AlienVault® USM Anywhere™

Configuring the AlienApp for Zscaler

Role Availability Read-Only Analyst Manager

To configure the AlienApp for Zscaler, you must first have the information listed in the Zscaler documentation page here, which includes the following:

  • An API subscription
  • An enabled API key
  • An API admin account

To acquire Zscaler configuration details

  1. Log in to the Zscaler admin page using your Zscaler credentials.
  2. Go to Administrastion > API Key Management.

    The page displays the base Uniform Resource Identifier (URI) and API key.

  3. Copy the base URI and key value to your clipboard or a secure location.You will need to enter them in USM Anywhere to configure the AlienApp.

To connect the Zscaler API to USM Anywhere

  1. In USM Anywhere, go to Data Sources > Integrations.
  2. Click the AlienApps tab.

    Available Apps tab

  3. On the AlienApps page, click the Zscaler tile.

  4. If you have more than one deployed USM Anywhere Sensor, select the sensor that you want to use for the enabled AlienApp.

    AlienApps operate through a deployed sensor and use APIs to integrate with the connected third-party technology. Select the sensor that can access the integration endpoint. The HTTPS connections to the API will originate from this sensor, so it is important to make sure the sensor has network access to the AlienApp API endpoints.

  5. Click Enable.
  6. Click the Settings tab.
  7. Enter the information you collected previously:

    • Base URI
    • Username
    • Password
    • Zscaler API & Key
  8. Click Save.

Forward Syslog Messages to AlienApp for Zscaler

See the zScaler NSS and follow the steps outlined in the Integrating Zscaler NSS section to configure syslog forwarding.

Assign Zscaler NSS to Your Assets

Because the Zscaler NSS plugin does not support automatic asset discovery, you must manually assign the Zscaler NSS plugin to the asset(s) representing the Zscaler device or management server’s IP address in USM Anywhere. If the Zscaler NSS plugin isn't assigned to any assets, the Zscaler events will be handled by the AlienVault Generic Plugin, which will result in some of the data from the log not being properly parsed or associated with the plugin.

See Manual Integration Management for instructions on how to assign the Zscaler plugin to your assets.