icon/x Created with Sketch.

Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy

We are working on something new...

A Fresh New Splunkbase
We are designing a New Splunkbase to improve search and discoverability of apps. Check out our new and improved features like Categories and Collections. New Splunkbase is currently in preview mode, as it is under active development. We welcome you to navigate New Splunkbase and give us feedback.
Cancel Visit New Splunkbase Visit
My Account
Login Signup
Support & Services
Search Splunk Documentation Splunk Answers Education & Training User Groups Splunk App Developers Support Portal Contact Us
My Account
Login Signup
Support & Services
Search Splunk Documentation Splunk Answers Education & Training User Groups Splunk App Developers Support Portal Contact Us

Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the license provided by that third-party licensor. Splunk is not responsible for any third-party apps and does not provide any warranty or support. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly.

ISC License

Splunk Websites Terms and Conditions of Use

Thank You

Downloading Zscaler Splunk App
SHA256 checksum (zscaler-splunk-app_3018.tgz) 8e2731a07111b43acae9c1782402f221fa1d28e1cedb070f9e77f45f4e0bad75 SHA256 checksum (zscaler-splunk-app_3014.tgz) a46d41eb09a931d29b38d90a8f6b357a9449ea5578c6c9189dd6bf6a3d458b8b SHA256 checksum (zscaler-splunk-app_3012.tgz) 26742250432846430bc0c7d1c52df97da2e4946ce244eed08ed75e150110715e SHA256 checksum (zscaler-splunk-app_307.tgz) 125af99711628224febc19cf7c1b60e7d3aa398fe636d4a8b65c7ca5aa03e4d8 SHA256 checksum (zscaler-splunk-app_305.tgz) 5f8f9821fcc410ca77e7d63a2100139c6b332eeb551dc8efd1214dd1323730a4 SHA256 checksum (zscaler-splunk-app_304.tgz) dfdf1fe65fa3993627ee6d34faff3c70422f6899f9f221569b0f12de18fdf501 SHA256 checksum (zscaler-splunk-app_302.tgz) 47b1bdebb1dcc09dd633db4d10261c58a2f596c1b5e065d48dab2944a4eec11b SHA256 checksum (zscaler-splunk-app_301.tgz) 3f597025e5e9b9afde2c7f169add9ad16e449d044299135e8ee4a5c5c2eac74d SHA256 checksum (zscaler-splunk-app_300.tgz) fd9e2c800d7a7eb953dc695394b14dc7542966b3a9a7c3703c77a518ea9d143c SHA256 checksum (zscaler-splunk-app_208.tgz) e80b4f6d6499b6af9b30a261ab5dad10a40e8211efbc628d9580b97c34af434e SHA256 checksum (zscaler-splunk-app_207.tgz) 7e45f8793d5de51ad2887d91054acdeb4c1e4dc831638af72b5bebe4a46e5033 SHA256 checksum (zscaler-splunk-app_206.tgz) 7bc0d3ace4c73bd27c462424ba9ab3953f9bf779086614986d5ef3966e95898c SHA256 checksum (zscaler-splunk-app_205.tgz) fd69adef63dc8223188fa5e49bd331ce877edd27294a546f06807cd2746192da SHA256 checksum (zscaler-splunk-app_204.tgz) 0425cb6759c38ca9fefa2891c35a373421ae75b22bcf9decdaa82a2e83285e5e SHA256 checksum (zscaler-splunk-app_203.tgz) 1682cbdbfa27a1416c632ccaa72ea6d51e94de8e96867f6fb472622683d30657 SHA256 checksum (zscaler-splunk-app_202.tgz) e5fc50d9ca432abbf5d001a2216d355e201b6e9b01e22e427902f60aca27713f SHA256 checksum (zscaler-splunk-app_200.tgz) ce64463debf0756b886c1542fc248358bd74badac70a733b5d763acf5180caf3 SHA256 checksum (zscaler-splunk-app_103.tgz) aa43e4b3cb06b814482595fbfcdb0ed85ae1f4b4f9aca9db9863f4deb3116f5c SHA256 checksum (zscaler-splunk-app_102.tgz) fb5fdec7448c379bba4aa8ec00506290849d2368c2ff755e4faba90b9ce3afdb SHA256 checksum (zscaler-splunk-app_101.tgz) bc39a00b6055f3fa9b85c9c5e05c71546e703cb709e6af840218b8a87b5dae48 SHA256 checksum (zscaler-splunk-app_10.tgz) 840824d307e1cfe1f35e9f4d91fcadbf34be5139a0e1a96949f0c479e6317635
To install your download
For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate
splunk

