Forum Discussion

GraceAA's avatar
GraceAA
Copper Contributor
Jan 17, 2022

ZPA-Sentinel SIEM ingestion

We have been trying to get ZPA (Zscaler Private Access) logs into Sentinel using the data connector described in Sentinel. The LSS was setup in AWS and the Log Receiver is an Azure Ubuntu VM. It has...
ChrisMamas's avatar
ChrisMamas
Icon for Microsoft rankMicrosoft
Jan 31, 2022

Hi GraceAA ,

 

I haven't worked with Zscaler products specifically, but I have experience with Fluentd and the Sentinel plugin. 

Can you provide the Fluentd config?

Have you written an output plugin to dump logs to a file?  Do the files match the data in sentinel?

Have you checked the "Operation" table in the Sentinel workspace? Are there any errors for the system?