Zscaler Internet Access CA

Version: Applicable for Zscaler Internet Access CA

The Zscaler Internet Access (ZIA) Central Authority (CA) is a vital system in the Zscaler cloud. It monitors the cloud and provides a central location for the software and database updates, policy and configuration settings, and threat intelligence.

The Nanolog Streaming Service (NSS) server can send the traffic logs to Netsurion Open XDR. By using Netsurion you can monitor the web traffic logs, firewall logs, tunnel logs, and alerts. You can easily track the malicious web activities, inbound and outbound traffic activities, and alerts even when the CPU memory is full, and the CPU utilization is high.

Netsurion Open XDR can help organizations monitor the Zscaler Internet Access CA alerts triggered by the ZIA CA.
Netsurion Open XDR captures the login and logout events into the Zscaler Internet Access CA application and alerts the administrators in real-time.

  • Security – Detects web access activities and firewall activities.
  • Operations – Domain name service activities and SaaS activities.
  • Compliance – Tunnel activities and firewall activities.

After the Zscaler Internet Access CA is configured to deliver the Zscaler Internet Access CA events to Netsurion Open XDR, then the alerts, dashboards, and reports can be configured into Netsurion Open XDR.

The following are the key Data Source Integration available in Netsurion Open XDR.

Alerts

Type Name Description
Security Zscaler Internet Access CA – IPS traffic detected This alert generates whenever Zscaler detects Intrusion prevention traffic.
Security Zscaler Internet Access CA – Malicious file has been detected This alert generates whenever Zscaler detects a malicious file.

Reports

Type Name Description
Security Zscaler Internet Access CA – Web access activities This report gives information about the web access details on your organization. It contains the field information like the username, source IP address, destination IP address, host name, action, reason, URL address, a risk score of URLs, total bytes in, total bytes out, etc.
Operations Zscaler Internet Access CA – DNS activities This report gives information about the domain name service events. It contains the field information like the client IP address, server IP address, datacenter name, datacenter location, record type, username, response type, reason, action, etc.
Operations Zscaler Internet Access CA – SaaS security activities This report gives information about the current state of the organization security posture for the SaaS application. It contains the field information like action, hostname, application, source IP address, destination IP address, threat name, URL address, etc.
Compliance Zscaler Internet Access CA – Tunnel activities This report gives information about the tunnel traffic. It contains field information like IP address, location, destination IP address, tunnel type, VPN name, etc.

Documentation

The configuration details are consistent with the Netsurion Open XDR 9.2x and later, and the Zscaler Internet Access CA.

Download Integration Guide and How-to Guide for configuration instructions and more information.