Skip to main content

Zscaler Internet Access

Download With Dependencies

Zscaler is a cloud security solution built for performance and flexible scalability.

Zscaler Internet access

This pack includes Cortex XSIAM content.

Collect Events from Vendor

To configure the Zscaler Internet Access (ZIA) to send logs via the NSS feed output, refer to steps 1-3 in the following XDR documentation which relates to both Web logs and FW logs.

More information on configuring NSS feed outputs:

  1. Adding NSS Feeds for Firewall Logs.
  2. Adding NSS Feeds for Web Logs.
  3. NSS Feed Output Format: Firewall logs.
  4. NSS Feed Output Format: Web Logs.

Notes:

  • Make sure to specify the feed escape character as =.
  • As mentioned in the documentation, make sure to add the feed output format for Web logs and/or FW logs.

Configuring the Broker VM

To create or configure the Broker VM, use the information described here.

You can configure the specific vendor and product for this instance.

  1. Navigate to Settings > Configuration > Data Broker > Broker VMs.
  2. Go to the apps tab and add the Syslog app. If it already exists, click the Syslog app and then click Configure.
  3. Click Add New.
  4. In the General Settings section, add the following details:
    • Port - specify the port of your log receiver host.
    • Protocol - choose TCP or UDP.
    • Format - specify to 'Auto-Detect'.

PUBLISHER

Cortex

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

CertificationRead more
Supported ByCortex
CreatedJuly 15, 2020
Last ReleaseMarch 17, 2024
WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER
Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.