Zscaler Internet access
This pack includes Cortex XSIAM content.
Collect Events from Vendor
To configure the Zscaler Internet Access (ZIA) to send logs via the NSS feed output, refer to steps 1-3 in the following XDR documentation which relates to both Web logs and FW logs.
More information on configuring NSS feed outputs:
- Adding NSS Feeds for Firewall Logs.
- Adding NSS Feeds for Web Logs.
- NSS Feed Output Format: Firewall logs.
- NSS Feed Output Format: Web Logs.
Notes:
- Make sure to specify the feed escape character as =.
- As mentioned in the documentation, make sure to add the feed output format for Web logs and/or FW logs.
Configuring the Broker VM
To create or configure the Broker VM, use the information described here.
You can configure the specific vendor and product for this instance.
- Navigate to Settings > Configuration > Data Broker > Broker VMs.
- Go to the apps tab and add the Syslog app. If it already exists, click the Syslog app and then click Configure.
- Click Add New.
- In the General Settings section, add the following details:
- Port - specify the port of your log receiver host.
- Protocol - choose TCP or UDP.
- Format - specify to 'Auto-Detect'.