Zscaler Splunk App

Splunk Cloud
Overview
Details
The Zscaler App for Splunk provides detailed dashboards and reporting for all Zscaler products using Zscaler Nanolog Streaming and Log Streaming services. The Zscaler App for Splunk can also ingest DLP incident information, bringing full context for DLP incidents directly into Splunk

Pre-built reports exist for Zscaler’s Internet Access and Private Access Platforms, this include:
* Overview Dashboards showing highlights for your Zscaler products
* Focussed dashboards for:
- Threat Intelligence
- Web Usage
- Remote Access usage
- Zscaler DLP - event and incident reports
Zscaler is excited to deliver this tight integration with Splunk and will continue to enhance reports, dashboards and integrations for the Zscaler Splunk App.

Please note this app has a key dependancy on the Zscaler TA for Splunk --> https://splunkbase.splunk.com/app/3865/

Full App and TA Documentarian is available here --> https://community.zscaler.com/t/zscaler-splunk-app-design-and-installation-documentation/4728

To ingest logs from the Zscaler Cloud into Splunk, an NSS server needs to be deployed. The NSS feed will send CIM formatted logs to Splunk. The Zscaler Technical Adapter for Splunk normalizes the logs into a common format that can be leveraged by different applications.

The Zscaler Splunk App provides pre built reports and dashboards including:
* Threat Intelligence
* Web Usage
* Remote Access Activity
* DLP events and incidents

Dependency

Documentation

For additional documentation, reach out to splunk-support@zscaler.com

Release Notes

Version 3.0.18
Aug. 27, 2024

fixing zsten compatibility issue
Version 3.0.14
June 18, 2024

Fixing Splunk Cloud compatibility issues
Version 3.0.12
June 3, 2024

fixing Splunk cloud compatibility issues
Version 3.0.7
April 25, 2024
  • Updated administrative audit dashboard to work with data coming from API or syslog / HEC
  • Updated z-audit macro to support ZIA Audit data irrespective of getting it by calling ZIA API or streaming / HEC
  • Fixed issue with ALLOWED VS BLOCKED TRANSACTIONS panel on the Web Traffic Overview dashboard.
  • Fixed issue with "User sending data into Cloud Apps" panels in Bandwidth Report dashboard
Version 3.0.5
April 2, 2024

Bug fixes
Version 3.0.4
April 1, 2024
  • Updated dashboards
Version 3.0.2
Sept. 29, 2023

Zscaler Splunk App v3.0.2

  • Bug fix on report acceleration
Version 3.0.1
Feb. 7, 2023
  • Added Posture Control dashboard for posture control alerts to navigation pane
  • Scanned and vetted the add-on to ensure Python3 and jQuery3.5 compatibility
  • Fixed dashboard panel queries that were not populating data
    • Firewall Access Controls
    • Private Access Connector Status
  • Removed Lateral Movement dashboard from the nav pane but still accessible if you go to Other Items -> Dashboards in the nav pane
  • Three ZPA related panels from the Lateral Movement have been moved under Private Access Performance Overview dashboard
  • Two new panels - WEB - SSL DECRYPTED & NON-DECRYPTED PROTOCOL DISTRIBUTION added under Web Traffic Overview dashboard
  • New panel - Top 10 URL's triggering Browser Isolation - added to dashboard Top 10's
  • Removed two panels - Sandbox Pending Detonation & Recent Sandbox Detonation - from Zscaler Overview and added them in in Threat Prevention -> Sandbox dashboard
  • Removed Event Flows (Top 100) panel, added Event Types panel and rearranged other panels in Connections dash
Version 3.0.0
Nov. 27, 2022

