Zscaler Secure Internet Access (ZIA) 3.0.0
Vendor: Zscaler
Category: Network Security
App Version: 3.3.0
API Version: 1.0.0 and later
Note
Cyware supports OAuth 2.0 authentication with Microsoft Entra ID (formerly Azure Active Directory) for the Zscaler service.
About this Integration
The Zscaler Secure Internet Access (ZIA) app enables security teams to seamlessly integrate with the Zscaler Secure Internet Access enterprise application, which serves as a secure internet and web gateway. This integration empowers organizations to enforce network security measures and protect against various threats while ensuring safe and secure internet access for their users. Orchestrate integrates with Zscalar Secure Internet Access to help organizations reach an unprecedented level of visibility into internet usage, protecting all internet traffic, users, and devices. It monitors network and user activity and provides defence-in-depth protection you from a range of threats including malicious URL requests, botnets, spyware, and more.
App Summary
Use the Zscalar Secure Internet Access app to:
Manage URLs in allowlist and blocklist: This allows organizations to define policies that permit or restrict access to specific websites or web categories based on their security requirements.
Manage firewall details: By managing firewall details and controlling URL access, organizations can enforce granular security policies and reduce the attack surface.
Lookup URLs and categories: With the app's URL and category management capabilities, organizations can efficiently manage internet access policies. This enables them to enforce access controls, restrict access to potentially harmful websites, and customize security policies according to their specific requirements.
About App
Zscaler Secure Internet Access (ZIA) app allows security teams to integrate with Zscaler Internet Access enterprise application, a secure internet and web gateway, to provide network security by managing accessibility to URLs.
Zscaler Secure Internet Access (ZIA) app is configured with the Orchestrate application to perform the following actions:
Add Exempted URLs | This action adds a list of URLs that you need to exempt from SSL scanning. |
Add IP Destination Group | This action adds an IPv4 destination group. |
Add URLs to Blocklist | This action adds a list of URLs to the blocklist. |
Add URLs to Allowlist | This action adds a list of URLs to the allowlist. |
Delete Custom URL Category | This action deletes a custom URL category using the specified ID. |
Delete IP Destination Group | This action deletes an IP destination group using the specified ID. |
Get a List of Blocklisted URLs | This action retrieves a list of blocklisted URLs. |
Get a List of URL Categories | This action retrieves a list of URL categories. |
Get a List of Whitelisted URLs | This action retrieves a list of allowlist URLs. |
Get Details of Cloud Sandbox Report | This action retrieves details of a specific cloud sandbox report using the report MD5 hash. |
Get Exempted URLs | This action retrieves the exempted URLs. |
Get Firewall Filter Details | This action retrieves the details about a specific firewall filter. |
Get IP Destination Group | This action retrieves the details of the specified IP destination group. |
Get URL Categories | This action retrieves the URL categories. |
Get URL Category Detail | This action retrieves information about a URL category. |
Get URL Quota | This action retrieves the details of the URL quota such as the number of unique URLs that are currently provisioned for your organization and the number of URLs that you can utilize before reaching the URL quota. |
List Departments | This action retrieves a list of departments. |
List Firewall Filtering Policies | This action retrieves all firewall filtering policies. |
List IP Destination Groups | This action lists all IPv4 destination groups. |
List Users | This action lists all the users. |
Modify Custom URL Category | This action adds or removes a URL from a custom list. |
Remove URLs from Blocklist | This action removes a list of URLs from the blocklist. |
Update Firewall Filter | This action updates a firewall filter. |
Update IP Destination Group | This action updates the specified IP destination group. |
Update User | This action updates the user information for the specified ID. |
URLs Lookup | This action performs a lookup for URLs. |
Generic Action | This is a generic action to perform any additional use case on Zscaler. |
Action Name | Description |
|---|
Configuration Parameters
The following configuration parameters are required for the Zscaler Secure Internet Access (ZIA) app to communicate with the Zscaler Secure Internet Access (ZIA) enterprise application. The following parameters can be configured by creating instances in the app.
