Try in Splunk Security Cloud

Description

Leverage searches that allow you to detect and investigate unusual activities that might relate to malicious activity from Zscaler. This also encompasses monitoring for events such as users downloading harmful files or accessing websites that pose a risk to system and network security. Additionally, the narrative extends to the detection of insider threats, ensuring comprehensive protection from both external and internal vulnerabilities. By leveraging Zscaler with Splunk, organizations can fortify their defenses, safeguarding against a wide spectrum of cyber threats and maintaining a secure operational environment.

  • Product: Splunk Enterprise, Splunk Enterprise Security, Splunk Cloud
  • Datamodel: Risk
  • Last Updated: 2023-10-25
  • Author: Rod Soto, Gowthamaraj Rajendran
  • ID: 5d4ba315-39df-4309-982f-a7052efccffd

Narrative

Zscaler Client Connector is an application installed on your device to ensure that your internet traffic and access to your organization’s internal apps are secure and in compliance with your organization’s policies, even when you’re off your corporate network.

Detections

Name Technique Type
Zscaler Adware Activities Threat Blocked Phishing Anomaly
Zscaler Behavior Analysis Threat Blocked Phishing Anomaly
Zscaler CryptoMiner Downloaded Threat Blocked Phishing Anomaly
Zscaler Employment Search Web Activity Phishing Anomaly
Zscaler Exploit Threat Blocked Phishing TTP
Zscaler Legal Liability Threat Blocked Phishing Anomaly
Zscaler Malware Activity Threat Blocked Phishing Anomaly
Zscaler Phishing Activity Threat Blocked Phishing Anomaly
Zscaler Potentially Abused File Download Phishing Anomaly
Zscaler Privacy Risk Destinations Threat Blocked Phishing Anomaly
Zscaler Scam Destinations Threat Blocked Phishing Anomaly
Zscaler Virus Download threat blocked Phishing Anomaly

Reference

source | version: 1