Submit the security incident to the Zscaler URL category list

  • Release version: Zurich
  • Updated July 31, 2025
  • 1 minute to read

    • Submit entries directly for observables that are not associated with a specific ServiceNow AI Platform security incident record so that observable entries are in the appropriate allow or deny lists.

    Before you begin

    Role required: sn_si.admin

    About this task

    You can also add observables to the URL category list directly from the Observable record.

    Procedure

    1. Navigate to All > Zscaler Integration > Zscaler URL Category List Entries.
    2. Click New.
    3. On the form, fill in the fields.
      Table 1. Zscaler URL Category Lists Entries form
      Field Description
      Entry Value Observable name.

      If a matching observable is found, the rest of the form is automatically filled.

      If no matching observable is found, you must fill in the rest of information manually.
      Observable Value (for example, IP address or hash) that is associated with the observable.
      Observable Type Observable classification, such as an IP address or file hash.
      URL Category List URL category. For example, if an organization uses example.com for Office 365 services, then Zscaler categorizes example.com as Professional Services and Office 365.
      Source Name of the server. You can view only the previously configured Zscaler servers from the URL category list.
      Incident count Number of incidents that this observable appears in. This value is automatically updated when the observable is added to another incident manually or through a workflow.
      Active Indicator that the URL category list is active.
      Status Status if the observable is approved or rejected.
      Expiration Period (days)

      Expiration period of the URL category list. 0 (by default) indicates that the URL category list entry never expires.

      By changing this value, any observable that you add to this URL category is active for the number of days that you enter. You can enter a minimum value of 1.

      For example, if you set the expiration period to 30 days, the entries are removed from the category list after 30 days.

      Note:
      If you change the default expiration period of the URL category list entry, you see a warning that the period differs from the period that is configured in the selected URL category list.
      Additional Information Field where you can add more details about the observable.
    4. Click Submit.