Regarding Zscaler integration with security incident response

KarthikReddyN
Tera Contributor

Hi All,

I need to perform a task on Security Incident Response Module, where i need to integrate the Zscaler application to servicenow from scratch.
i struct with the admin account creation part in zscaler.
can anyone of you guide me am i on the right path or not.....?

your guidance is really helpful to me.

Thanks in Advance,
Karthik


2 REPLIES 2

Eliz Skogquist
ServiceNow Employee
ServiceNow Employee

Hi KarthikReddyN,

 

Are you able to use the SIR integration to Zscaler from the ServiceNow store: https://www.servicenow.com/docs/bundle/yokohama-security-management/page/product/secops-integration-... ?

VaranAwesomenow
Mega Sage

As @Eliz Skogquist mentioned there is a store app Security Incident Response Integration with Zscaler - ServiceNow Store which performs following functions

he Security Incident Response integration with Zscaler enables Security Analysts to do the following:
  • Perform a reputation lookup of observables against the global threat library maintained by Zscaler.
  • Add or remove observables from the block list or allow list on Zscaler.
  • Retrieve and review sandbox reports from Zscaler for an MD5 hash.
In addition, this integration also supports creating a security incident from Patient 0 alerts that are generated in Zscaler when a user downloads an unknown malicious file.
 
You can refer to the data model of this app if you are interested in under the hood details of the app