Zscaler Internet Access 3.0.0
Vendor: Zscaler
Category: Network Security
App Version: 3.2.0
API Version: 1.0.0 and later
Note
Cyware supports OAuth 2.0 authentication with Microsoft Entra ID (formerly Azure Active Directory) for the Zscaler service.
About this Integration
The Zscaler Internet Access app enables security teams to seamlessly integrate with the Zscaler Internet Access enterprise application, which serves as a secure internet and web gateway. This integration empowers organizations to enforce network security measures and protect against various threats while ensuring safe and secure internet access for their users. Orchestrate integrates with Zscalar Internet Access to help organizations reach an unprecedented level of visibility into internet usage, protecting all internet traffic, users, and devices. It monitors network and user activity and provides defence-in-depth protection you from a range of threats including malicious URL requests, botnets, spyware, and more.
App Summary
Use the Zscalar Internet Access connector to:
Manage URLs in allowlist and blocklist: This allows organizations to define policies that permit or restrict access to specific websites or web categories based on their security requirements.
Manage firewall details: By managing firewall details and controlling URL access, organizations can enforce granular security policies and reduce the attack surface.
Lookup URLs and categories: With the app's URL and category management capabilities, organizations can efficiently manage internet access policies. This enables them to enforce access controls, restrict access to potentially harmful websites, and customize security policies according to their specific requirements.
About App
Zscaler Internet Access app allows security teams to integrate with Zscaler Internet Access enterprise application, a secure internet and web gateway, to provide network security by managing accessibility to URLs.
Zscaler Internet Access (ZIA) app is configured with the Orchestrate application to perform the following actions:
Action Name | Description |
|---|---|
Add Exempted URLs | This action adds a list of URLs that you need to exempt from SSL scanning. |
Add URLs to Blocklist | This action adds a list of URLs to the blocklist. |
Add URLs to Allowlist | This action adds a list of URLs to the allowlist. |
Get a List of Blocklisted URLs | This action retrieves a list of blocklisted URLs. |
Get a List of URL Categories | This action retrieves a list of URL categories. |
Get a List of URLs in Allowlist | This action retrieves a list of allowlist URLs. |
Get Details of Cloud Sandbox Report | This action retrieves details of a specific cloud sandbox report using the report MD5 hash. |
Get Exempted URLs | This action retrieves the exempted URLs. |
Get Firewall Filter Details | This action retrieves the details about a specific firewall filter. |
List Firewall Filtering Policies | This action retrieves all firewall filtering policies. |
Remove URLs from Blocklist | This action removes a list of URLs from the blocklist. |
Update Firewall Filter | This action updates a firewall filter. |
URLs Lookup | This action performs a lookup for URLs. |
Get URL Categories | This action retrieves the URL categories. |
Get URL Category Detail | This action retrieves information about a URL category. |
Modify URL Category | This action adds or removes a URL from a custom list. |
Get URL Quota | This action retrieves the details of the URL quota such as the number of unique URLs that are currently provisioned for your organization and the number of URLs that you can utilize before reaching the URL quota. |
Generic Action | This is a generic action to perform any additional use case on Zscaler. |
Configuration Parameters
The following configuration parameters are required for the Zscaler Internet Access (ZIA) app to communicate with the Zscaler Internet Access (ZIA) enterprise application. The following parameters can be configured by creating instances in the app.
