The AlienApp for Zscaler provides a set of orchestration actions that you can use to identify and categorize items to block as a response to threats identified by USM Anywhere
As USM Anywhere surfaces eventsAny traffic or data exchange detected by AT&T Cybersecurity products through a sensor, or through external devices such as a firewall., vulnerabilities, and alarmsAlarms provide notification of an event or sequence of events that require attention or investigation., your team determines which items require a response action. Rather than manually tagging threats, you can use the AlienApp for Zscaler orchestration actions to enforce protection based on the information associated with the event or alarm.
| Action | Description |
|---|---|
|
Add to Blocked List |
Add a source or destination to the Zscaler blocked list. |
|
Add to Allowed List |
Add a source or destination to the Zscaler allowed list. |
|
Remove from Allowed List |
Remove a source or destination from the Zscaler blocked list. |
| Add to Custom Category |
Add a source or destination to a Zscaler category. Typing a category will bring up autocomplete suggestions of existing categories. When selecting this action, the Select Action window will also display two additional links at the bottom on the window. Click the Search for existing categories link to see if the IP address is currently associated with any categories. Click the URL Lookup link to obtain further information about the IP address such as the type of address and whether or not Zscaler has any registered security alerts associated with it. |
To view information about these actions in USM Anywhere
- In USM Anywhere, go to Data Sources > Integrations.
- Click the AlienApps tab.
-
On the AlienApps page, click the Zscaler tile.
- If you have more than one sensor, select the sensor where the AlienApp is enabled.
- Click the Actions tab to display information for the supported actions.
-
Click the History tab to display information about the executed orchestration actions.
