cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Azure Sentinel + Zscaler

%3CLINGO-SUB%20id%3D%22lingo-sub-1335960%22%20slang%3D%22en-US%22%3EAzure%20Sentinel%20%2B%20Zscaler%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1335960%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20have%20successfully%20connected%20Sentinel%20with%20Zscaler%20and%20so%20far%20the%20logs%20that%20are%20getting%20ingested%20into%20the%20workspace%20are%20more%20or%20less%20the%20urls%20that%20are%20getting%20allowed%2Fblocked.%20Is%20there%20anything%20else%20that%20needs%20to%20be%20done%20to%20get%20more%20logs%20or%20any%20documentation%20that%20could%20help%20us%20do%20it%3F%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20it%20not%20too%20much%20to%20ask%20can%20a%20status%20of%20the%20machine%20active%2Finactive%2C%20last%20connected%20time%20etc%20be%20ingested%20as%20well%20so%20that%20we%20can%20create%20a%20playbook%20for%20the%20respective%20IT%20teams%20to%20take%20action%20on%20it%3F%3C%2FP%3E%3CP%3EAny%20help%20wrt%20to%20this%20will%20be%20on%20great%20help%20to%20us!%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1353684%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20Sentinel%20%2B%20Zscaler%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1353684%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F428046%22%20target%3D%22_blank%22%3E%40Pranesh1060%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EHi%3C%2FP%3E%0A%3CP%3EDid%20you%20see%20step%20two%20here%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fhelp.zscaler.com%2Fzia%2Fzscaler-microsoft-azure-sentinel-deployment-guide%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fhelp.zscaler.com%2Fzia%2Fzscaler-microsoft-azure-sentinel-deployment-guide%3C%2FA%3E%3F%3C%2FP%3E%0A%3CP%3Eit%20looks%20like%20you%20configure%20the%20feed%2Fformat%20and%20if%20you%20are%20only%20getting%20urls%20than%20maybe%20a%20feed%20is%20missing%20for%20the%20format%20isnt%20sending%20everything.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Pranesh1060
Contributor

‎04-24-2020 08:39 AM

‎04-24-2020 08:39 AM

Azure Sentinel + Zscaler

Hi,

 

We have successfully connected Sentinel with Zscaler and so far the logs that are getting ingested into the workspace are more or less the urls that are getting allowed/blocked. Is there anything else that needs to be done to get more logs or any documentation that could help us do it? 

If it not too much to ask can a status of the machine active/inactive, last connected time etc be ingested as well so that we can create a playbook for the respective IT teams to take action on it?

Any help wrt to this will be on great help to us!

 

Thanks

463 Views
0 Likes
1 Reply
Reply
1 Reply
Nicholas DiCola (SECURITY JEDI)

‎05-01-2020 12:15 PM

‎05-01-2020 12:15 PM

Re: Azure Sentinel + Zscaler

@Pranesh1060 

Hi

Did you see step two here https://help.zscaler.com/zia/zscaler-microsoft-azure-sentinel-deployment-guide?

it looks like you configure the feed/format and if you are only getting urls than maybe a feed is missing for the format isnt sending everything.

0 Likes
Reply