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Base URL | Enter the base URL to access the Zscaler Secure Internet Access app. Example: https://admin.zscalerbeta.net | Text | Required | |
Username | Enter the username to connect with the Zscaler Secure Internet Access (ZIA) app. | Text | Optional | |
Password | Enter the password to authenticate with the Zscaler Secure Internet Access (ZIA) app. | Password | Optional | |
API Key | Enter the API key. Example: soo9iXXXXXUs | Password | Optional | |
Client ID | Enter the client ID of the Zscaler Secure Internet Access (ZIA) app in Microsoft Entra ID (formerly Azure Active Directory). | Text | Optional | Client ID is required for OAuth 2.0 authentication. |
Client Secret | Enter the client secret of the Zscaler Secure Internet Access (ZIA) app in Microsoft Entra ID (formerly Azure Active Directory). | Password | Optional | Client Secret is required for OAuth 2.0 authentication. |
Scope | Enter the scope of the Zscaler Secure Internet Access (ZIA) app in Microsoft Entra ID (formerly Azure Active Directory). Example: api://fa000000 | Password | Optional | Scope is required for OAuth 2.0 authentication. |
Tenant ID | Enter the tenant ID of the Zscaler Secure Internet Access (ZIA) app in Microsoft Entra ID (formerly Azure Active Directory). Example: 72e00e57-1c5b-4beb-39de-16eb9a88620a | Password | Optional | Tenant ID is required for OAuth 2.0 authentication. |
Action: Add Exempted URLs
This action adds a list of URLs to be exempted from SSL scanning.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
URL List | Enter the list of URLs to be exempted from SSL scanning. Example: $LIST[cyware.com, gmail.com] | List | Required |
Example Request
[
{
"url_list":["cyware.com","gmail.com"]
}
]Action: Add IP Destination Group
This action adds an IPv4 destination group.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Name | Enter the destination IP group name. | Text | Required | |
Type | Enter the type of the IP destination group. | Text | Required | Allowed values: DSTN_IP, DSTN_FQDN, DSTN_DOMAIN, DSTN_OTHER |
Addresses | Enter the list of destination IP addresses, FQDNs, or wildcard FQDNs to add. | List | Required | |
Description | Enter any additional information about the destination IP group. | Text | Optional | |
IP Categories | Enter the URL categories of destination IP addresses to add. For more information on allowed values, see documentation. | List | Optional | For more information on allowed values, see Zscaler Secure Internet Access (ZIA) API documentation. |
Countries | Enter the countries associated with the destination IP addresses to add. For more information on allowed values, see documentation. | List | Optional | For more information on allowed values, see Zscaler Secure Internet Access (ZIA) API documentation. |
Is Non Editable | Choose true to mark the destination IP address group as non-editable. | Boolean | Optional |
Example Request
[
{
"name": "Sample IP Group Name",
"type": "DSTN_IP",
"addresses": [
"1.2.3.4"
],
"description": "This IP group includes the addresses of trusted servers.",
"is_non_editable": true
}
]Action: Add URLs to Blocklist
This action adds a list of URLs to the denylist. This action is referred to as Add URLs to Blacklist in the Zscaler Internet Access connector.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
URLs | Enter a comma-separated list of URLs to be added to the deny list. Example: [spotify.com, pandora.com] | List | Required |
|
Example Request
[
{
"urls": [
"spotify.com",
"pandora.com",
"http://google.in"
]
}
]Action: Add URLs to Allowlist
This action adds a list of URLs to the allowlist. Adding URLs to the allowlist allows users to download content from these URLs without inspecting the traffic. This action is referred to as Add URLs to Whitelist in the Zscaler Internet Access connector.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
URL List | Enter the URL list to add to the allowlist of Zscaler. Example: $LIST[cyware.com, gmail.com] | List | Required |
|
Example Request
[
{
"url_list": ["cyware.com", "gmail.com"]
}
]Action: Delete Custom URL Category
This action deletes a custom URL category using the specified ID.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Category ID | Enter the unique ID of the category to delete. | Text | Required | You can retrieve the category ID using the action Get a List of URL Categories. |
Example Request
[
{
"category_id": "CUSTOM_04"
}
]Action: Delete IP Destination Group
This action deletes an IP destination group using the specified ID.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
IP Group ID | Enter the unique ID of the IP destination group to delete. | Text | Required | You can retrieve the IP Group ID using the action List IP Destination Groups. |
[
{
"ip_group_id": 18306370
}
]Action: Get a List of URLs in Blocklist
This action retrieves a list of URLs in the denylist or blocklist. This action is referred to as Get a List of Blocklisted URLs in the Zscaler Internet Access connector.
Action Input Parameters
This action does not require any input parameter.
Action: Get a List of URL Categories
This action gets information about all or custom URL categories. By default, the response includes keywords.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Custom URL Categories Only | Choose to retrieve custom URL categories or all URL categories. Example: true | Boolean | Optional | Default value: false If you select true, then only custom URL categories are retrieved. |
Example Request
[
{
"custom_only": true
}
]Action: Get a List of URLs in Allowlist
This action retrieves a list of URLs available in the allowlist. This action is referred to as Get a List of Whitelisted URLs in the Zscaler Internet Access connector.
