Skip to main content
Sumo Logic

Install the Zscaler Web Security App and view the Dashboards

Install the Sumo Logic App

Now that you have set up collection, install the Sumo Logic App for Zscaler to use the preconfigured searches and Dashboards that provide insight into your data. 

To install the app:

  1. Select App Catalog, search for and select the app, and click Add to Library. (In the classic UI, click Library, click Apps, select the app, and click Install. If you don't find the app under Apps, it might be a preview app. Try clicking Preview to find the app.)
  2. Click Preview Dashboards if you'd like to see a preview of the dashboards included with the app before installing.
  3. In the Install Application dialog box, select the installation path (the default is the Personal folder in the library), or click New Folder to add a new folder.
  4. Select either of these options for the log data source.
  • Choose Select from Existing Source Categories, and select the source catalog from the Source Category list.
  • Choose Enter a Custom Data Filter and enter a custom source category beginning with an underscore. Example: (_sourceCategory=MyCategory).
  1. Click Add to Library.

Once an app is installed, it will appear in your Personal folder, or other folder that you specified. From here, you can share it with your organization. See Welcome to the New Library for information on working with the library in the new UI.

Panels will start to fill automatically. It's important to note that each Panel slowly fills with data matching the time range query and received since the Panel was created. Results won't immediately be available, but with a bit of time, you'll see full graphs and maps. 

Dashboards

Zscaler- Overview

The Zscaler - Overview Dashboard provides general information of the Zscaler Web Gateway logs, including Panels that drill-down into the other Zscaler Dashboards. The Overview Dashboard gives a good starting point for detecting anomalies in blocked traffic and geographic hotspots for allowed and blocked traffic.

ZscalerOverview

File Classification Threats. Displays the number of file classification threats in a single value chart for the last six hours.

Blocked Traffic. Provides the number of blocked traffic events in a single value chart for the last hour.

Denied Events. Shows the number of denied events in an area chart on a timeline for the last hour.

Location of Denied Activities. Performs a geo lookup operation to display the number and location of IP addresses of denied activities on a map of the world for the last hour.

Location of Allowed Activities. Performs a geo lookup operation to display the number and location of IP addresses of allowed activities on a map of the world for the last hour.

Denied to Allowed Ratio. Displays the ratio of denied to allowed events in an area chart on a timeline for the last hour.

Denied to Allowed Ratio - Outlier. Shows the ratio of denied to allowed events in an outlier chart on a timeline for the last six hours.

Zscaler- Behavior

The Zscaler - Behavior Dashboard focuses on allowed traffic behaviors, showing trends and deviations by users, content types accessed, content categories, super categories, and bandwidth trends.

Zscaler Behavior

Data Volume

MB Out by Top 5 Countries. Displays the details of MB out by top five countries in a table chart including country name, MB count, and percent usage for the last hour.

MB In by Top 5 Countries. Shows the details of MB in by top five countries in a table chart including country name, MB count, and percent usage for the last hour.

Destination vs Source Volume. Provides information on the volume of destination vs source in an area chart on a timeline for the last hour.

Non-General Browsing

Non-General Activity by App Class. Displays activity by app class in a stacked area chart on a timeline for the last hour.

Non-General Activity by App Name. Shows activity by app name in a stacked area chart on a timeline for the last hour.

Non-General Activity by Top Named Users. Provides activity by top named users in a stacked column chart on a timeline for the last hour.

General Browsing

General Activity by Super Category and Sub Category. Displays details about activity by super category and sub category in a stacked column chart for the last hour.

General Browsing by Realm. Shows details of browsing by realm in a stacked area chart on a timeline for the last hour.

Top General Browsing by Named Users. Provides details of browsing by named users in a stacked column chart on a timeline for the last hour.

Zscaler- Blocked Traffic

The Zscaler - Blocked Traffic Dashboard illustrates outliers in both blocked traffic peaks and multi-dimensional outliers for blocked activity specific to user.

Zscaler Blocker Traffic

Blocked Events Outlier. Displays blocked event outliers in an outlier chart on a timeline for the last three hours.

Outliers by User. Displays outliers by user in a column chart on a timeline for the last three hours.

Policy Violations by Realm. Shows policy violations by realm in a stacked column chart for the last hour.

Top 10 Users. Displays the top 10 users with the most activity in a pie chart for the last hour.

Top 10 Realms. Shows the top 10 realms with the most activity in a pie chart for the last hour.

Top 10 Policy Violations. Provides the top 10 policy violations in a pie chart for the last hour.

Top 10 Blocked Base URLs. Displays the top 10 blocked base URLs with the most activity in a pie chart for the last hour.

Zscaler- File Classification Activity

The Zscaler - File Classification Activity Dashboard focuses on file-based threats by users, threat name, file types, and subtypes for a overarching view of blocked files across the Zscaler environment.

Zscaler File Classification

File Threats by User. Displays file threats by user in a stacked area chart on a timeline for the last hour.

File Based Threats Outlier. Shows file-based outlier threat events on an outlier chart on a timeline for the last three hours.

File Threats by Risk Score. Provides file threats by risk score in a stacked area chart on a timeline for the last hour.

Threats by App. Details threats by app in a stacked column chart for the last hour.

Threats by File Class. Shows threats by file class in a stacked column chart for the last hour.

Threats by File Types. Details threats classified by file types in file classes in a stacked column chart for the last hour.