Zscaler

Visualize Zscaler Internet Access (ZIA) resources including accounts, users, roles, sites, applications, policies, and destinations. Monitor security policy configurations, track user access roles, and understand your Zscaler deployment through queries and alerts.

Installation

Installation

info

You will need API credentials from the Zscaler Admin Portal. See the Zscaler API documentation for more information on generating API keys.

To configure the Zscaler integration, you will need the following credentials from your Zscaler Admin Portal:

• API Key: The API key used to authenticate with Zscaler
• Username: The API user email address
• Password: The API user password
• Cloud Name: Your Zscaler cloud instance (e.g., zscaler, zscalerone, zscalertwo, zscalerthree, zscloud, zscalerbeta)

Creating API Credentials

1. Log in to your Zscaler Admin Portal
2. Navigate to Administration > API Key Management
3. Generate or retrieve your API key
4. Note the cloud name from your Zscaler URL (the subdomain before .net)

Configuring the Integration in JupiterOne

To install the Zscaler integration in JupiterOne, navigate to the Integrations tab and select Zscaler. Click New Instance to begin configuring your integration.

Creating an instance requires the following:

• The Account Name used to identify the Zscaler account in JupiterOne. Ingested entities will have this value stored in tag.AccountName when the AccountName toggle is enabled.

• Description to assist in identifying the integration instance, if desired.

• Polling Interval that you feel is sufficient for your monitoring needs. You may leave this as DISABLED and manually execute the integration.

• Your Zscaler API Key, Username, and Password to authenticate with the Zscaler ZIA API.

• The Cloud Name for your Zscaler instance (e.g., zscaler, zscalerone, zscalertwo, zscalerthree, zscloud, zscalerbeta).

Click Create once all values are provided to finalize the integration.

Next steps

Now that your integration instance has been configured, it will begin running on the polling interval you provided, populating data within JupiterOne. Continue on to our Instance management guide to learn more about working with and editing integration instances.

Data Model

Entities

The following entities are created:

Resources	Entity _type	Entity _class
Account	zscaler_account	Account
Application	zscaler_application	Application
Application Category	zscaler_application_category	Group
Destination	zscaler_destination	Record
Policy	zscaler_policy	ControlPolicy
Policy Control	zscaler_policy_control	Control
Role	zscaler_role	AccessRole
Site	zscaler_site	Site
User	zscaler_user	User

Relationships

The following relationships are created:

Source Entity _type	Relationship _class	Target Entity _type
zscaler_account	HAS	zscaler_role
zscaler_account	HAS	zscaler_site
zscaler_account	HAS	zscaler_application_category
zscaler_account	HAS	zscaler_application
zscaler_account	HAS	zscaler_destination
zscaler_account	HAS	zscaler_policy
zscaler_account	HAS	zscaler_user
zscaler_application	HAS	zscaler_application_category
zscaler_policy	HAS	zscaler_policy_control
zscaler_user	ASSIGNED	zscaler_role

Types

Zscaler Account

zscaler_account inherits from Account

Property	Type	Description	Specifications
companyId	number
webLink	string

---

Zscaler Application

zscaler_application inherits from Application

Property	Type	Description	Specifications
appClass *	null | string
category *	null | string
categoryId *	null | string
cloudAppCategory *	null | string
riskScore *	null | number
vendor *	null | string

---

Zscaler Application Category

zscaler_application_category inherits from Group

Property	Type	Description	Specifications
categoryType *	null | string
configuredName *	null | string
customCategory *	null | boolean
superCategory *	null | string

---

Zscaler Destination

zscaler_destination inherits from Record

Property	Type	Description	Specifications
addresses *	null | array
countries *	null | array
destinationType *	null | string
ipAddresses *	null | array
urls *	null | array

---

Zscaler Policy

zscaler_policy inherits from ControlPolicy

Property	Type	Description	Specifications
action *	null | string
lastModifiedBy *	null | string
lastModifiedOn *	null | number
order *	null | number
policyType *	null | string
protocols *	null | array
rank *	null | number
state *	null | string

---

Zscaler Policy Control

zscaler_policy_control inherits from Control

Property	Type	Description	Specifications
action *	null | string
controlType *	null | string
enabled *	null | boolean
enforcement *	null | string
policyId *	null | number

---

Zscaler Role

zscaler_role inherits from AccessRole

Property	Type	Description	Specifications
functionalScope *	null | array
permissions *	null | array
policyAccess *	null | string
rank *	null | number
roleType *	null | string

---

Zscaler Site

zscaler_site inherits from Site

Property	Type	Description	Specifications
authRequired *	null | boolean
city *	null | string
country *	null | string
ipAddresses *	null | array
language *	null | string
ports *	null | array
profile *	null | string
sslScanEnabled *	null | boolean
state *	null | string
surrogateIP *	null | string

---

Zscaler User

zscaler_user inherits from User

Property	Type	Description	Specifications
adminScopeType *	null | string
disabled *	null | boolean
firstName *	null | string
isPasswordLoginAllowed *	null | boolean
lastLoginTime *	null | number
lastName *	null | string
loginName *	null | string
passwordExpiryTime *	null | number
twoFactorAuthEnabled *	null | boolean

---