icon/x Created with Sketch.

Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy

Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the license provided by that third-party licensor. Splunk is not responsible for any third-party apps and does not provide any warranty or support. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly.

Thank You

Downloading Zscaler Technical Add-On for Splunk
SHA256 checksum (zscaler-technical-add-on-for-splunk_310.tgz) a6dc271cce904352e0c98ca27e8824e90fafc14d014fdf5ae28317c55dffce77 SHA256 checksum (zscaler-technical-add-on-for-splunk_306.tgz) 23cdb09ee07346f0822361b14ae9958b8b41553a0550739bc4b8a6cb50758c74 SHA256 checksum (zscaler-technical-add-on-for-splunk_302.tgz) 254ec23c28fb68754f2ee2af68675ec5736b705e48936900033cc43b17db4bfd SHA256 checksum (zscaler-technical-add-on-for-splunk_301.tgz) 2d487cc5d74db64d9495d106811277ad8bc815ca862ac472d48a19f071f9d1e7 SHA256 checksum (zscaler-technical-add-on-for-splunk_300.tgz) 4e062d5df0b9979fb3dbd5922175b30eb622f333a88bdfedc06be0f33ca4c1f1 SHA256 checksum (zscaler-technical-add-on-for-splunk_214.tgz) 9c9f2d12cbc6269dbc70a712c8512aa726b90a976869e0bc616d055e0e17728b SHA256 checksum (zscaler-technical-add-on-for-splunk_213.tgz) 5e449e2072897e0886a42a8d32df8f5efc0323ed12032ec0c8762e36a4133b98 SHA256 checksum (zscaler-technical-add-on-for-splunk_210.tgz) dafd066120e8544f236216cc270e8c9517b89db54a2774cf029a2671a615978d SHA256 checksum (zscaler-technical-add-on-for-splunk_204.tgz) f9d81bc54f8090926ecf495cea323aedea64e5b1b6d25147124630f8aa9979b4 SHA256 checksum (zscaler-technical-add-on-for-splunk_202.tgz) 2798ecc16ede58fa881d4905965aa9d3176f2af6eae9191c9105fc85baa48e7d SHA256 checksum (zscaler-technical-add-on-for-splunk_200.tgz) 363701dfb694085f8026f05cc05e5f92369185a759b9c5c7cdd1d6faffa39931 SHA256 checksum (zscaler-technical-add-on-for-splunk_104.tgz) dbe112e556248efddf1efccca639a52eaf1af50dc611805acb98aca5299d57fa SHA256 checksum (zscaler-technical-add-on-for-splunk_103.tgz) ce1f81808975159929b920cde1697a663c581572c313be0ab64ecf0f7615e149 SHA256 checksum (zscaler-technical-add-on-for-splunk_102.tgz) acf8a3840c35642ec7004a234c910821a5066dafff52122b581f099014af7b52 SHA256 checksum (zscaler-technical-add-on-for-splunk_10.tgz) 151f7997757d68a3111c081a45b456633b1d1a58e3c5d79ab7a5ad40f13ca4eb
To install your download
To install apps and add-ons from within Splunk Enterprise
  1. Log into Splunk Enterprise.
  2. On the Apps menu, click Manage Apps.
  3. Click Install app from file.
  4. In the Upload app window, click Choose File.
  5. Locate the .tar.gz file you just downloaded, and then click Open or Choose.
  6. Click Upload.
  7. Click Restart Splunk, and then confirm that you want to restart.
To install apps and add-ons directly into Splunk Enterprise
  1. Put the downloaded file in the $SPLUNK_HOME/etc/apps directory.
  2. Untar and ungzip your app or add-on, using a tool like tar -xvf (on *nix) or WinZip (on Windows).
  3. Restart Splunk.
After you install a Splunk app, you will find it on Splunk Home. If you have questions or need more information, see Manage app and add-on objects.

Flag As Inappropriate

splunk

Zscaler Technical Add-On for Splunk

Splunk Cloud
Overview
The Zscaler Technical Add-On for Splunk takes events from Zscaler data sources and maps these to Splunk’s Common Information Model, this can be leveraged by Splunk Enterprise Security and and app leveraging the CIM Data Model, including the Zscaler App for Splunk

This TA should be installed as per Splunk's guidelines on TA installation, e.g. http://docs.splunk.com/Documentation/ES/5.0.0/Install/InstallTechnologyAdd-ons

Full App and TA Documentarian is available here --> https://community.zscaler.com/t/zscaler-splunk-app-design-and-installation-documentation/4728

Release Notes

Version 3.1.0
Aug. 25, 2021

Updated to latest Splunk SDK as per update in Add-On Builder 4.0; maintain Splunk Cloud compatibility

Version 3.0.6
April 12, 2021

Fixed proxy support - no longer needs code changes, functions with Splunk UI
CIM Corrections
Added Source-type for Zscaler DLP Incident Receiver
Change in how Audit logs events are ingested - each event is logged separately, not nested in the report/JSON
Removed predefined ZDMEO::Beta inputs accidentally inserted in previous release
Added ZscalerGov back into Cloud Types, this is a repaired regression


Full doc here --> https://community.zscaler.com/t/zscaler-splunk-app-design-and-installation-documentation/4728

Note - Release 3.0.3 - 3.0.5 were only released privately.

