Is there any APIs Zscaler providing for alerts or security alerts or threats?
There is no API for alerting module.
Then how do I get the data of alerts?
We have option to enable email alerts as of now. Webhook option is expected to be available soon.
Alerts can also be sent through NSS into SIEM, allowing you to distribute them from there.
These alert feeds are about the status of the siem and cloud connection from NSS server
will the webhook then also have the option to give a direct link to the SOC team or alike what to search for?
The email alerts only show like ‘hey man, there was something’ but then you need to figure out how to dig out the exact log lines.