Document toolboxDocument toolbox

proxy.zscaler.zia

Owned by Juan Tomás Alonso Nieto (Deactivated)
May 08, 2023
3 min read
[ 1 Introduction ] [ 2 Valid tags and data tables ] [ 3 How is the data sent to Devo? ]

Introduction

The tags beginning with proxy.zscaler.zia identify events generated by Zscaler Internet Access (ZIA).

Valid tags and data tables

The full tag must have four levels. The first three are fixed as proxy.zscaler.zia. The fourth level identifies the type of events sent and the fifth the subtype.

Technology

Brand

Product

Type

Subtype

Technology

Brand

Product

Type

Subtype

proxy

zscaler

zia

  • alert

  • web

  • dns

  • firewall

  • tunnel

  • saas_collaboration

  • saas_crm

  • saas_email

  • saas_file

  • saas_itsm

  • saas_repository

  • syslog

  • json

These are the valid tags and corresponding data tables that will receive the parsers' data:

Tag

Data table

Tag

Data table

proxy.zscaler.zia.alert.syslog

proxy.zscaler.zia.alert

proxy.zscaler.zia.web.json

proxy.zscaler.zia.web

proxy.zscaler.zia.dns.json

proxy.zscaler.zia.dns

proxy.zscaler.zia.firewall.json

proxy.zscaler.zia.firewall

proxy.zscaler.zia.tunnel.json

proxy.zscaler.zia.tunnel

proxy.zscaler.zia.saas_collaboration.json

proxy.zscaler.zia.saas_collaboration

proxy.zscaler.zia.saas_crm.json

proxy.zscaler.zia.saas_crm

proxy.zscaler.zia.saas_email.json

proxy.zscaler.zia.saas_email

proxy.zscaler.zia.saas_file.json

proxy.zscaler.zia.saas_file

proxy.zscaler.zia.saas_itsm.json

proxy.zscaler.zia.saas_itsm

proxy.zscaler.zia.saas_repository.json

proxy.zscaler.zia.saas_repository

How is the data sent to Devo?

Logs generated by ZIA must be sent to the Devo platform via the Devo Relay to secure communication. See the required relay rules below and see how to define them here.

Relay rule 1 - Alerts

  • Source Port → 13003

  • Target Tag → proxy.zscaler.zia.alert.syslog

  • Max packet size (bytes) → 5120

  • Select the Sent without syslog tag checkbox.

Relay rule 2 - Web

  • Source Port → 13004

  • Target Tag → proxy.zscaler.zia.web.json

  • Max packet size (bytes) → 5120

  • Select the Sent without syslog tag checkbox.

Relay rule 3 - DNS

  • Source Port → 13005

  • Target Tag → proxy.zscaler.zia.dns.json

  • Max packet size (bytes) → 5120

  • Select the Sent without syslog tag checkbox.

Relay rule 4 - Firewall

  • Source Port → 13006

  • Target Tag → proxy.zscaler.zia.firewall.json

  • Max packet size (bytes) → 5120

  • Select the Sent without syslog tag checkbox.

Relay rule 5 - Tunnel

  • Source Port → 13007

  • Target Tag → proxy.zscaler.zia.tunnel.json

  • Max packet size (bytes) → 5120

  • Select the Sent without syslog tag checkbox.

Relay rule 6 - SaaS Collaboration

  • Source Port → 13008

  • Target Tag → proxy.zscaler.zia.saas_collaboration.json

  • Max packet size (bytes) → 5120

  • Select the Sent without syslog tag checkbox.

Relay rule 7 - SaaS CRM

  • Source Port → 13009

  • Target Tag → proxy.zscaler.zia.saas_crm.json

  • Max packet size (bytes) → 5120

  • Select the Sent without syslog tag checkbox.

Relay rule 8 - SaaS Email

  • Source Port → 13010

  • Target Tag → proxy.zscaler.zia.saas_email.json

  • Max packet size (bytes) → 5120

  • Select the Sent without syslog tag checkbox.

Relay rule 9 - SaaS File

  • Source Port → 13011

  • Target Tag → proxy.zscaler.zia.saas_file.json

  • Max packet size (bytes) → 5120

  • Select the Sent without syslog tag checkbox.

Relay rule 10 - SaaS ITSM

  • Source Port → 13012

  • Target Tag → proxy.zscaler.zia.saas_itsm.json

  • Max packet size (bytes) → 5120

  • Select the Sent without syslog tag checkbox.

Relay rule 11 - SaaS Repository

  • Source Port → 13013

  • Target Tag → proxy.zscaler.zia.saas_repository.json

  • Max packet size (bytes) → 5120

  • Select the Sent without syslog tag checkbox.