Zscaler Deception
App Vendor: Zscaler
App Category: Network Security
Connector Version: 1.0.0
API Version: v2
About App
The Zscaler Deception app helps detect and prevent attacks by using decoys to mislead attackers, providing real-time visibility into threats.
The Zscaler Deception app is configured with Cyware Orchestrate to perform the following actions:
Action Name | Description |
|---|---|
List Events | This action lists all the events. |
Generic Action | This is a generic action used to make requests to any Zscaler Deception endpoint. |
Configuration Parameters
The following configuration parameters are required for the Zscaler Deception app to communicate with the Zscaler Deception enterprise application. The parameters can be configured by creating instances in the app.
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Base URL | Enter the base URL to access Zscaler Deception. Example: https://zdxyz.illusionblack.com | Text | Required | |
API Key | Enter the API key to authenticate with Zscaler Deception. | Password | Required | |
Timeout | Enter the timeout value in seconds. This is the number of seconds that requests will wait to establish a connection with Zscaler Deception. | Integer | Optional | Allowed range: 15-120 Default value: 15 |
Verify | Choose your preference to verify SSL or TLS while making requests. It is recommended to set this option to yes. Passing no may result in incorrectly establishing the connection. | Boolean | Optional | By default, verification is enabled. |
Action: List Events
This action lists all the events.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Limit | Enter the number of items to retrieve in the response. | Integer | Optional | Default value: 100 |
Offset | Enter the number of items to skip before retrieving results. | Integer | Optional | Default value: 0 |
From Time | Enter the start time to retrieve events from. Example: 2025-01-25t14:30:00z | Text | Optional | Recommended format: ISO 8601 |
To Time | Enter the end time to retrieve events up to. Example: 2025-01-30t14:30:00z | Text | Optional | Recommended format: ISO 8601 |
Extra Params | Enter the extra parameters to list events. Example: {whitelisted: true, test_events_only: true} | Key Value | Optional | Allowed keys: sort, fields, whitelisted, test_events_only, expfilter |
Example Request
[
{
"limit": "2",
"offset": "0",
"to_time": "2024-12-31T11:43:00Z",
"from_time": "2024-12-31T11:42:00Z",
"extra_params": {}
}
]Action: Generic Action
This is a generic action used to make requests to any Zscaler Deception endpoint.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Method | Enter the HTTP method to make the request. | Text | Required | Allowed values: GET, PUT, POST, DELETE |
Endpoint | Enter the endpoint to make the request to. Example: /events/version | Text | Required | |
Query Params | Enter the query parameters to pass to the API. | Key Value | Optional | |
Payload | Enter the payload to pass to the API. | Any | Optional | |
Extra Fields | Enter the extra fields to pass to the API. | Key Value | Optional | Allowed keys: headers, payload_data, download, files, filename, retry_wait, retry_count, custom_output, response_type |
Example Request
[
{
"method": "GET",
"endpoint": "/events/version",
"extra_fields": {},
"query_params": {
"limit": "100",
"offset": "0"
}
}
]