Zscaler

Supported OS Linux Windows Mac OS

marketplace
Zscaler ZIA: Audit
Zscaler ZIA: DNS
Zscaler ZIA: Endpoint
Zscaler ZIA: Web
Zscaler ZPA: User-Status
Zscaler ZPA: Audit
Zscaler ZPA: User Activity
Zscaler ZPA: App Connector
이 페이지는 아직 한국어로 제공되지 않으며 번역 작업 중입니다. 번역에 관한 질문이나 의견이 있으시면 언제든지 저희에게 연락해 주십시오.

Overview

Zscaler provides advanced security capabilities through its Zero Trust Exchange platform, enabling secure access to applications and internet resources. With Zscaler Private Access (ZPA) and Zscaler Internet Access (ZIA), organizations can streamline secure remote connectivity and internet traffic management.

This integration collects the following log types and subtypes:

TypeDescriptionSubType
ZPA: App ConnectorMetrics and status information related to an App Connector’s performance and availabilityMetrics, Status
ZPA: Private Service EdgeMetrics and status information related to a Private Service Edge’s performance and connectionMetrics, Status
ZPA: UserInformation on end user requests, availability, and connection statusActivity, Status
ZPA: Browser AccessHTTP log details for Browser Access activitiesAccess Logs
ZPA: AuditSession information for all admin activities in the ZPA Admin PortalAudit Logs
ZPA: AppProtectionDetails of AppProtection policy activitiesAppProtection
ZIA: WebLogs related to web traffic and accessWeb Logs
ZIA: FirewallLogs detailing firewall activityFirewall Logs
ZIA: DNSInformation about DNS queries and responsesDNS Logs
ZIA: TunnelLogs related to tunnel activityTunnel Logs
ZIA: AuditAdministrative audit logs capturing admin actionsAudit Logs
ZIA: DLPData Loss Prevention logs capturing policy violationsEndpoint DLP Logs

The integration includes following ready-to-use Datadog Cloud SIEM detection rules for enhanced monitoring and security:

  1. Zscaler ZPA: App Connector Authentication Failure Anomaly
  2. Zscaler ZPA: Detection of activity from new or suspicious location
  3. Zscaler ZPA: Anomaly in Fully Qualified Domain Name Error
  4. Zscaler ZPA: User Authentication Failure Anomaly
  5. Zscaler ZIA: DLP Policy Violation with High or Critical or Emergency Severity
  6. Zscaler ZIA: DLP Alert for exempt zdp mode in 1 Hour
  7. Zscaler ZIA: Unusual Amount of Failed Authentications
  8. Zscaler ZIA: Multiple Policy Violations by Single User

Note: To use the out-of-the-box detection rules, the relevant integration must be installed in Datadog, and Cloud SIEM must be enabled.

Support

For support or feature requests, contact Crest Data through the following channels:

This application is made available through the Datadog Marketplace and is supported by a Datadog Technology Partner. To use it, purchase this application in the Marketplace.