Action Input Parameters
This action does not require any input parameter.
Action: Get Details of Cloud Sandbox Report
This action retrieves the details of a specific cloud sandbox report using the MD5 hash value of a file.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Report MD5Hash | Enter the report MD5 hash value as report UID to retrieve details that were analyzed by Sandbox. Example: b3b13c2fe5710507612106cb11ceced3 | Text | Required | |
Report Details | Enter the type of report to retrieve. | Text | Optional | Allowed values: full, summary |
Example Request
[
{
"md5hash": "b3b13c2fe5710507612106cb11ceced3"
}
]Action: Get Exempted URLs
This action retrieves the exempted URLs from Zscaler Internet Access.
Action Input Parameters
This action does not require any input parameter.
Action: Get Firewall Filter Details
This action retrieves the details of a firewall filter.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Firewall Filter ID | Enter the firewall filter ID to retrieve its details. Example: "150904" | Text | Required | You can retrieve the firewall_filter_id using the action List Firewall Filtering Policies. |
Example Request
[
{
"firewall_filter_id":"150907"
}
]Action: Get IP Destination Group
This action retrieves the details of the specified IP destination group.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
IP Group ID | Enter the unique ID of the IP destination group to retrieve its details. | Text | Required | You can retrieve the IP Group ID using the action List IP Destination Groups. |
Example Request
[
{
"ip_group_id": 18306370
}
]Action: Get URL Categories (Deprecated)
This action retrieves the URL categories.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
Custom Only | Set this parameter to true to retrieve only custom categories. Example: true | Boolean | Optional | Default value: false Allowed values:
|
Example Request
[
{
"custom_only":false
}
]Action: Get URL Category Detail
This action retrieves information about a URL category.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
Category ID | Enter the ID of a URL category to retrieve its details. Example: "CUSTOM_01" | Text | Required |
Example Request
[
{
"category_id": "CUSTOM_01"
}
]Action: Get URL Quota
This action retrieves the details of the URL quota such as the number of unique URLs that are currently provisioned for your organization and the number of URLs that you can utilize before reaching the URL quota.
Action Input Parameters
This action does not require any action input parameter.
Action: List Departments
This action retrieves a list of departments.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Page | Enter the page number to retrieve results from. | Integer | Optional | Default value: 1 |
Page Size | Enter the number of results to retrieve on each page. | Integer | Optional | Default value: 100 |
Limit Search | Choose true to limit the search to department names only. | Boolean | Optional | Default value: false |
Search | Enter the query to search departments by department name or comments. | Text | Optional |
Example Request
[
{
"page": "1",
"limit": true,
"pageSize": "1"
}
]Action: List Firewall Filtering Policies
This action retrieves the firewall filtering policies.
Action Input Parameters
This action does not require any input parameter.
Action: List IP Destination Groups
This action lists all IPv4 destination groups.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Exclude Type | Enter the IP destination group type to filter the response. | Text | Optional | Allowed values: DSTN_IP, DSTN_FQDN, DSTN_DOMAIN, DSTN_OTHER |
Action: List Users
This action lists all the users.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Name | Enter the user name to filter the response. Example: John Doe | Text | Optional | |
Page | Enter the page number from which to retrieve results. | Integer | Optional | Default value: 1 |
Page Size | Enter the number of results to retrieve on each page. | Integer | Optional | Maximum allowed value: 10000 Default value: 100 |
Department | Enter the department name to filter the response. | Text | Optional | |
Group | Enter the group name to filter the response. | Text | Optional |
Example Request
[
{
"dept": "Service Admin",
"page": "1",
"pageSize": "1"
}
]Action: Modify Custom URL Category
This action adds or removes a URL from a custom URL category.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
Custom URL Category | Enter a custom URL category to which you need to add or remove a URL. Example: "EXTERNAL_02" | Text | Required | |
Super Category | Enter the super category of the custom URL category. Example: "USER_DEFINED" | Text | Required | |
Configured Name | Enter the configured name of a URL category to add or remove a URL. Example: "INTERNAL_01" | Text | Required | |
Add to List | Set this to true to add a URL or false to remove a URL from a category. Example: true | Boolean | Required | Default value: true Allowed values:
