Configuring the AlienApp for Zscaler

Role Availability Read-Only Investigator Analyst Manager

To configure the AlienApp for Zscaler, you must first have the information listed in the Zscaler documentation, which includes the following:

  • An API subscription
  • An enabled API key
  • An API admin account

To acquire Zscaler configuration details

  1. Log in to the Zscaler admin page using your Zscaler credentials.
  2. Go to Administration > API Key Management.

    The page displays the base Uniform Resource Identifier (URI) and API key.

  3. Copy the base URI and key value to your clipboard or a secure location. You will need to enter them in USM Anywhere to configure the AlienApp.

To connect the Zscaler API to USM Anywhere

  1. In USM Anywhere, go to Data Sources > AlienApps.
  2. Click the Available Apps tab.
  3. Search for the AlienApp, and then click the tile.
  4. Click Configure API.
  5. If you have more than one deployed USM Anywhere Sensor, select the sensor that you want to use for the enabled AlienApp.

    AlienApps operate through a deployed sensor and use APIs to integrate with the connected third-party technology. Select the sensor that can access the integration endpoint. The HTTPS connections to the API will originate from this sensor, so it is important to make sure the sensor has network access to the AlienApp API endpoints.

  6. Enter the information you collected previously:

    • Base URI
    • Username
    • Password
    • Zscaler API Key
  7. Click Save.
  8. Verify the connection.

    After USM Anywhere completes a successful connection to the Zscaler APIs, a icon displays in the Health column.

    If the icon displays, there is a problem with the connection. The Message column provides information about the issue. Repeat the steps to fix the configuration or troubleshoot your Zscaler connection.

The AlienApp for Zscaler and the AlienApp for AT&T Secure Web Gateway

Because both the AlienApp for Zscaler and the AlienApp for AT&T Secure Web Gateway share configuration components through AlienApp for Zscaler, configuring one AlienApp will cause the other to appear as configured in your My Apps page. This is expected behavior. Do not delete or disable the AlienApp for Zscaler or the AlienApp for AT&T Secure Web Gateway. Changes to one AlienApp will cause configuration errors with the other AlienApp.

Forward Syslog Messages to AlienApp for Zscaler

To fully integrate USM Anywhere with the AlienApp for Zscaler, you can configure syslog forwarding in the Zscaler device to send events to your sensor. To collect logs from Zscaler Nanolog Streaming Service (NSS), you can add an NSS feed for alerts and enter the USM Anywhere Sensor IP address for the SIEM. See Adding NSS Feeds for Alerts for detailed instructions from the vendor.

However, the AlienApp for Zscaler can also act on events not generated from Zscaler. The actions you can use with this AlienApp take the source or destination IP addresses from any event or alarm and place them in an allowed list or blocked list, and then send it to Zscaler. See AlienApp for Zscaler Actions for details.