Zscaler is a leading cloud-based security platform that protects your organization's network and SaaS applications. Panther can collect, normalize, and monitor Zscaler logs to help you identify suspicious activity in real-time. Your normalized data is then retained for future security investigations in a data lake powered by Snowflake.
Panther supports the ingestion of two types of Zscaler product logs:
Common SIEM use cases for these logs include:
Panther’s integration for Zscaler is easy to configure, allowing you to onboard your log data in just a few minutes. Zscaler logs can be streamed either to an HTTP endpoint or an S3 bucket for Panther to ingest.
For more details on onboarding Zscaler logs or for supported log schema, you can view our Zscaler documentation here .
As Panther ingests events, they are parsed, normalized, and stored in a Snowflake security data lake. This empowers security teams to craft detections, identify anomalies, and conduct investigations on your data in the context of days, weeks, or months.
Panther’s managed schema will apply normalization fields to your Zscaler events, which standardize names for attributes and empower users to correlate and investigate data across all log types. For more on searching log data in Panther, check out our documentation on Investigations & Search .
With Panther, your team won’t be confined to restrictive detection rules as seen in many SIEM platforms. Panther is built with detection-as-code principles, giving you the ability to use Python to write expressive detections, and to integrate external systems like version control and CI/CD pipelines into your detection engineering workflows. This results in powerful, flexible, and reusable scripting of detections for your security team. In addition, you can create correlation rules to link multiple events together, like IDP logs and Zscaler logs, for highly targeted alerts.
A number of pre-built detections for Zscaler are available by default in Panther, offering users immediate value for monitoring common IoCs and threats. You can explore our built-in detection coverage for Zscaler logs here.
Panther fires alerts when your detection rules or policies are triggered, and integrates with a variety of alert destinations to allow for easy access and management of any Zscaler alerts. Alerts can also be forwarded to alert context or SOAR platforms for more remediation options.
Alerts are categorized in five different severity levels: Info, Low, Medium, High, and Critical. Security teams have the options to dynamically assign severity based on specific log event attributes.
If you have any questions about configuring Zscaler with Panther, we’re here to help. All customers have access to our technical support team via a dedicated Slack channel, email, or in-app messenger.
You can check out our documentation on configuring Zscaler here, or customers can sign up for the Panther Community to share best practices or custom detections for Zscaler.
With Panther, security teams don’t have to struggle with restrictive detection logic, waste time and resources on operational overhead, or pay skyrocketing costs to keep up with the growth of cloud data. Panther was founded by a team of veteran security practitioners who struggled with legacy SIEM challenges first-hand, and built an intuitive, cloud-native platform to solve them.
Panther is a cloud-native SIEM built for security operations at scale, offering flexible detection-as-code, intuitive security workflows, and actionable real-time alerts to keep up with the needs of today’s security teams. For a powerful, flexible, and scalable SIEM solution, request a demo today.
Monitor your team’s communication and collaboration tools for suspicious activity.
Identify any suspicious activity within your Google Workspace applications.
Monitor threats in Google Workspace and M365.
Identify any suspicious cloud-based app or service activity.
Monitor your IdP for suspicious activity.
Monitor email threats.
Inspect all SSH access activity for signs of suspicious behavior.
Continuously monitor your Notion workspace.
