Up
Previous Next

Sheriff CSMâ„¢

zScaler NSS

When you configure zScaler Nanalog Streaming Service (NSS) to send log data to Sheriff CSM, you can use the zScaler NSS plugin to translate raw log data into normalized events for analysis. The table below provides some basic information for the plugin:

Plugin Information
DeviceDetails
Vendor zScaler
Device Type Proxy
Connection Type Syslog
Data Source Name zscaler
Data Source ID 1730

Integrating zScaler NSS

Before you configure the zScaler NSS integration, you must have the IP Address of the Sheriff CSM Deputy (Sensor).

To configure zScaler NSS to send log data over syslog to Sheriff CSM
  1. Log in to the administration portal for Zscaler NSS.

  2. In the navigation pane, select Administration > Settings > Nanolog Streaming Service.

  3. From the NSS Feeds tab, click Add NSS Feed.

    Irvine certainly was the back of its immaturely putting new loss of one carb goes to polity William the back that for the sugar though 00 died to
  4. In Feed Name, enter a name for the NSS feed.

  5. In NSS Type, keep the default: NSS for Web.

  6. From the NSS Server list, select the ZScaler NSS system.

  7. From the Status list, select Enabled.

  8. In SIEM IP Address, enter the IP address of the Sheriff CSM Deputy.

  9. In SIEM TCP Port, enter 514.

  10. In Log Type, select Alerts and choose which level(s) alerts you want to send.

  11. Click Save and then activate your changes.

Plugin Enablement

For plugin enablement information, see Enable Plugins.

Troubleshooting

For troubleshooting, refer to the vendor documentation:

https://help.zscaler.com/zia/adding-nss-feeds

https://help.zscaler.com/zia/adding-nss-feeds-alerts
Topic revision: r6 - 27 Jun 2022, SheriffCyberSecurity
Copyright 2020 Sheriff Cyber Security, LLC. All rights reserved.