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Base URL | Enter the base URL to access Zscaler Internet Access app. Example: "https://admin.zscalerbeta.net" | Text | Required | |
Username | Enter the username to connect with the Zscaler Internet Access app. | Text | Optional | |
Password | Enter the password to authenticate with the Zscaler Internet Access app. | Password | Optional | |
API Key | Enter the API key. Example: "soo9iXXXXXUs" | Password | Optional | |
Client ID | Enter the client ID of the Zscaler Internet Access app in Microsoft Entra ID (formerly Azure Active Directory). | Text | Optional | Client ID is required for OAuth 2.0 authentication. |
Client Secret | Enter the client secret of the Zscaler Internet Access app in Microsoft Entra ID (formerly Azure Active Directory). | Password | Optional | Client Secret is required for OAuth 2.0 authentication. |
Scope | Enter the scope of the Zscaler Internet Access app in Microsoft Entra ID (formerly Azure Active Directory). Example: api://fa000000 | Password | Optional | Scope is required for OAuth 2.0 authentication. |
Tenant ID | Enter the tenant ID of the Zscaler Internet Access app in Microsoft Entra ID (formerly Azure Active Directory). Example: 72e00e57-1c5b-4beb-39de-16eb9a88620a | Password | Optional | Tenant ID is required for OAuth 2.0 authentication. |
Action: Add Exempted URLs
This action adds a list of URLs to be exempted from SSL scanning.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
URL List | Enter the list of URLs to be exempted from SSL scanning. Example: $LIST[cyware.com, gmail.com] | List | Required |
Example Request
[
{
"url_list":["cyware.com","gmail.com"]
}
]Action: Add URLs to Blocklist
This action adds a list of URLs to the denylist. This action is referred to as Add URLs to Blacklist in the Zscaler Internet Access connector.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
URLs | Enter a comma-separated list of URLs to be added to the deny list. Example: [spotify.com, pandora.com] | List | Required |
|
Example Request
[
{
"urls": [
"spotify.com",
"pandora.com",
"http://google.in"
]
}
]Action: Add URLs to Allowlist
This action adds a list of URLs to the allowlist. Adding URLs to the allowlist allows users to download content from these URLs without inspecting the traffic. This action is referred to as Add URLs to Whitelist in the Zscaler Internet Access connector.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
URL List | Enter the URL list to add to the allowlist of Zscaler. Example: $LIST[cyware.com, gmail.com] | List | Required |
|
Example Request
[
{
"url_list": ["cyware.com", "gmail.com"]
}
]Action: Get a List of URLs in Blocklist
This action retrieves a list of URLs in the denylist or blocklist. This action is referred to as Get a List of Blocklisted URLs in the Zscaler Internet Access connector.
Action Input Parameters
This action does not require any input parameter.
Action: Get a List of URL Categories
This action gets information about all or custom URL categories. By default, the response includes keywords.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Custom URL Categories Only | Choose to retrieve custom URL categories or all URL categories. Example: true | Boolean | Optional | Default value: false If you select true, then only custom URL categories are retrieved. |
Example Request
[
{
"custom_only": true
}
]Action: Get a List of URLs in Allowlist
This action retrieves a list of URLs available in the allowlist. This action is referred to as Get a List of Whitelisted URLs in the Zscaler Internet Access connector.
Action Input Parameters
This action does not require any input parameter.
Action: Get Details of Cloud Sandbox Report
This action retrieves the details of a specific cloud sandbox report using the MD5 hash value of a file.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Report md5hash | Enter the report MD5 hash value as report UID to retrieve details that were analyzed by Sandbox. Example: "b3b13c2fe5710507612106cb11ceced3" | Text | Required |
Example Request
[
{
"md5hash": "b3b13c2fe5710507612106cb11ceced3"
}
]Action: Add Exempted URLs
This action adds a list of URLs to be exempted from SSL scanning.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
URL List | Enter the list of URLs to be exempted from SSL scanning. Example: $LIST[cyware.com, gmail.com] | List | Required |
Example Request
[
{
"url_list":["cyware.com","gmail.com"]
}
]Action: Get Firewall Filter Details
This action retrieves the details of a firewall filter.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Firewall Filter ID | Enter the firewall filter ID to retrieve its details. Example: "150904" | Text | Required | You can retrieve the firewall_filter_id using the action List Firewall Filtering Policies. |
Example Request
[
{
"firewall_filter_id":"150907"
}
]Action: List Firewall Filtering Policies
This action retrieves the firewall filtering policies.
Action Input Parameters
This action does not require any input parameter.
