Zscaler Splunk App

One of the major advantages to the Zscaler cloud is the ability to get a consolidated view of your organization. The logs are stored in the region of your choosing, and the Central Authority lets you drill into your overall data set. You can see your top users, top policy actions, and drill down to find out an individual user and device to locate and issue.

But we also know that Zscaler is only one part of your organization’s technology stack. You have logs from servers, cloud hosts, and apps all generating logs as well. The question then is how do you consolidate and view those logs in a single location?

With Zscaler’s log solutions you can download those logs to your organization. The Nanolog Streaming Service (NSS) for Zscaler Internet Access (ZIA) and Log Streaming Service (LSS) for Zscaler Private Access (ZPA) let you bring those logs in house. But you’ll still need to merge these logs into a Security information and event management (SIEM), one of the most popular being Splunk.

I’ve written a Splunk application that lets you consolidate the streams from NSS and LSS, allowing you a full view of your logs across your Zscaler platform. In this video I’ll go over what how the Zscaler Splunk app version 2 works, what you can do with it, and some notes on where the app is going.

1 Like

You can detailed documented on the Splunk App architecture in here —> Zscaler Splunk App - Design and Installation documentation

1 Like