Zscaler

Version: 3.0.0

Zscaler is a global cloud-based information security company that provides Internet security, web security, firewalls, sandboxing, SSL inspection, antivirus, vulnerability management and granular control of user activity in cloud computing, mobile and Internet of Things environments. Zscaler provides a cloud-based approach to security as a service.

Connect Zscaler with LogicHub

  1. Navigate to Automations > Integrations.
  2. Search for Zscaler.
  3. Click Details, then the + icon. Enter the required information in the following fields.
    • Label: Enter a connection name.
    • Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
    • Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).
    • Remote Agent: Run this integration using the LogicHub Remote Agent.
    • Base URI: base URI for the API provisioned for your organization.
    • Username: must be your user name.
    • Password: must be your password.
    • API Key: API key for Zscaler
  4. After you've entered all the details, click Connect.

Actions for Zscaler

Blacklist Add

Add URL/IP to Blacklist. [Max 25000]

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
url_column_nameColumn name from parent table containing url/ip to add.Required

Output

A JSON object containing multiple rows of result:

  • has_error: True/False
  • error: message/null
  • result: success or "Activation of configuration changes failed."

Blacklist Remove

Remove URL/IP from Blacklist

Input Field

Input NameDescriptionRequired
url_column_nameColumn name from parent table containing url/ip to remove.Required

Output

A JSON object containing multiple rows of result:

  • has_error: True/False
  • error: message/null
  • result: success or "Activation of configuration changes failed."

URL/IP Lookup

Looks up the categorization of a given URL/IP

Input Field

Input NameDescriptionRequired
url_column_nameColumn name from parent table containing url/ip to lookup.Required

Output

A JSON object containing multiple rows of result:

  • has_error: True/False
  • error: message/null
  • result: json object containing url categorisation result from Zscaler

Whitelist Add

Add URL/IP to Whitelist

Input Field

Input NameDescriptionRequired
url_column_nameColumn name from parent table containing url/ip to add.Required

Output

A JSON object containing multiple rows of result:

  • has_error: True/False
  • error: message/null
  • result: "Successfully added to the whitelist." or "Cannot add to the whitelist." or "Activation of configuration changes failed."

Whitelist Remove

Remove URL/IP from Whitelist

Input Field

Input NameDescriptionRequired
url_column_nameColumn name from parent table containing url/ip to remove.Required

Output

A JSON object containing multiple rows of result:

  • has_error: True/False
  • error: message/null
  • result: "Successfully removed from the whitelist." or "Cannot remove from the whitelist." or "Activation of configuration changes failed."

Sandbox Report of File

Report of an md5 file analyzed by Sandbox.

Input Field

Input NameDescriptionRequired
file_column_nameColumn name from parent table containing md5 file hash.Required
Report_typeFull or summary.Required

Output

A JSON object containing multiple rows of result:

  • has_error: True/False
  • error: message/null
  • result: json object containing report from Zscaler
1246

Get URL Categories

Gets information about all or custom URL categories.
Note: This action will not produce a correlated response and columns from parentTable will be dropped.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
Custom CategoriesYes/No. Select 'Yes' to get only custom URL categories. Default 'Yes'.Optional

Output of Action
A JSON object containing multiple rows of result:

  • has_error: True/False
  • error: message/null
  • result: json object containing URLCategories from Zscaler
1204

Add URL/IP/Hostname to Category

Adds a URL/IP/Hostname to the Category

Input Field

Input NameDescriptionRequired
URL/IP/Hostname Column nameColumn name from the parent table to lookup URLs/IPs/Hostname to add.Required
Category ID Column nameColumn name from the parent table to lookup value for Category ID.Required

Output

A JSON object containing multiple rows of result:

  • has_error: True/False
  • error: message/null
  • result: string “Successfully added”
1234

Remove URL/IP/Hostname from Category

Removes a URL/IP/Hostname from the Category provided.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
URL/IP/Hostname Column nameColumn name from the parent table to lookup URLs/IPs/Hostname to remove.Required
Category ID Column nameColumn name from the parent table to lookup value for Category ID.Required

Output

A JSON object containing multiple rows of result:

  • has_error: True/False
  • error: message/null
  • result: string “Successfully removed”
1170

Get White-listed URLs

Gets a list of whitelisted URLs.

Input Field

Choose a connection that you have previously created to complete the connection.

Output

Returns a list of JSONs, each containing the items listed below.

  • Error: In case an error occurs, it description else NULL.
  • has_error: Boolean flag, tells whether an error occurred or not.
  • URL: Url or Ip of white-listed URLs.
1196

Get Black-listed URLs

Gets a list of black-listed URLs.

Input Field

Choose a connection that you have previously created to complete the connection.

Output

Returns a list of JSONs, each containing the items listed below.

  • Error: In case an error occurs, it description else NULL.
  • has_error : Boolean flag, tells whether an error occurred or not.
  • URL: Url or Ip of black-listed URLs.
1200

Get URL Quota

Gets information on the number of unique URLs that are currently provisioned for your organization as well as how many URLs you can add before reaching that number.

Input Field

Choose a connection that you have previously created to complete the connection.

Output

Returns a list of JSONs, each containing the items listed below.

  • Error: In case an error occurs, it description else NULL.
  • has_error: Boolean flag, tells whether an error occurred or not.
  • uniqueUrlsProvisioned: Number of unique URLs provisioned for your organization.
  • remainingUrlsQuota: Number of unique URLs that you can still add.
{
  "uniqueUrlsProvisioned": 24004,
  "remainingUrlsQuota": 996,
  "error": null,
  "has_error": false
}

Release Notes

  • v3.0.0 - Updated architecture to support IO via filesystem