Zscaler ZPA

Version: Zscaler ZPA.

The Zscaler Private Access (ZPA) is a cloud service that permits organizations to provide access to internal applications and services while ensuring the security of their networks.

Netsurion Open XDR monitors events from Zscaler ZPA. Its dashboard, alerts and reports will help you to track authentication activities of user and connectors, user activity and status and browser activity to keep you informed about the system and its activities. It will trigger alert whenever any authentication failure is detected to tackle security issues.

Netsurion Data Source Integration for Zscaler ZPA allows you to monitor the following components.

  • Security – User Authentication Failure
  • Operation – Browser activity, User activity and Connector status
  • Compliance – User Status

After the Zscaler ZPA is configured to deliver events to the Netsurion Open XDR, the dashboards and reports can be configured into Netsurion Open XDR.

The following are the key Data Source Integration available in Netsurion Open XDR.

Alerts

Type Name Description
Security Zscaler ZPA – User Authentication Failure This alert is generated when user authentication failure is detected.
Security Zscaler ZPA – Connector Authentication Failure This alert is generated when any authentication failure of connector is detected.

Reports

Type Name Description
Operations Zscaler ZPA – Browser Activity This report gives the information about the HTTP log information related to browser access. Reports contain User email, HTTP method, protocol, request size, response size, user agent, URL, client IP, port and other details used for investigation.
Operations Zscaler ZPA – User Activity This report gives information related to user activities performed in Zscaler ZPA. Reports contain connection status, IP address, port, application name, username, customer name and other fields which provides a detailed view of the user activity.
Operations Zscaler ZPA – Connector Status This report gives information about all the connector status of Zscaler ZPA about management, data forwarding and configuration update. Reports contain session type, status, session ID, connector name and IP of connector and other useful details for investigation.
Compliance Zscaler ZPA – User Status This report gives information about the user status connected to Zscaler ZPA. Reports contain IP address, username, email, session status as (connected, disconnected and authenticated) and other useful information.

Documentation

The configuration details are consistent with Netsurion Open XDR 9.2 or later, and Zscaler ZPA.

Download Integration Guide and How-to Guide for configuration instructions and more information.