Zscaler

Zscaler is a global cloud-based information security company that provides Internet security, web security, firewalls, sandboxing, SSL inspection, antivirus, vulnerability management and granular control of user activity in cloud computing, mobile and Internet of Things environments. Zscaler provides a cloud-based approach to security as a service.

Integration with LogicHub

Connecting with Zscaler

To connect to Zscaler following details are required:

  • Label: Connection name.
  • Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
  • base URI: base URI for the API provisioned for your organization.
  • Username: must be your user name.
  • Password: must be your password.
  • API key: API key for Zscaler

Actions with Zscaler

Blacklist Add

Add URL/IP to Blacklist. [Max 25000]

Inputs to this action

  • url_column_name: column name from parent table containing url/ip to add

Output of Action
JSON containing the following items:

  • has_error: True/False
  • error: message/null
  • result: success or "Activation of configuration changes failed."

Blacklist Remove

Remove URL/IP from Blacklist

Inputs to this action

  • url_column_name: column name from parent table containing url/ip to remove

Output of Action
JSON containing the following items:

  • has_error: True/False
  • error: message/null
  • result: success or "Activation of configuration changes failed."

URL/IP Lookup

Looks up the categorization of a given URL/IP

Inputs to this Action

  • url_column_name: column name from parent table containing url/ip to lookup

Output of Action
JSON containing the following items:

  • has_error: True/False
  • error: message/null
  • result: json object containing url categorisation result from Zscaler

Whitelist Add

Add URL/IP to Whitelist

Inputs to this action

  • url_column_name: column name from parent table containing url/ip to add

Output of Action
JSON containing the following items:
has_error: True/False
error: message/null
result: "Successfully added to the whitelist." or "Cannot add to the whitelist." or "Activation of configuration changes failed."

Whitelist Remove

Remove URL/IP from Whitelist

Inputs to this Action

  • url_column_name: column name from parent table containing url/ip to remove.

Output of Action
JSON containing the following items:

  • has_error: True/False
  • error: message/null
  • result: "Successfully removed from the whitelist." or "Cannot remove from the whitelist." or "Activation of configuration changes failed."

Sandbox Report of File

Report of an md5 file analyzed by Sandbox.

Inputs to this Action

  • file_column_name: column name from parent table containing md5 file hash
  • Report_type: full or summary

Output of Action
JSON containing the following items:

  • has_error: True/False
  • error: message/null
  • result: json object containing report from Zscaler

Get URL Categories

Gets information about all or custom URL categories.
Note: This action will not produce a correlated response and columns from parentTable will be dropped.

Inputs to this Action

  • Custom Categories (Optional): Yes/No. Select 'Yes' to get only custom URL categories. Default 'Yes'

Output of Action
JSON containing the following items:

  • has_error: True/False
  • error: message/null
  • result: json object containing URLCategories from Zscaler

Add URL/IP/Hostname to Category

Adds a URL/IP/Hostname to the Category

Inputs to this Action

  • URL/IP/Hostname Column name: Column name from the parent table to lookup URLs/IPs/Hostname to add
  • Category ID Column name: Column name from the parent table to lookup value for Category ID

Output of Action
JSON containing the following items:

  • has_error: True/False
  • error: message/null
  • result: string “Successfully added”

Remove URL/IP/Hostname from Category

Removes a URL/IP/Hostname from the Category provided.

Inputs to this Action

  • URL/IP/Hostname Column name: Column name from the parent table to lookup URLs/IPs/Hostname to remove.
  • Category ID Column name: Column name from the parent table to lookup value for Category ID.

Output of Action
JSON containing the following items:

  • has_error: True/False
  • error: message/null
  • result: string “Successfully removed”

Get White-listed URLs

Gets a list of whitelisted URLs.

Inputs to this Action
Connection: Choose a connection that you have created

Output of Action
Returns list of JSONs, each JSON containing the following items :

  • Error: In case an error occurs, it description else NULL.
  • has_error: Boolean flag, tells whether an error occurred or not.
  • URL: Url or Ip of white-listed URLs.

Get Black-listed URLs

Gets a list of black-listed URLs.

Inputs to this Action
Connection: Choose a connection that you have created

Output of Action
Returns list of JSONs, each JSON containing the following items :

  • Error: In case an error occurs, it description else NULL.
  • has_error : Boolean flag, tells whether an error occurred or not.
  • URL: Url or Ip of black-listed URLs.

Get URL Quota

Gets information on the number of unique URLs that are currently provisioned for your organization as well as how many URLs you can add before reaching that number.

Inputs to this Action
Connection: Choose a connection that you have created.

Output of Action
Returns list of JSONs, each JSON containing the following items:

  • Error: In case an error occurs, it description else NULL.
  • has_error: Boolean flag, tells whether an error occurred or not.
  • uniqueUrlsProvisioned: Number of unique URLs provisioned for your organization.
  • remainingUrlsQuota: Number of unique URLs that you can still add.
{
  "uniqueUrlsProvisioned": 24004,
  "remainingUrlsQuota": 996,
  "error": null,
  "has_error": false
}

Did this page help you?