0
11.1.3
Yokohama, Xanadu, Washington DC, Vancouver Patch 4, Vancouver
The Security Incident Response integration with Zscaler enables Security Analysts to do the following:
- Perform a reputation lookup of observables against the global threat library maintained by Zscaler.
- Add or remove observables from the block list or allow list on Zscaler.
- Retrieve and review sandbox reports from Zscaler for an MD5 hash.
In addition, this integration also supports creating a security incident from Patient 0 alerts that are generated in Zscaler when a user downloads an unknown malicious file.
- Threat Lookup:
- Analyst will be able to trigger reputation lookups on URL/IP/Domain.
- Deny/Allow URLs/IPs/Domain:
- Analyst will be able to add URLs/IPs/Domain to tenant-specific DenyList/AllowList or other URL categories.
- Supports periodic removal of entries from the list based on expiration value.
- Supports an Approval workflow.
- Sandbox Report Lookup:
- Analyst will be able to look up the Sandbox report of the MD5 hash and store it against the incident.
- Create Security Incidents out of Patient 0 alerts:
- Support for ingestion of patient 0 alerts and create security incidents out of them.
Fixed :
- Resolved the issue where the 'Approval for Add to DenyList' flow was failing.
- Corrected the duplication of Approver records for the DenyList.
- Required plugins and products
- Dependencies
- Properties that need to be created or set to activate the content pack
- Affected business rules
- Affected script includes
- .jar files that need to get uploaded, if applicable