Action: Remove URLs from Blocklist
This action removes a list of URLs from the blocklist of Zscaler Internet Access. This action is referred to as Remove URLs from Blacklist in the Zscaler Internet Access connector.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
URLs | Enter a list of URLs to remove from the deny list. Example: $LIST[spotify.com, pandora.com] | List | Optional |
|
Example Request
[
{
"urls": ["spotify.com", "pandora.com"]
}
]Action: Update Firewall Filter
This action updates a firewall filter.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Firewall Filter ID | Enter a firewall filter ID that you need to update. Example: "150904" | Text | Required | You can retrieve the firewall_filter_id using the action List Firewall Filtering Policies. |
Firewall Filter Object | Enter the firewall filter object to upload. Example: $JSON[{'accesscontrol': 'read_write', 'enablefulllogging': false, 'id': 150904, 'name': 'default firewall filtering rule', 'order': -1, 'rank': 7, 'action': 'block_drop', 'state': 'enabled', 'destipcategories': [], 'destcountries': [], 'defaultrule': true, 'predefined': false}] | Any | Required | You can retrieve this value using the action List Firewall Filtering Policies. |
Example Request
[
{
"firewall_filter_id": "150907",
"firewall_filter_object": {
"id": 150907,
"name": "Zscaler Proxy Traffic",
"rank": 7,
"order": 1,
"state": "ENABLED",
"action": "ALLOW",
"nwServices": [
{
"id": 352078,
"name": "ZSCALER_PROXY_NW_SERVICES",
"isNameL10nTag": true
}
],
"predefined": false,
"defaultRule": false,
"accessControl": "READ_WRITE",
"destCountries": [],
"destIpCategories": [
"ZSPROXY_IPS"
],
"enableFullLogging": false
}
}
]Action: URLs Lookup
This action performs a lookup for URLs in Zscaler Internet Access.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
URLs | Enter the URL list to lookup. Example: $LIST[viruses.org, facebook.com, bbc.com] | List | Required |
Example Request
[
{
"urls": ["viruses.org","facebook.com","bbc.com"]
}
]Action: Get URL Categories
This action retrieves the URL categories.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
Custom Only | Set this parameter to true to retrieve only custom categories. Example: true | Boolean | Optional | Default value: false Allowed values:
|
Example Request
[
{
"custom_only":false
}
]Action: Get URL Category Detail
This action retrieves information about a URL category.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
Category ID | Enter the ID of a URL category to retrieve its details. Example: "CUSTOM_01" | Text | Required |
Example Request
[
{
"category_id": "CUSTOM_01"
}
]Action: Modify URL Category
This action adds or removes a URL from a custom URL category.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
Custom URL Category | Enter a custom URL category to which you need to add or remove a URL. Example: "EXTERNAL_02" | Text | Required | |
Super Category | Enter the super category of the custom URL category. Example: "USER_DEFINED" | Text | Required | |
Configured Name | Enter the configured name of a URL category to add or remove a URL. Example: "INTERNAL_01" | Text | Required | |
Add to List | Set this to true to add a URL or false to remove a URL from a category. Example: true | Boolean | Required | Default value: true Allowed values:
|
URL | Enter a list of URLs to add to a category or remove from a category. Example: $LIST['www.cyware.com'] | List | Required | Maximum allowed number of URLs in a batch: 100 |
Example Request
[
{
"url": ["www.cyware.com"],
"super_category": "USER_DEFINED",
"add_to_list": true,
"configured_name": "INTERNAL_01",
"custom_url_category": "EXTERNAL_02"
}
]Action: Get URL Quota
This action retrieves the details of the URL quota such as the number of unique URLs that are currently provisioned for your organization and the number of URLs that you can utilize before reaching the URL quota.
Action Input Parameters
This action does not require any action input parameter.
Action: Generic Action
This is a generic action to perform any additional use case on Zscaler.
Parameter | Description | Field Type | Required/Optional | Comments |
HTTP Method | Enter the HTTP method. Example: "GET" | Text | Required | |
Endpoint | Enter the API endpoint to access. Example: "urlCategories" | Text | Required | |
Payload | Enter the payload in JSON format. Example: {"data": [{"reason": "Retrieve Data"}]} | Any | Optional | |
Query Params | Enter the query parameters to filter the result. Example: {"limit": "10"} | Key Value | Optional |
Example Request
[
{
"method":"GET",
"endpoint":"urlCategories",
"payload":{
"data":[
{
"reason":"Retrieve Data"
}
]
},
"query_param":{
"limit":"10"
}
}
]