Splunk for Security and Zscaler

Splunk provides centralized log ingestion and analytics to monitor and correlate activities across the entire security environment. Splunk takes Zscaler logs, analyzes them and gives the customer a better understanding of what’s happening in their environment.

• Reliable integration with Zscaler Internet Access (ZIA) cloud-to-cloud log Streaming and Splunk Cloud. Simplify security operations by providing actionable data within Splunk, reducing the need to pivot across product consoles during investigations.
• Detailed dashboards and reporting for all Zscaler products using Zscaler Nanolog Streaming and Log Streaming services with the Zscaler App for Splunk
• Faster, more robust analytics with Splunk Enterprise Security, Risk Based Alerting (RBA) and User and Entity Behavior Analytics (UEBA).
• API-level integration with Splunk Phantom enables automation and orchestration within Zscaler and mitigates the proliferation of threats.

Product Integrations

The Zscaler App for Splunk provides detailed dashboards and reporting for all Zscaler products using Zscaler Nanolog Streaming and Log Streaming services. The Zscaler App for Splunk can also ingest DLP incident information, bringing full context for DLP incidents directly into Splunk.

The Zscaler Technical Add-On for Splunk takes events from Zscaler data sources and maps these to Splunk’s Common Information Model, this can be leveraged by Splunk Enterprise Security and and app leveraging the CIM Data Model, including the Zscaler App for Splunk.