PREVIEW: UNDER TEST

Fixes:
- Fixed dashboard panel queries that were not populating data
- Firewall Access Controls
- Private Access Connector Status
- Scanned and vetted the add-on to ensure Python3 and jQuery3.5 compatibility

New panels and dashboards:
- SSL decryption rates: Two new panels showing SSL inspection %'s under Web Traffic Overview dashboard
- Browser Isolation - URLs triggering a browser isolation policy - added to Top 10 dashboard
- Posture Control - New dashboard covering Cloud and IaC alerts for Zscaler Posture Control (CNAPP)

Cleanup:
- Three ZPA panels moved from Lateral Movement to Private Access Performance Overview dashboard
- Moved two sandbox panels from Zscaler Overview to Threat Prevention -> Sandbox dashboard
- Removed Event Flows (Top 100) panel, added Event Types panel and rearranged other panels in Connections dashboard
- All external page references under Zscaler Tools menu now opens in a new tab
Version 2.0.8
July 19, 2022
  • Removed unused test dashboards
  • Fixed search syntax
Version 2.0.7
Oct. 14, 2021

Update 4/11/22: The sandbox and audit logs is currently unsupported within the Splunk App. Although the functionality to get these logs still exist within Zscaler, the Splunk App does not currently support fetching these logs.

Notes:
This release upgrades all dashboard to XML 1.1, which will invoke updated JQuery and reestablish compatibility with Splunk Cloud.

Note: new Dashboards for Lateral Movement and Data Protection have been added, some widgets will be searching on new undocumented sourcetypes, full support these sourcetypes (e.g. CIM Mapping, setup instruction) is still be worked on and will be coming in the next TA update, coupled with the needed updates to the Zscaler/Splunk admin/install guide.
Version 2.0.6
Aug. 10, 2020
  • Added new Dashboard for Zscaler Private Access Connecter health (CPU, RAM, Network etc)
  • Minor fixes to Connections dashboard, and general app layout
  • Other small adjustments based on customer feedback
Version 2.0.5
Jan. 9, 2020

Added fix for Tunnel Widget not displaying rules in landing dashboard
Version 2.0.4
Dec. 30, 2019

Added fixes to make macro edit more friendly
Minor edits to some widgets to work better with RBAC
Version 2.0.3
Dec. 24, 2019

Now filtering locations from user oriented reports/widgets.
Version 2.0.2
Oct. 21, 2019

Added exciting new Security and Threat dashboards
- Security overview with Clickable events (pivot based on threats over user)
- Overall Trading info
- Web Traffic overview
Version 2.0.0
July 9, 2019

Version 2.0.0
Added Reports and Dashboard for new Modular Inputs:
- Admin Audit Logs (ZIA)
- Cloud Sandbox detailed reports

Moved all macros into TA, removed from App

Overview Dashboard modified to better reflect summary of all data inputs

New Private Access Health Dashboard
Version 1.0.3
May 2, 2018

V1.0 - Initial Release
V1.0.1 - Changed App name to "Zscaler Splunk App"
V1.0.2 - Removed dependabcy for "IMAP Mailbox" as it's not Splunk Certified
V1.0.3 - updated README.txt to include correct links in deps section
Version 1.0.2
April 16, 2018
Version 1.0.1
Feb. 28, 2018

