Forum Discussion
gsingh_
Dec 17, 2020Copper Contributor
ZScaler Use Case/Rule Recommendations
Hi Guys
I am new to the Sentinel family. We have recently setup ZScaler connector and can see the NSS for Web logs arriving Azure Sentinel. Any suggestions what best rule/use case we can setup to get max out of the logs coming in and how can we set it up.
Thanks
- CliveWatsonMicrosoft
Have you enabled the three recommend ones? You can also look at four workbooks Zscalar provided, you can edit these, and see the queries used, and with minimal adaptation create some more rules.
If you do create some, it would be great to share these back in the Github? Azure/Azure-Sentinel: Cloud-native SIEM for intelligent security analytics for your entire enterprise. (github.com) - Thijs LecomteBronze ContributorI personally use Zscaler when I am hunting. I join the MDE data and Zscaler data to see which URL's a device/user has surfed too