https://catalogartifact.azureedge.net/publicartifacts/zscaler1579058425289.zia_ccf-fe3971aa-16fb-4d63-95c7-91eb89a73748/472abf60-fb70-42d8-903c-64cfa1dc55d1_zscaler.png

Zscaler Internet Access Cloud NSS Log Feed Ingestion

by Zscaler

Ingest and analyze Zscaler Internet Access Cloud NSS logs in Microsoft Sentinel

This solution deploys 44 Microsoft Sentinel resources for Zscaler Internet Access Cloud NSS log monitoring:

- 15 Cloud NSS push data connectors (web, firewall, DNS, tunnel, endpoint DLP, email DLP, 8 CASB categories, and
audit logs) via the Codeless Connector Platform
- 17 workbooks for security monitoring and analysis
- 10 OAuth2-based playbooks for automated response (block/unblock IPs and URLs, blacklist/whitelist management, IP
and URL lookups)
- 2 analytic rules for threat detection (low-volume domain requests and Discord CDN risky file downloads)