Overview

Zscaler Private Access (ZPA) service enables organizations to provide access to internal applications and services while ensuring the security of their networks. ZPA is, basically, an alternative to VPNs.

Integrating your Zscaler logs to the Hunters ecosystem will allow storing the data in a parsed format, as well as investigate threat scenarios over it and getting related Hunters detections.

Supported Data Types

  • ZPA App Connector status - Detailed information about the secure authenticated interface between a customer’s servers and the ZPA cloud.

  • ZPA Audit Logs - Detailed audit logs displaying an admin's sign in and sign out attempts, actions, request ID, etc.

  • ZPA Browser Access Logs - Browser Access allows using a web browser for user authentication and application access over ZPA, without requiring users to install the Zscaler Client Connector on their devices. These logs details those connections.

  • ZPA User Activity Logs - Detailed information about the activity of the service’s connected users.

  • ZPA User Status Logs - Detailed information about the users and their statuses'.

Hunters Integration

In order to integrate your iboss logs into Hunters, the logs need to be collected from your network to a Storage Service (e.g. to an S3 bucket or Azure Blob Storage) shared with Hunters.

The expected format of the logs is the NDJSON format as exported by Zscaler. It is recommended to log the full schema, however any subset of the fields can be ingested given you are providing your specific schema to Hunters.