Zscaler#
README
Zscaler#
General requirements#
You will need to have an active Zscaler ZIA subscription to be able to utilize this analyzer. For reference, you may use this supporting documentation in case of issues with the API: Getting started with ZIA API.
Credit#
Full credit should go to Simon Lavigne for creating this analyzer in the first place.
Zscaler#
Author: Simon Lavigne, Mikael Keri
License: AGPL-V3
Version: 1.3
Supported observables types:
- ip
- domain
- url
- fqdn
Registration required: True
Subscription required: True
Free subscription: False
Third party service: https://www.zscaler.com/
Description#
Check Zscaler category for a domain, fqdn, IP address or FQDN. This analyzer requires a paid subscription to Zscaler ZIA
Configuration#
| username | Zscaler username |
|---|---|
| Default value if not configured | N/A |
| Type of the configuration item | string |
| The configuration item can contain multiple values | False |
| Is required | True |
| password | Zscaler password |
|---|---|
| Default value if not configured | N/A |
| Type of the configuration item | string |
| The configuration item can contain multiple values | False |
| Is required | True |
| api_key | API key |
|---|---|
| Default value if not configured | N/A |
| Type of the configuration item | string |
| The configuration item can contain multiple values | False |
| Is required | True |
| base_uri | The base URL of your Zscaler subscription. Example: https://zsapi.zscalertwo.net |
|---|---|
| Default value if not configured | N/A |
| Type of the configuration item | string |
| The configuration item can contain multiple values | False |
| Is required | True |
| malicious_categories | List of Zscaler categories to be considered as malicious |
|---|---|
| Default value if not configured | ['PHISHING', 'MALWARE_SITE', 'BOTNET', 'SPYWARE_OR_ADWARE', 'ADSPYWARE_SITES', 'ADWARE_OR_SPYWARE', 'CRYPTOMINING', 'WEB_SPAM', 'MALICIOUS_TLD'] |
| Type of the configuration item | string |
| The configuration item can contain multiple values | True |
| Is required | True |
| suspicious_categories | List of Zscaler categories to be considered as suspicious |
|---|---|
| Default value if not configured | ['SHAREWARE_DOWNLOAD', 'REMOTE_ACCESS', 'MISCELLANEOUS_OR_UNKNOWN', 'NEWLY_REG_DOMAINS', 'OTHER_ILLEGAL_OR_QUESTIONABLE', 'COPYRIGHT_INFRINGEMENT', 'GAMBLING', 'COMPUTER_HACKING', 'ANONYMIZER', 'MISCELLANEOUS_OR_UNKNOWN', 'DNS_OVER_HTTPS', 'ENCR_WEB_CONTENT'] |
| Type of the configuration item | string |
| The configuration item can contain multiple values | True |
| Is required | True |
Templates samples for TheHive#
