Zscaler Internet Access CCF

The Zscaler Internet Access (ZIA) Cloud NSS solution for Microsoft Sentinel provides cloud-native security log ingestion, analytics, and automated response capabilities built on Microsoft's Codeless Connector Framework.

ZIA Cloud NSS (Nanolog Streaming Service) pushes security logs directly to Microsoft Sentinel via Data Collection Rules and Data Collection Endpoints - no VM, agent, or syslog forwarder required. Logs are transformed at ingestion into the CommonSecurityLog (CEF) schema, enabling immediate correlation with other security data sources in Sentinel. This package contains:

15 data connectors covering the full ZIA log portfolio:

- Network Security: Web, Firewall, DNS, Tunnel

- Data Protection: Endpoint DLP, Email DLP

- CASB (SaaS Security): Activity, Cloud Storage, Collaboration, CRM, Email, File Sharing, ITSM, Repository

- Administration: Audit Logs

17 workbooks providing out-of-the-box visibility into web traffic patterns, threat detections, firewall activity, DNS queries, tunnel health, DLP incidents, SaaS application usage across all CASB categories, and administrative audit trails.

10 playbooks for automated incident response via the ZIA API, including:

- Block/unblock IPs and URLs

- Blacklist/whitelist URL management

- IP and URL threat lookup enrichment

- OAuth2-based authentication

2 analytics rules for proactive threat detection.