Hi Community,

I'm currently working on integrating Zscaler Web Access (ZWA) with ServiceNow and have a couple of questions around how ticket creation works out of the box and how to customize it.

1. What is the default ticket type created when Zscaler ZWA triggers an alert/event in ServiceNow? Is it a standard Incident or something else by default?

2. How can we change or configure it to create a Security Incident Response (SIR) ticket instead of the default ticket type? Is this done through the Zscaler connector settings, a Transform Map, or via a custom scripted REST API?

Some additional context:
- We are using the ServiceNow SecOps (Security Incident Response) module.
- The goal is to have Zscaler alerts automatically generate SIR tickets (sn_si_incident) so that the security team can manage them within the SecOps workflow.
- I'd appreciate any pointers to relevant documentation, scripted integrations, or configuration steps.

Has anyone done this before or found an efficient way to route Zscaler events directly into the SIR module? Any guidance, screenshots, or step-by-step tips would be greatly appreciated!

Thanks in advance!