How to set up an NSS feed
An NSS feed specifies the data from the logs that the NSS will send to Devo Relay. Each feed can have a different list of fields (output formats) and different filters. When other SIEMs require a limit on the number of the fields included in the NSS feeds, Devo can ingest 100% of the available fields from each NSS feed. For this, the Devo team created a customized Output Format for each Zscaler NSS Feed.
You can configure up to 8 NSS feeds for each NSS server. For each feed, you can configure multiple types of filters. For example, you can configure separate feeds for each location or for different policy rules.
To start setting up your NSS feeds, you must first log in to the Zscaler admin area.
If you do not want to ingest all NSS Feed fields, you can delete those fields from the Devo-based Output Format.
Take into consideration that changes to the provided Devo Output Format could cause ingestion errors.