"Unknown" User Agents

I have seen a number of “unknown” user agents in web traffic that is not specific to a user or machine.
These are strictly unknown and not unknown(ios) or anything more descriptive.

I have tested with my own sessions and some will show the agent and others are “unknown”

What causes these unknown agents?
How can i prevent this?

-Owio

Hi @owio,

Welcome to communities. We record full user agent strings for every web transaction and make it available for consumption in your SIEM using the %s{ua} NSS field. We also record tokenized versions of the user agent string for known browsers, for example: CHROME 11.X. In the Web Insights UI we will display the tokenized version if one exists, otherwise the column will show “Unknown (full user-agent string)”. In case you just see the string Unknown, it means that the HTTP user-agent string header was unavailable or that weren’t able to parse it for non-SSL scanned transactions. Are you able to share a sample CSV export of the logs you are referring to? you can also open a support ticket if you want to take it offline.

Lidor

Hi,
https://help.zscaler.com/zia/how-do-i-configure-policy-unauthenticated-traffic - this may give you some lights on to handle the unknown agent traffic.