Zscaler Custom Reports

reporting

(Frank Brunner) #1

We are working through the implementation of Zscaler currently and I was wondering if anyone knows of any good resources for custom report configuration?

In our previous solution we were able to schedule a variety of email reports that showed users tied to malicious traffic and the URL of that malicious traffic (example below), but with Zscaler I’ve only been able to create a generic report that shows a user and the type of malicious traffic that was detected (no details regarding URL or dest IP). Getting additional information to conduct an investigation with our other tools requires logging into Zscaler to pull additional relevant data.

It was also surprising to see that you can’t really customize alerting (unless I’m missing something)

Ideal Report/Alert Example:

Severity: Critical
Category: Botnet
Filtering action: Blocked
User: Smith, Jonathan
Threshold (in hits): 1
Hostname: hxxps://examplebotnet.com
Destination IP address: 88.88.88.88 Port: 443