V1.0.1 - Changed App name to "Zscaler Splunk App"
Version 1.0
Jan. 30, 2018
13,030
Downloads
Share Subscribe LOGIN TO DOWNLOAD
Version
Built by
Zscaler
Support
Developer Supported
Contact Developer Questions on Splunk Answers Flag as inappropriate
Compatibility
This version of the app (3.0.7) is not available for Splunk Cloud. However, version 3.0.12 of this app is available for Splunk Cloud.
This version of the app (3.0.5) is not available for Splunk Cloud. However, version 3.0.12 of this app is available for Splunk Cloud.
This version of the app (3.0.4) is not available for Splunk Cloud. However, version 3.0.12 of this app is available for Splunk Cloud.
This version of the app (3.0.2) is not available for Splunk Cloud. However, version 3.0.12 of this app is available for Splunk Cloud.
This version of the app (3.0.1) is not available for Splunk Cloud. However, version 3.0.12 of this app is available for Splunk Cloud.
This version of the app (3.0.0) is not available for Splunk Cloud. However, version 3.0.12 of this app is available for Splunk Cloud.
This version of the app (2.0.8) is not available for Splunk Cloud. However, version 3.0.12 of this app is available for Splunk Cloud.
This version of the app (2.0.7) is not available for Splunk Cloud. However, version 3.0.12 of this app is available for Splunk Cloud.
This version of the app (2.0.6) is not available for Splunk Cloud. However, version 3.0.12 of this app is available for Splunk Cloud.
This version of the app (2.0.5) is not available for Splunk Cloud. However, version 3.0.12 of this app is available for Splunk Cloud.
This version of the app (2.0.4) is not available for Splunk Cloud. However, version 3.0.12 of this app is available for Splunk Cloud.
This version of the app (2.0.3) is not available for Splunk Cloud. However, version 3.0.12 of this app is available for Splunk Cloud.
This version of the app (2.0.2) is not available for Splunk Cloud. However, version 3.0.12 of this app is available for Splunk Cloud.
This version of the app (2.0.0) is not available for Splunk Cloud. However, version 3.0.12 of this app is available for Splunk Cloud.
This version of the app (1.0.3) is not available for Splunk Cloud. However, version 3.0.12 of this app is available for Splunk Cloud.
This version of the app (1.0.2) is not available for Splunk Cloud. However, version 3.0.12 of this app is available for Splunk Cloud.
This version of the app (1.0.1) is not available for Splunk Cloud. However, version 3.0.12 of this app is available for Splunk Cloud.
This version of the app (1.0) is not available for Splunk Cloud. However, version 3.0.12 of this app is available for Splunk Cloud.
Products: Splunk Enterprise, Splunk Cloud Products: Splunk Enterprise, Splunk Cloud Products: Splunk Enterprise, Splunk Cloud Products: Splunk Enterprise Products: Splunk Enterprise Products: Splunk Enterprise Products: Splunk Enterprise Products: Splunk Enterprise Products: Splunk Enterprise Products: Splunk Enterprise Products: Splunk Enterprise Products: Splunk Enterprise Products: Splunk Enterprise Products: Splunk Enterprise Products: Splunk Enterprise Products: Splunk Enterprise Products: Splunk Enterprise Products: Splunk Enterprise Products: Splunk Enterprise Products: Splunk Enterprise Products: Splunk Enterprise
Splunk Versions: 9.3, 9.2, 9.1 Platform: Platform Independent CIM Versions: 5.x, 4.x Splunk Versions: 9.3, 9.2, 9.1 Platform: Platform Independent CIM Versions: 5.x, 4.x Splunk Versions: 9.3, 9.2 Platform: Platform Independent CIM Versions: 5.x Splunk Versions: 9.3, 9.2, 9.1, 9.0, 8.2, 8.1, 8.0 Platform: Platform Independent CIM Versions: 5.x Splunk Versions: 9.3, 9.2, 9.1, 9.0, 8.2, 8.1 Platform: Platform Independent CIM Versions: 5.x, 4.x Splunk Versions: 9.3, 9.2, 9.1, 9.0, 8.2, 8.1 Platform: Platform Independent CIM Versions: 5.x, 4.x Splunk Versions: 9.3, 9.2, 9.1, 9.0, 8.2, 8.1, 8.0 Platform: Platform Independent CIM Versions: 5.x, 4.x Splunk Versions: 9.3, 9.2, 9.1, 9.0, 8.2, 8.1 Platform: Platform Independent CIM Versions: 5.x, 4.x Splunk Versions: 9.3, 9.2, 9.1, 9.0, 8.2, 8.1 Platform: Platform Independent CIM Versions: 5.x, 4.x, 3.x Splunk Versions: 9.3, 9.2, 9.1, 9.0, 8.2, 8.1 Platform: Platform Independent CIM Versions: 5.x, 4.x, 3.x Splunk Versions: 9.3, 9.2, 9.1, 9.0, 8.2, 8.1, 8.0, 7.3 Platform: Platform Independent CIM Versions: 3.x Splunk Versions: 9.3, 9.2, 9.1, 9.0, 8.2, 8.1, 8.0, 7.3 Platform: Platform Independent CIM Versions: 4.x Splunk Versions: 9.3, 9.2, 9.1, 9.0, 8.2, 8.1, 8.0, 7.3, 7.2, 7.1, 7.0 Platform: Platform Independent CIM Versions: 4.x, 3.x Splunk Versions: 9.3, 9.2, 9.1, 9.0, 8.2, 8.1, 8.0, 7.3, 7.2, 7.1, 7.0 Platform: Platform Independent CIM Versions: 4.x, 3.x Splunk Versions: 9.3, 9.2, 9.1, 9.0, 8.2, 8.1, 8.0, 7.3, 7.2, 7.1, 7.0 Platform: Platform Independent CIM Versions: 4.x, 3.x Splunk Versions: 7.3, 7.2, 7.1, 7.0 Platform: Platform Independent CIM Versions: 4.x Splunk Versions: 7.3, 7.2, 7.1, 7.0 Platform: Platform Independent Splunk Versions: 7.2, 7.1, 7.0 Platform: Platform Independent CIM Versions: 4.x Splunk Versions: 7.1, 7.0 Platform: Platform Independent CIM Versions: 4.x Splunk Versions: 7.1, 7.0 Platform: Platform Independent CIM Versions: 4.x Splunk Versions: 7.0 Platform: Platform Independent CIM Versions: 4.x
Licensing
ISC License
Category & Contents
Categories: IT Operations, Security, Fraud & Compliance
App Type: App
Subscribe Share

