The evolution of Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) technologies has been pivotal in shaping modern cybersecurity strategies. Traditionally, SIEM systems were primarily focused on data aggregation and alert generation, often resulting in an overwhelming number of alerts for security teams to handle. However, as cyberthreats grew more sophisticated, the need for a more proactive and responsive approach became evident. This led to the emergence of SOAR solutions, which complement SIEM by adding layers of automation, orchestration, and advanced response capabilities.

Microsoft Sentinel represents the culmination of this evolution. As a cutting-edge SIEM and SOAR solution, Sentinel offers not only comprehensive data collection and analysis but also integrates automated response mechanisms. These advancements allow for quicker, more efficient handling of security incidents, ultimately enhancing the ability of organizations to swiftly adapt and respond to the ever-changing threat landscape.

Keeping pace with these advanced features, Zscaler is excited to unveil two new integrations as part of our zero trust collaboration with Microsoft Sentinel. These are:
Cloud NSS for ZIA log ingestion into Microsoft Sentinel

Zscaler’s Cloud NSS, our innovative cloud-to-cloud log streaming service, now makes its way to Microsoft Sentinel, making it faster and easier to deploy, manage, and scale log ingestion from the Zscaler to Microsoft Sentinel Cloud.

Fig: Cloud NSS overview

This service enables native ingestion of Zscaler’s comprehensive cloud security telemetry into Microsoft Sentinel, enriching investigation and threat hunting for cloud-first organizations without the need to deploy any infrastructure.

Key benefits include

Reduced complexity: Since Cloud NSS operates in the cloud, it removes the need for additional on-premises hardware or infrastructure. This not only cuts down on physical resource requirements but also simplifies the overall security architecture.
Streamlined log management: Cloud NSS facilitates the efficient management and scaling of log ingestion. It simplifies the process of collecting and analyzing security logs, making it easier for organizations to manage large volumes of data.
Scalability and flexibility: Cloud NSS is inherently scalable, accommodating the growing data and security needs of an organization. This flexibility ensures that as a company grows, its security infrastructure can grow and adapt without major overhauls.

Expanded Zscaler Playbooks for Microsoft Sentinel

The expanded Zscaler Playbooks for Microsoft Sentinel mark a significant advancement in our joint capability with Microsoft Sentinel. All Zscaler Playbooks leverage OAuth 2.0 for authentication, which result in:

Better security: OAuth 2.0 secures your APIs with dynamic credentials, which are time-bound and generated on demand for a client.
Limited exposure of credentials: Unlike the authentication model that uses API keys and ZIA admin credentials and may involve user management outside the organization’s identity provider, OAuth 2.0 does not require ZIA admin credentials for authentication.
Granular access control: The Client Credentials OAuth flow employs API Roles to define permissions required to access specific categories of cloud service API.

Fig: OAuth 2.0 Flow

Take advantage of the following Zscaler Playbooks to automate your workflows:

Zscaler-OAuth2-Authentication: Authenticate using OAuth 2.0
Zscaler-OAuth2-BlacklistURL: Blacklist an IP in the Advanced Threat Protection Module.
Zscaler-OAuth2-BlockIP: Block an IP using a URL category blocklist.
Zscaler-OAuth2-BlockURL: Block a URL using a URL category blocklist.
Zscaler-OAuth2-LookupIP: Lookup the URL category an IP belongs to.
Zscaler-OAuth2-LookupSandboxReport: Lookup a Sandbox Report.
Zscaler-OAuth2-LookupURL: Lookup the URL category a URL belongs to.
Zscaler-OAuth2-UnblacklistURL: Un-blacklist a URL in the Advanced Threat Protection Module.
Zscaler-OAuth2-UnblockIP: Remove an IP from a URL category blocklist.
Zscaler-OAuth2-UnblockURL: Remove a URL from a URL category blocklist.
Zscaler-OAuth2-WhitelistURL: Whitelist a URL in our Advanced Threat Protection Module.

