ZScaler NSS

Cyderes supports ingesting ZScaler Security logs.

Chronicle Data Types

• ZSCALER_DNS
• ZSCALER_FIREWALL
• ZSCALER_VPN
• ZSCALER_WEBPROXY
• ZSCALER_CASB

---

NSS Server

Caveats / Known Limitations

• A separate DNS entry will be used for each NSS feed log type.

Requirements

• Zscaler licenses required for this integration.
• Zscaler NSS server and Cyderes Cyclops (or another syslog shipper) must be deployed and co-located to forward events to CNAP.
• Customers must host NSS inside their own on-premises or cloud data center environment (Ex. vSphere):

Configuration Instructions

Follow the below procedure to deploy an NSS server to stream logs to a security information and event management (SIEM) system.

• Navigate to https://help.zscaler.com/zia/documentation-knowledgebase/analytics/nss/nss-deployment-guides*