Analytics Story: Zscaler Browser Proxy Threats

Date: 2023-10-25 ID: 5d4ba315-39df-4309-982f-a7052efccffd Author: Rod Soto, Gowthamaraj Rajendran Product: Splunk Enterprise Security

Description

Leverage searches that allow you to detect and investigate unusual activities that might relate to malicious activity from Zscaler. This also encompasses monitoring for events such as users downloading harmful files or accessing websites that pose a risk to system and network security. Additionally, the narrative extends to the detection of insider threats, ensuring comprehensive protection from both external and internal vulnerabilities. By leveraging Zscaler with Splunk, organizations can fortify their defenses, safeguarding against a wide spectrum of cyber threats and maintaining a secure operational environment.

Why it matters

Zscaler Client Connector is an application installed on your device to ensure that your internet traffic and access to your organization's internal apps are secure and in compliance with your organization's policies, even when you're off your corporate network.

Detections

Name ▲▼	Technique ▲▼	Type ▲▼
Zscaler Adware Activities Threat Blocked	Phishing	Anomaly
Zscaler Behavior Analysis Threat Blocked	Phishing	Anomaly
Zscaler CryptoMiner Downloaded Threat Blocked	Phishing	Anomaly
Zscaler Employment Search Web Activity	Phishing	Anomaly
Zscaler Exploit Threat Blocked	Phishing	TTP
Zscaler Legal Liability Threat Blocked	Phishing	Anomaly
Zscaler Malware Activity Threat Blocked	Phishing	Anomaly
Zscaler Phishing Activity Threat Blocked	Phishing	Anomaly
Zscaler Potentially Abused File Download	Phishing	Anomaly
Zscaler Privacy Risk Destinations Threat Blocked	Phishing	Anomaly
Zscaler Scam Destinations Threat Blocked	Phishing	Anomaly
Zscaler Virus Download threat blocked	Phishing	Anomaly

Data Sources

Name ▲▼	Platform ▲▼	Sourcetype ▲▼	Source ▲▼

References

Source: GitHub | Version: 1