|
URL | Enter a list of URLs to add to a category or remove from a category. Example: $LIST['www.cyware.com'] | List | Required | Maximum allowed number of URLs in a batch: 100 |
Example Request
[
{
"url": ["www.cyware.com"],
"super_category": "USER_DEFINED",
"add_to_list": true,
"configured_name": "INTERNAL_01",
"custom_url_category": "EXTERNAL_02"
}
]Action: Remove URLs from Blocklist
This action removes a list of URLs from the blocklist of Zscaler Internet Access. This action is referred to as Remove URLs from Blacklist in the Zscaler Internet Access connector.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
URLs | Enter a list of URLs to remove from the deny list. Example: $LIST[spotify.com, pandora.com] | List | Optional |
|
Example Request
[
{
"urls": ["spotify.com", "pandora.com"]
}
]Action: Update Firewall Filter
This action updates a firewall filter.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Firewall Filter ID | Enter a firewall filter ID that you need to update. Example: "150904" | Text | Required | You can retrieve the firewall_filter_id using the action List Firewall Filtering Policies. |
Firewall Filter Object | Enter the firewall filter object to upload. Example: $JSON[{'accesscontrol': 'read_write', 'enablefulllogging': false, 'id': 150904, 'name': 'default firewall filtering rule', 'order': -1, 'rank': 7, 'action': 'block_drop', 'state': 'enabled', 'destipcategories': [], 'destcountries': [], 'defaultrule': true, 'predefined': false}] | Any | Required | You can retrieve this value using the action List Firewall Filtering Policies. |
Example Request
[
{
"firewall_filter_id": "150907",
"firewall_filter_object": {
"id": 150907,
"name": "Zscaler Proxy Traffic",
"rank": 7,
"order": 1,
"state": "ENABLED",
"action": "ALLOW",
"nwServices": [
{
"id": 352078,
"name": "ZSCALER_PROXY_NW_SERVICES",
"isNameL10nTag": true
}
],
"predefined": false,
"defaultRule": false,
"accessControl": "READ_WRITE",
"destCountries": [],
"destIpCategories": [
"ZSPROXY_IPS"
],
"enableFullLogging": false
}
}
]Action: Update IP Destination Group
This action updates the specified IP destination group.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
IP Group ID | Enter the unique ID of the IP destination group to update. | Text | Required | You can retrieve the IP Group ID using the action List IP Destination Groups. |
Name | Enter the name of the IP destination group to update. | Text | Optional | |
Addresses | Enter the list of destination IP addresses, FQDNs, or wildcard FQDNs to add to the group. | List | Optional | |
Description | Enter any additional information about the destination IP group to update. | Text | Optional | |
IP Categories | Enter the URL categories of destination IP addresses to update. | List | Optional | For more information on allowed values, see Zscaler Secure Internet Access API documentation. |
Countries | Enter the countries associated with the destination IP addresses to update. | List | Optional | For more information on allowed values, see Zscaler Secure Internet Access API documentation. |
Example Request
[
{
"name": "Sample IP Group Name",
"addresses": [
"1.2.3.4",
"2.2.2.2"
],
"description": "Updating the IP addresses",
"ip_group_id": 18306370,
"ip_categories": [
"CUSTOM_02"
]
}
]Action: Update User
This action updates the user information for the specified ID.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
User ID | Enter the user's unique ID to update the information. | Integer | Required | You can retrieve the user ID using the action List Users. |
User Details | Enter the user's information to update. | Key Value | Required | Allowed keys: name, groups, department, comments, tempAuthEmail, password |
Example Request
[
{
"user_id": "19555433",
"payload_body": {
"name": "John Doe",
"comments": "Update the name of the user."
}
}
]Action: URLs Lookup
This action performs a lookup for URLs in Zscaler Internet Access.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
URLs | Enter the URL list to lookup. Example: $LIST[viruses.org, facebook.com, bbc.com] | List | Required |
Example Request
[
{
"urls": ["viruses.org","facebook.com","bbc.com"]
}
]Action: Generic Action
This is a generic action to perform any additional use case on Zscaler.
Parameter | Description | Field Type | Required/Optional | Comments |
HTTP Method | Enter the HTTP method. Example: "GET" | Text | Required | |
Endpoint | Enter the API endpoint to access. Example: "urlCategories" | Text | Required | |
Payload | Enter the payload in JSON format. Example: {"data": [{"reason": "Retrieve Data"}]} | Any | Optional | |
Query Params | Enter the query parameters to filter the result. Example: {"limit": "10"} | Key Value | Optional |
Example Request
[
{
"method":"GET",
"endpoint":"urlCategories",
"payload":{
"data":[
{
"reason":"Retrieve Data"
}
]
},
"query_param":{
"limit":"10"
}
}
]