Forum Discussion
ZScaler Use Case/Rule Recommendations
Hi Guys
I am new to the Sentinel family. We have recently setup ZScaler connector and can see the NSS for Web logs arriving Azure Sentinel. Any suggestions what best rule/use case we can setup to get max out of the logs coming in and how can we set it up.
Thanks
2 Replies
- I personally use Zscaler when I am hunting. I join the MDE data and Zscaler data to see which URL's a device/user has surfed too
Have you enabled the three recommend ones? You can also look at four workbooks Zscalar provided, you can edit these, and see the queries used, and with minimal adaptation create some more rules.
If you do create some, it would be great to share these back in the Github? https://github.com/Azure/Azure-Sentinel/
