Skip to content

ZScaler

Cyderes supports ingesting ZScaler Security logs using a Webhook.

Chronicle Data Types

  • ZSCALER_DNS
  • ZSCALER_FIREWALL
  • ZSCALER_VPN
  • ZSCALER_WEBPROXY
  • ZSCALER_CASB

Webhook

Cloud Nanolog Streaming Service (NSS) allows you to instantly stream logs from ZIA directly into a cloud-based SIEM, without the need to to deploy an NSS VM for Web or Firewall.

Cyderes supports the Cloud NSS feeds via webhook.

Caveats / Known Limitations

  • Once the license is obtained, a request to Zscaler Support will be needed to enable the 'NSS cloud to cloud (HEC)' feature for integrating a webhook with Cyderes.

Requirements

  • Zscaler licenses required for this integration feature are 'TRANSFORMATIONAL or ELA'.
  • Zscaler does support the feature with an 'add-on' cost if the license requirement is not met.

Configuration Instructions

When following Adding Cloud NSS Feeds, the following values must be set:

GENERAL

  • Feed Name: Enter the name of the feed
  • SIEM Rate: Unlimited
  • STATUS: Enabled
  • SIEM type: Other
  • API URL: (url provided by Cyderes)

HTTP HEADERS

  • Key 1: Authorization
  • Value 1: (api_key provided by Cyderes)
  • Key 2: LogType
  • Value 2: (Data Type provided above)

FORMATTING

  • Log Type: (Web Log, Firewall Log, DNS Log, SaaS Security, etc.)
  • Feed Output Type: JSON

NOTE: follow the above and add for each data type