Fig: Zscaler-OAuth2.0 LookupURL Playbook

The new Zscaler Playbooks for Microsoft Sentinel can be downloaded now from the Zscaler GitHub repository – https://github.com/zscaler/microsoft-sentinel-playbooks  

 The evolution of Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) technologies has been pivotal in shaping modern cybersecurity strategies. Traditionally, SIEM systems were primarily focused on data aggregation and alert generation, often resulting in an overwhelming number of alerts for security teams to handle. However, as cyberthreats grew more sophisticated, the need for a more proactive and responsive approach became evident. This led to the emergence of SOAR solutions, which complement SIEM by adding layers of automation, orchestration, and advanced response capabilities.

Microsoft Sentinel represents the culmination of this evolution. As a cutting-edge SIEM and SOAR solution, Sentinel offers not only comprehensive data collection and analysis but also integrates automated response mechanisms. These advancements allow for quicker, more efficient handling of security incidents, ultimately enhancing the ability of organizations to swiftly adapt and respond to the ever-changing threat landscape.

Keeping pace with these advanced features, Zscaler is excited to unveil two new integrations as part of our zero trust collaboration with Microsoft Sentinel. These are:
Cloud NSS for ZIA log ingestion into Microsoft Sentinel

Zscaler’s Cloud NSS, our innovative cloud-to-cloud log streaming service, now makes its way to Microsoft Sentinel, making it faster and easier to deploy, manage, and scale log ingestion from the Zscaler to Microsoft Sentinel Cloud.

Fig: Cloud NSS overview

This service enables native ingestion of Zscaler’s comprehensive cloud security telemetry into Microsoft Sentinel, enriching investigation and threat hunting for cloud-first organizations without the need to deploy any infrastructure.

Key benefits include

Reduced complexity: Since Cloud NSS operates in the cloud, it removes the need for additional on-premises hardware or infrastructure. This not only cuts down on physical resource requirements but also simplifies the overall security architecture.
Streamlined log management: Cloud NSS facilitates the efficient management and scaling of log ingestion. It simplifies the process of collecting and analyzing security logs, making it easier for organizations to manage large volumes of data.
Scalability and flexibility: Cloud NSS is inherently scalable, accommodating the growing data and security needs of an organization. This flexibility ensures that as a company grows, its security infrastructure can grow and adapt without major overhauls.

Expanded Zscaler Playbooks for Microsoft Sentinel

The expanded Zscaler Playbooks for Microsoft Sentinel mark a significant advancement in our joint capability with Microsoft Sentinel. All Zscaler Playbooks leverage OAuth 2.0 for authentication, which result in:

Better security: OAuth 2.0 secures your APIs with dynamic credentials, which are time-bound and generated on demand for a client.
Limited exposure of credentials: Unlike the authentication model that uses API keys and ZIA admin credentials and may involve user management outside the organization’s identity provider, OAuth 2.0 does not require ZIA admin credentials for authentication.
Granular access control: The Client Credentials OAuth flow employs API Roles to define permissions required to access specific categories of cloud service API.

Fig: OAuth 2.0 Flow

Take advantage of the following Zscaler Playbooks to automate your workflows:

Zscaler-OAuth2-Authentication: Authenticate using OAuth 2.0
Zscaler-OAuth2-BlacklistURL: Blacklist an IP in the Advanced Threat Protection Module.
Zscaler-OAuth2-BlockIP: Block an IP using a URL category blocklist.
Zscaler-OAuth2-BlockURL: Block a URL using a URL category blocklist.
Zscaler-OAuth2-LookupIP: Lookup the URL category an IP belongs to.
Zscaler-OAuth2-LookupSandboxReport: Lookup a Sandbox Report.
Zscaler-OAuth2-LookupURL: Lookup the URL category a URL belongs to.
Zscaler-OAuth2-UnblacklistURL: Un-blacklist a URL in the Advanced Threat Protection Module.
Zscaler-OAuth2-UnblockIP: Remove an IP from a URL category blocklist.
Zscaler-OAuth2-UnblockURL: Remove a URL from a URL category blocklist.
Zscaler-OAuth2-WhitelistURL: Whitelist a URL in our Advanced Threat Protection Module.

Fig: Zscaler-OAuth2.0 LookupURL Playbook

The new Zscaler Playbooks for Microsoft Sentinel can be downloaded now from the Zscaler GitHub repository – https://github.com/zscaler/microsoft-sentinel-playbooks