Zscaler#
README
Zscaler#
General requirements#
You will need to have an active Zscaler ZIA subscription to be able to utilize this analyzer.
Credit#
Full credit should go to Simon Lavigne for creating this analyzer in the first place.
Zscaler#
Author: Simon Lavigne, Mikael Keri
License: AGPL-V3
Version: 1.3
Supported observables types:
- ip
- domain
- url
- fqdn
Registration required: True
Subscription required: True
Free subscription: False
Third party service: https://www.zscaler.com/
Description#
Check Zscaler category for a domain, fqdn, IP address or FQDN. This analyzer requires a paid subscription to Zscaler ZIA
Configuration#
| username | Zscaler username |
|---|---|
| Default value if not configured | N/A |
| Type of the configuration item | string |
| The configuration item can contain multiple values | False |
| Is required | True |
| password | Zscaler password |
|---|---|
| Default value if not configured | N/A |
| Type of the configuration item | string |
| The configuration item can contain multiple values | False |
| Is required | True |
| api_key | API key |
|---|---|
| Default value if not configured | N/A |
| Type of the configuration item | string |
| The configuration item can contain multiple values | False |
| Is required | True |
| base_uri | The base URL of your Zscaler subscription |
|---|---|
| Default value if not configured | N/A |
| Type of the configuration item | string |
| The configuration item can contain multiple values | False |
| Is required | True |
| malicious_categories | List of Zscaler categories to be considered as malicious |
|---|---|
| Default value if not configured | ['PHISHING', 'MALWARE_SITE', 'BOTNET', 'SPYWARE_OR_ADWARE', 'ADSPYWARE_SITES', 'ADWARE_OR_SPYWARE', 'CRYPTOMINING', 'WEB_SPAM', 'MALICIOUS_TLD'] |
| Type of the configuration item | string |
| The configuration item can contain multiple values | True |
| Is required | True |
| suspicious_categories | List of Zscaler categories to be considered as suspicious |
|---|---|
| Default value if not configured | ['SHAREWARE_DOWNLOAD', 'REMOTE_ACCESS', 'MISCELLANEOUS_OR_UNKNOWN', 'NEWLY_REG_DOMAINS', 'OTHER_ILLEGAL_OR_QUESTIONABLE', 'COPYRIGHT_INFRINGEMENT', 'GAMBLING', 'COMPUTER_HACKING', 'ANONYMIZER', 'MISCELLANEOUS_OR_UNKNOWN', 'DNS_OVER_HTTPS', 'ENCR_WEB_CONTENT'] |
| Type of the configuration item | string |
| The configuration item can contain multiple values | True |
| Is required | True |
Templates samples for TheHive#
