ZPA_CL

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Back to Tables Index

Attribute Value
Ingestion API Supported ✓ Yes

Contents

Schema (7 columns)

Source: KQL validation test schema

Column Name Type
_ResourceId string
_SubscriptionId string
Computer string
Message string
RawData string
TimeGenerated datetime
Type string

Solutions (2)

This table is used by the following solutions:

Connectors (2)

This table is ingested by the following connectors:

Connector Selection Criteria
Custom logs via AMA
[Deprecated] Zscaler Private Access

Content Items Using This Table (21)

Analytic Rules (10)

In solution Zscaler Private Access (ZPA):

Analytic Rule Selection Criteria
Zscaler - Connections by dormant user
Zscaler - Forbidden countries
Zscaler - Shared ZPA session
Zscaler - Unexpected ZPA session duration
Zscaler - Unexpected event count of rejects by policy
Zscaler - Unexpected update operation
Zscaler - ZPA connections by new user
Zscaler - ZPA connections from new IP
Zscaler - ZPA connections from new country
Zscaler - ZPA connections outside operational hours

Hunting Queries (10)

In solution Zscaler Private Access (ZPA):

Hunting Query Selection Criteria
Zscaler - Abnormal total bytes size
Zscaler - Applications using by accounts
Zscaler - Connection close reasons
Zscaler - Destination ports by IP
Zscaler - Rare urlhostname requests
Zscaler - Server error by user
Zscaler - Top connectors
Zscaler - Top source IP
Zscaler - Users access groups
Zscaler - Users by source location countries

Workbooks (1)

In solution Zscaler Private Access (ZPA):

Workbook Selection Criteria
ZscalerZPA

Parsers Using This Table (1)

Other Parsers (1)

Parser Solution Selection Criteria
ZPAEvent Zscaler Private Access (ZPA)

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Back to Tables Index