marketplace
Zscaler ZPA: User Activity
Zscaler ZPA: App Connector
Overview
Zscaler provides advanced security capabilities through its Zero Trust Exchange platform, enabling secure access to applications and internet resources. With Zscaler Private Access (ZPA) and Zscaler Internet Access (ZIA), organizations can streamline secure remote connectivity and internet traffic management.
This integration collects the following log types and subtypes:
| Type | Description | SubType |
|---|
| ZPA: App Connector | Metrics and status information related to an App Connector’s performance and availability | Metrics, Status |
| ZPA: Private Service Edge | Metrics and status information related to a Private Service Edge’s performance and connection | Metrics, Status |
| ZPA: User | Information on end user requests, availability, and connection status | Activity, Status |
| ZPA: Browser Access | HTTP log details for Browser Access activities | Access Logs |
| ZPA: Audit | Session information for all admin activities in the ZPA Admin Portal | Audit Logs |
| ZPA: AppProtection | Details of AppProtection policy activities | AppProtection |
| ZIA: Web | Logs related to web traffic and access | Web Logs |
| ZIA: Firewall | Logs detailing firewall activity | Firewall Logs |
| ZIA: DNS | Information about DNS queries and responses | DNS Logs |
| ZIA: Tunnel | Logs related to tunnel activity | Tunnel Logs |
| ZIA: Audit | Administrative audit logs capturing admin actions | Audit Logs |
| ZIA: DLP | Data Loss Prevention logs capturing policy violations | Endpoint DLP Logs |
The integration includes following ready-to-use Datadog Cloud SIEM detection rules for enhanced monitoring and security:
- Zscaler ZPA: App Connector Authentication Failure Anomaly
- Zscaler ZPA: Detection of activity from new or suspicious location
- Zscaler ZPA: Anomaly in Fully Qualified Domain Name Error
- Zscaler ZPA: User Authentication Failure Anomaly
- Zscaler ZIA: DLP Policy Violation with High or Critical or Emergency Severity
- Zscaler ZIA: DLP Alert for exempt zdp mode in 1 Hour
- Zscaler ZIA: Unusual Amount of Failed Authentications
- Zscaler ZIA: Multiple Policy Violations by Single User
Note: To use the out-of-the-box detection rules, the relevant integration must be installed in Datadog, and Cloud SIEM must be enabled.
Support
For support or feature requests, contact Crest Data through the following channels:
This application is made available through the Datadog Marketplace and is supported by a Datadog Technology Partner. To use it, purchase this application in the Marketplace.
