easy-accordion-free
domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init
action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/mother99/jacksonholdingcompany.com/wp-includes/functions.php on line 6114zoho-flow
domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init
action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/mother99/jacksonholdingcompany.com/wp-includes/functions.php on line 6114wordpress-seo
domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init
action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/mother99/jacksonholdingcompany.com/wp-includes/functions.php on line 6114The evolution of Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) technologies has been pivotal in shaping modern cybersecurity strategies. Traditionally, SIEM systems were primarily focused on data aggregation and alert generation, often resulting in an overwhelming number of alerts for security teams to handle. However, as cyberthreats grew more sophisticated, the need for a more proactive and responsive approach became evident. This led to the emergence of SOAR solutions, which complement SIEM by adding layers of automation, orchestration, and advanced response capabilities. <\/p>\n
Microsoft Sentinel represents the culmination of this evolution. As a cutting-edge SIEM and SOAR solution, Sentinel offers not only comprehensive data collection and analysis but also integrates automated response mechanisms. These advancements allow for quicker, more efficient handling of security incidents, ultimately enhancing the ability of organizations to swiftly adapt and respond to the ever-changing threat landscape.<\/p>\n
Keeping pace with these advanced features, Zscaler is excited to unveil two new integrations as part of our zero trust collaboration with Microsoft Sentinel. These are:
\nCloud NSS for ZIA log ingestion into Microsoft Sentinel<\/p>\n
Zscaler’s Cloud NSS, our innovative cloud-to-cloud log streaming service, now makes its way to Microsoft Sentinel, making it faster and easier to deploy, manage, and scale log ingestion from the Zscaler to Microsoft Sentinel Cloud.<\/p>\n
Fig: Cloud NSS overview<\/p>\n
This service enables native ingestion of Zscaler\u2019s comprehensive cloud security telemetry into Microsoft Sentinel, enriching investigation and threat hunting for cloud-first organizations without the need to deploy any infrastructure. <\/p>\n
Key benefits include<\/p>\n
\tReduced complexity: Since Cloud NSS operates in the cloud, it removes the need for additional on-premises hardware or infrastructure. This not only cuts down on physical resource requirements but also simplifies the overall security architecture.
\n\tStreamlined log management: Cloud NSS facilitates the efficient management and scaling of log ingestion. It simplifies the process of collecting and analyzing security logs, making it easier for organizations to manage large volumes of data.
\n\tScalability and flexibility: Cloud NSS is inherently scalable, accommodating the growing data and security needs of an organization. This flexibility ensures that as a company grows, its security infrastructure can grow and adapt without major overhauls.<\/p>\n
Expanded Zscaler Playbooks for Microsoft Sentinel<\/p>\n
The expanded Zscaler Playbooks for Microsoft Sentinel mark a significant advancement in our joint capability with Microsoft Sentinel. All Zscaler Playbooks leverage OAuth 2.0 for authentication, which result in:<\/p>\n
\tBetter security: OAuth 2.0 secures your APIs with dynamic credentials, which are time-bound and generated on demand for a client.
\n\tLimited exposure of credentials: Unlike the authentication model that uses API keys and ZIA admin credentials and may involve user management outside the organization’s identity provider, OAuth 2.0 does not require ZIA admin credentials for authentication.
\n\tGranular access control: The Client Credentials OAuth flow employs API Roles to define permissions required to access specific categories of cloud service API.<\/p>\n
Fig: OAuth 2.0 Flow<\/p>\n
Take advantage of the following Zscaler Playbooks to automate your workflows:<\/p>\n
\tZscaler-OAuth2-Authentication: Authenticate using OAuth 2.0
\n\tZscaler-OAuth2-BlacklistURL: Blacklist an IP in the Advanced Threat Protection Module.
\n\tZscaler-OAuth2-BlockIP: Block an IP using a URL category blocklist.
\n\tZscaler-OAuth2-BlockURL: Block a URL using a URL category blocklist.
\n\tZscaler-OAuth2-LookupIP: Lookup the URL category an IP belongs to.
\n\tZscaler-OAuth2-LookupSandboxReport: Lookup a Sandbox Report.
\n\tZscaler-OAuth2-LookupURL: Lookup the URL category a URL belongs to.
\n\tZscaler-OAuth2-UnblacklistURL: Un-blacklist a URL in the Advanced Threat Protection Module.
\n\tZscaler-OAuth2-UnblockIP: Remove an IP from a URL category blocklist.
\n\tZscaler-OAuth2-UnblockURL: Remove a URL from a URL category blocklist.
\n\tZscaler-OAuth2-WhitelistURL: Whitelist a URL in our Advanced Threat Protection Module.<\/p>\n
Fig: Zscaler-OAuth2.0 LookupURL Playbook <\/p>\n
The new Zscaler Playbooks for Microsoft Sentinel can be downloaded now from the Zscaler GitHub repository – https:\/\/github.com\/zscaler\/microsoft-sentinel-playbooks\u00a0\u00a0<\/p>\n
\u200b<\/p>\n