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.

Submit New Splunk App Dev Resources
PLATFORM
Data-to-Everything Platform
Splunk Cloud
Splunk Enterprise
Splunk Machine Learning Toolkit
Splunk Data Stream Processor
Pricing
Free Trials & Downloads
SECURITY PRODUCTS
Splunk Enterprise Security
Splunk Phantom
Splunk Mission Control
Splunk User Behavior Analytics
IT OPERATIONS & OBSERVABILITY PRODUCTS
Splunk Infrastructure Monitoring
Splunk IT Service Intelligence
Splunk Application Performance Monitoring
Splunk On-Call
SOLUTIONS BY INITIATIVE
Cloud Transformation
SOLUTIONS BY FUNCTION
Security
IT
Devops
SOLUTIONS BY INDUSTRY
Aerospace & Defense
Communications
Energy & Utilities
Financial Services
Healthcare
Higher Education
Manufacturing
Nonprofits
Online Services
Public Sector
Retail
WHY SPLUNK?
Why Splunk?
Customer Stories
Partners
Data-to-Everything
Diversity & Inclusion
SUPPORT
Support Portal
Support Programs
Splunk Answers
Contact Us
Product Security Updates
RESOURCES
Events
Webinars
Blogs
Customer Success
Expert Services
Data Insider
View All Resources
FOR DEVELOPERS
Documentation
Best Practices
Get Started with Splunk
Training & Certification
User Groups
Community
Splunkbase
Splunk dev
COMPANY
About Splunk
Careers
Leadership
Splunk for Good
Splunk Ventures
Splunk Protects
Newsroom
COVID-19 Response
SPLUNK SITES
.conf
Splunk Live!
T-Shirt Store
Investor Relations
Follow Us:
© 2005-2024 Splunk LLC All rights reserved.
Sitemap | Privacy | Website Terms of Use | Splunk Licensing Terms | Export Control | Modern Slavery Statement | Splunk Patents | Report a Problem
Splunk, Splunk>,Turn Data Into Doing, Data-to-Everything, and D2E are trademarks or registered trademarks of Splunk LLC in the United States and other countries. All other brand names,product names,or trademarks belong to their respective owners.