ZScaler integration with Protectwise


(Alex) #1

Does ZScaler integrate with Protectwise?
Thanks,


(Jozef Krakora) #2

Zscaler does not integrate directly with Protectwise as such, but a customer could implement security orchestration workflows triggered through a SIEM that consumes logs from Zscaler. Other API based integrations may also be possible. We welcome more specific use case details as well.


(Severino Culabat) #3

Hi, Jozef.

Good day!
Is it possible that using API we can check how many times the url hits in zsacler. Let say on this day www.xyz.com scanned by zscaler and then in another day it the same site scanned again. Is it possible or is there’s a zscaler API for that.

Thanks in advance


(Lidor Pergament) #4

Zscaler currently doesn’t share cloud wide stats via API or other mechanisms with customer. If you could provide details to your use case that would be helpful for our product planning purposes.


(Severino Culabat) #5

Hi, Lidor.

Thanks for your reply. What do you mean details? Actually were planning to use it in our security orchestration for phishing email. I have another question, I saw an api of zscaler for blacklisted, is it across all zscaler client? Let say we include the www.123.com(for example) in blacklisted site then using the api we just only want to get all blacklisted site that we black including the www.123.com.


(Severino Culabat) #6

Hi, Lidor.

What specific details you need?
Thanks


(Nick Morgan) #7

Hi @rain There are a number of URL category functions available via API but it’s not currently possible to pull ‘hit count’ stats for specific URLs.
Some useful links on API are here:

https://help.zscaler.com/zia/about-api
https://help.zscaler.com/zia/api
https://help.zscaler.com/zia/url-categories-use-cases

Have you considered setting up NSS to stream logs into a SIEM type platform?
https://help.zscaler.com/zia/about-nanolog-streaming-service

Many SIEM solutions provide capabilities to construct your own custom queries/counters. It may be that you can still use the Zscaler API to pull URL category information, but then also connect your security orchestration to your SIEM to get the ‘hit counts’ for the domains you are interested in?


(Severino Culabat) #8

Hi, racingmonk. Thanks for the information, I’ll check on it.