Currently I have a WARNING set on download / upload of executables in ZIA, eventually i’d like to start blocking some, instead of just the Warning/Caution.
Is it possible to view logs for File Type Control? I have been unsuccessful in filtering traffic to see logs of this type (if it’s even possible). Any one have any advice/ideas?
Do you send your logs to a SIEM via NSS?
There you can exactly define which log fields you want to see.
See NSS Feed Output Format: Web Logs | Zscaler
I am not, I’ve been looking at logs from within ZIA
Ahhh much apricated, I will give that a shot!
Check if there is any Caution policy defined under file type control.
There is, but it produces no results. Setting to “Allowed with Caution” shows nothing. If I set the filter to “block” I see the logs I posted above. No other filter appears to display.
