Skip to content

Zscaler#

README

Zscaler#

General requirements#

You will need to have an active Zscaler ZIA subscription to be able to utilize this analyzer.

Credit#

Full credit should go to Simon Lavigne for creating this analyzer in the first place.

Zscaler#

Author: Simon Lavigne, Mikael Keri
License: AGPL-V3
Version: 1.3
Supported observables types:
- ip
- domain
- url
- fqdn
Registration required: True
Subscription required: True
Free subscription: False
Third party service: https://www.zscaler.com/

Description#

Check Zscaler category for a domain, fqdn, IP address or FQDN. This analyzer requires a paid subscription to Zscaler ZIA

Configuration#

username Zscaler username
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required True
password Zscaler password
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required True
api_key API key
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required True
base_uri The base URL of your Zscaler subscription
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required True
malicious_categories List of Zscaler categories to be considered as malicious
Default value if not configured ['PHISHING', 'MALWARE_SITE', 'BOTNET', 'SPYWARE_OR_ADWARE', 'ADSPYWARE_SITES', 'ADWARE_OR_SPYWARE', 'CRYPTOMINING', 'WEB_SPAM', 'MALICIOUS_TLD']
Type of the configuration item string
The configuration item can contain multiple values True
Is required True
suspicious_categories List of Zscaler categories to be considered as suspicious
Default value if not configured ['SHAREWARE_DOWNLOAD', 'REMOTE_ACCESS', 'MISCELLANEOUS_OR_UNKNOWN', 'NEWLY_REG_DOMAINS', 'OTHER_ILLEGAL_OR_QUESTIONABLE', 'COPYRIGHT_INFRINGEMENT', 'GAMBLING', 'COMPUTER_HACKING', 'ANONYMIZER', 'MISCELLANEOUS_OR_UNKNOWN', 'DNS_OVER_HTTPS', 'ENCR_WEB_CONTENT']
Type of the configuration item string
The configuration item can contain multiple values True
Is required True

Templates samples for TheHive#

Zscaler Lookup sample Information full report

screenshot


Last update: October 21, 2022 15:12:22