Zscaler parsers overview
This document lists the Zscaler parsers that normalize Zscaler product logs into Google Security Operations Unified Data Model (UDM) fields. It provides a high level overview of each Zscaler product with its use case scenario.
Configure ingestion of Zscaler logs
To ingest the Zscaler logs to Google SecOps, click the corresponding ingestion mechanism link from the table and follow the instructions provided with each parser.
Zscaler products and description
The following table lists the Zscaler parsers that Google SecOps supports. It also lists the corresponding ingestion label for each parser along with their individual product description. You can click the ingestion mechanism link provided with each parser to view the the detailed steps of ingestion mechanism to be followed. To view the mapping reference documentation of the parser, click the corresponding parser name from the table.
Product Name | Ingestion label | Product Description |
---|---|---|
Webproxy |
ZSCALER_WEBPROXY |
Zscaler Webproxy is an advanced web proxy solution built for the cloud. It inspects all traffic at scale (including TLS/SSL) with connections brokered between users and applications based on identity, context, and business policies. It aims to secure data, eliminate vulnerabilities and stop data loss. It acts as an intermediary between the client and the server, provides secure access to resources and protects the server from malware and other threats.
Zscaler Webproxy Ingestion Mechanism |
Firewall |
ZSCALER_FIREWALL |
Zscaler Firewall is a cloud-based security solution that secures web and non-web traffic. It enhances connectivity and availability by routing traffic through local internet breakout and eliminates the need for VPNs and redundant security appliances. As a Firewall as a service solution, Zscaler handles updates, upgrades, and patches. This leads to cost savings and reduced complexity. It logs every session to ensure comprehensive visibility and access to necessary information.
Zscaler Firewall Ingestion Mechanism |
Admin Audit |
ZSCALER_INTERNET_ACCESS |
Zscaler Internet Access records every action performed by admins in the ZIA Admin Portal and the actions occurring through Cloud Service APIs. These logs provide insights that enable you to review alterations made to PAC files or URL filtering policies. It helps in tracking changes made by administrators during login sessions and support compliance demonstrations. It can promptly detect and investigate suspicious activities or unauthorized access to the administrative interface. Thus, it ensures the security and integrity of your network.
Zscaler Internet Access Ingestion Mechanism |
DNS |
ZSCALER_DNS |
Zscaler DNS Security and Control services offer mechanisms to take control of your DNS architecture and response. By proxying the DNS request, you can enforce your organization's DNS policies in the Zscaler Zero Trust Exchange (ZTE). When the DNS request reaches the ZTE, the request is open and inspected. No DNS requests can bypass inspection unless you authorize it, as you can restrict your users to only using DNS servers you specify. Zscaler recommends leveraging the ZTR service as your DNS resolver. ZTR instances exist in each of Zscaler 150+ data centers around the world.
Zscaler DNS Ingestion Mechanism |