https://www.zscaler.com/support/ |
| Categories | domains |
| Version | 3.0.4 |
| Author | Zscaler |
| First Published | 2022-10-10 |
| Last Updated | 2025-09-02 |
| Solution Folder | Zscaler Internet Access |
The Zscaler Internet Access solution for Microsoft Sentinel enables you to ingest Zscaler Internet Access Logs into Microsoft Sentinel using the Microsoft Sentinel Analytics Workspace.
Supported log types include: 1. Web, Firewall, DNS, Tunnel 2. Endpoint DLP, Email DLP 3. CASB: Activity, Cloud Storage, Collaboration, CRM, Email, File Sharing, ITSM, Repo 4. Audit
This enables you to monitor web access, security events, and data protection activity, and respond using the included workbooks and playbooks.
Underlying Microsoft Technologies used:
This solution takes a dependency on the following technologies, and some of these dependencies either may be in Preview state or might result in additional ingestion or operational costs: 1. Azure Monitor Logs: DCR-based Custom Logs 2. Codeless Connector Platform (CCP) 3. Azure Logic Apps
Contents
Data Connectors
This solution provides 15 data connector(s):
- Zscaler Internet Access Cloud NSS Audit Log Push Connector
- Zscaler Internet Access Cloud NSS CASB Activity Log Push Connector
- Zscaler Internet Access Cloud NSS CASB CRM Log Push Connector
- Zscaler Internet Access Cloud NSS CASB Cloud Storage Log Push Connector
- Zscaler Internet Access Cloud NSS CASB Collaboration Log Push Connector
- Zscaler Internet Access Cloud NSS CASB Email Log Push Connector
- Zscaler Internet Access Cloud NSS CASB File Sharing Log Push Connector
- Zscaler Internet Access Cloud NSS CASB ITSM Log Push Connector
- Zscaler Internet Access Cloud NSS CASB Repo Log Push Connector
- Zscaler Internet Access Cloud NSS DNS Log Push Connector
- Zscaler Internet Access Cloud NSS Email DLP Log Push Connector
- Zscaler Internet Access Cloud NSS Endpoint DLP Log Push Connector
- Zscaler Internet Access Cloud NSS Firewall Log Push Connector
- Zscaler Internet Access Cloud NSS Tunnel Log Push Connector
- Zscaler Internet Access Cloud NSS Web Log Push Connector
Tables Used
This solution uses 1 table(s):
Content Items
This solution includes 29 content item(s) (27 in solution, 2 discovered 🔍):
| Content Type | Total | In Solution | Discovered |
|---|---|---|---|
| Workbooks | 17 | 17 | - |
| Playbooks | 10 | 10 | - |
| Analytic Rules | 2 | 0 | 2 |
Analytic Rules
| Name | Severity | Tactics | Tables Used |
|---|---|---|---|
| Discord CDN Risky File Download ⚠️ | Medium | CommandAndControl | CommonSecurityLog |
| Request for single resource on domain ⚠️ | Low | CommandAndControl | CommonSecurityLog |
Workbooks
Playbooks
| Name | Description | Tables Used |
|---|---|---|
| Zscaler OAuth2 Authentication | This playbook obtains OAuth2 access tokens for Zscaler Internet Access (ZIA) integrations using Zsca... | - |
| Zscaler OAuth2 Blacklist URL | This playbook adds URLs to the Zscaler security blacklist using OAuth2 authentication. | - |
| Zscaler OAuth2 Block IP | This playbook blocks IP addresses in Zscaler by adding them to a category using OAuth2 authenticatio... | - |
| Zscaler OAuth2 Block URL | This playbook blocks URLs in Zscaler by adding them to a category using OAuth2 authentication. | - |
| Zscaler OAuth2 Lookup IP | This playbook looks up IP categorization information from Zscaler using OAuth2 authentication. | - |
| Zscaler OAuth2 Lookup URL | This playbook looks up URL categorization information from Zscaler using OAuth2 authentication. | - |
| Zscaler OAuth2 Unblock IP | This playbook unblocks IP addresses in Zscaler by removing them from a category using OAuth2 authent... | - |
| Zscaler OAuth2 Unblock URL | This playbook unblocks URLs in Zscaler by removing them from a category using OAuth2 authentication. | - |
| Zscaler-Oauth2-UnblacklistURL | This playbook enables automated removal of URLs from the Zscaler Internet Access (ZIA) blacklist whe... | - |
| Zscaler-Oauth2-WhitelistURL | This playbook enables automated addition of URLs to the Zscaler Internet Access (ZIA) security white... | - |
⚠️ Items marked with ⚠️ are not listed in the Solution JSON file. They were discovered by scanning the solution folder and may be legacy items, under development, or excluded from the official solution package.
Release Notes
| Version | Date Modified (DD-MM-YYYY) | Change History |
|---|---|---|
| 3.0.4 | 14-02-2026 | Added 15 new CloudNSS CCF Data connectors, 17 new Workbooks and OAuth2 Playbooks. |
| 3.0.3 | 28-11-2024 | Removed Deprecated Data Connectors |
| 3.0.2 | 28-06-2024 | Deprecating data connectors |
| 3.0.1 | 03-05-2024 | Repackaged for parser issue fix on reinstall |
| 3.0.0 | 16-02-2024 | Addition of new Zscaler AMA Data Connector |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