Forum Discussion
MCAS Help with ZSCaler
I recently implemented Cloud App Security with a ZSCaler instance. I am getting the logs to come over into MCAS, but when they are doing so, they user ID is coming anonymized. I have checked in MCAS and ZScaler, and the obscuration setting is turned off. Any body have some suggestions on what else to look at in regards to the User ID being shown incorrectly?
Note, when I do put the obscured ID into MCAS decrypting tool, MCAS is able to resolve it.
8 Replies
- Does the issue still occur?
It turns out that the source for ZScaler data needs to be NSS. It is hard coded into the MCAS software.
- That is incorrect. Data source name (i.e. NSS) isn't hardcoded in MCAS, and can be modified in Zscaler 'zbridge-mcas.properties' file.
Hi SteveCombs,
Before taking this to engineering for troubleshooting, could you please confirm that when creating your Zscaler data source in MCAS portal, you didn't mark the checkbox to anonymize PII? (See more details in the attachment)
Thanks,
Danny.
I am checking today on this setup, but I am pretty sure this checkbox is not selected. If so, should we open a ticket with MS in your opinion?
- Steve,
Please note that this option is set only once when the data source is created.
I'd suggest that you delete the current data source, and create a new one with the exact configuration (consider not checking the anonymization checkbox) and then see whether data still comes in the same way.
If this still doesn't resolve your case, so opening support ticket is the suggested action.
Thanks,
Danny.