Version 3.0.2
Oct. 5, 2020

3.0.2 - Fixes an issues where ZIA Audit Logs were missing or duplicated in some corner cases

Version 3.0.1
Aug. 17, 2020

3.0.1

Modified to macro "z-metricis" to value of index=_metrics so as to pass app-inspect validation - you will still need to modify this for your metrics index as per the full doc


Full doc here --> https://community.zscaler.com/t/zscaler-splunk-app-design-and-installation-documentation/4728

3.0.0.

Zscaler's Technical Add-on for Splunk has been fully rebuilt in latest Splunk Add-On builder (needed to pass new app-inspect and cloud-vetting requirements)

New ! - Connector Heath - requires admin to bond to Metrics-type Splunk index (default expected is z-metrics, can change in macros.conf)

  • Now using AoB2/AoB3/splunklib with python 3 compatibility (Zscaler SDK is already pithing 2/3 compat)
  • Enabled Proxy Settings in TA (not working for API)
  • Added new saved search to export connector metrics to metric index
  • Fixed Sandbox saved search and event logging
  • New requires python3 (per latest Splunk guidance) - reversion to python 2 via manual config changes
Version 3.0.0
Aug. 10, 2020

Zscaler's Technical Add-on for Splunk has been fully rebuilt in latest Splunk Add-On builder (needed to pass new app-inspect and cloud-vetting requirements)

New ! - Connector Heath - requires admin to bond to Metrics-type Splunk index (default expected is z-metrics, can change in macros.conf)

  • Now using AoB2/AoB3/splunklib with python 3 compatibility (Zscaler SDK is already pithing 2/3 compat)
  • Enabled Proxy Settings in TA configuration
  • Added new saved search to export connector metrics to metric index
  • Fixed Sandbox saved search and event logging
  • New requires python3 (per latest Splunk guidance) - reversion to python 2 via manual config changes

Full doc here --> https://community.zscaler.com/t/zscaler-splunk-app-design-and-installation-documentation/4728

Version 2.1.4
Jan. 9, 2020

Added fix to prevent extraction in proxied URL field

NOTE: When upgrading to this versions of the TA prior to 2.1.0 you will need to recreate your sandbox and/or audit-log modular inputs as these now use Global Accounts as per requirements for Splunk Cloud. The process for creating these inputs has been updated in the supporting documentation which is available here: https://community.zscaler.com/t/zscaler-splunk-app-design-and-installation-documentation/4728

Version 2.1.3
Dec. 31, 2019

Added fixes to make macro edit more friendly
Disabled KV Auto-Extract on web/proxy sourcetype to event URL query string extrapolation & overwrite at search time.
Minor app.manifest config fix for Splunk App Inspect pass

Version 2.1.0
Nov. 27, 2019

This version of the TA contains fixes for Splunk Cloud appvetting, it is the first API enabled version of the TA to be available for Splunk Cloud usage.

NOTE: When upgrading to this versions of the TA you will need to recreate your sandbox and/or audit-log modular inputs as these now use Global Accounts as per requirements for Splunk Cloud. The process for creating these inputs has been updated in the supporting documentation which is available here: https://community.zscaler.com/t/zscaler-splunk-app-design-and-installation-documentation/4728

Version 2.0.4
Oct. 21, 2019

Minor fix - correctly added ZIA-tunnel sourcetype

Version 2.0.2
Aug. 5, 2019

2.0.2 - added transforms.conf stanza for sandbox lookup (needed for App Inspect pass)

Version 2.0.0
July 9, 2019

Version 2.0.0
Added Modular Inputs for Zscaler API's
- Admin Audit Logs (ZIA)
- Cloud Sandbox detailed reports

Moved all macros into TA, removed from App

Added and cleaned CIM mapping

Version 1.0.4
May 3, 2018
Version 1.0.3
May 2, 2018
Version 1.0.2
April 16, 2018
Version 1.0
Jan. 30, 2018
4,833
Installs
6,905
Downloads
Share Subscribe LOGIN TO DOWNLOAD

Subscribe Share

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.

Follow Us:
Splunk, Splunk>,Turn Data Into Doing, Data-to-Everything, and D2E are trademarks or registered trademarks of Splunk Inc. in the United States and other countries. All other brand names,product names,or trademarks belong to their respective owners.