All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Zscaler Addon and Splunk Cloud: Do they require a TCP input to accept alerts from Zscaler?

ytenenbaum_splu
Splunk Employee
Splunk Employee
‎05-24-2018 07:45 AM

I am having an interesting discussion with a client here regarding Splunk Cloud and the ZScaler app/add-on, as it is something they deem as critical (given current issues they are having), and we have an app/add-on for it. While both are supported on Cloud according to Splunkbase, after going through docs it appears that they require a TCP input to accept alerts from ZScaler. I thought that wasn’t permitted with cloud environments?

Do we approach this as opening a TCP input and firewalling it to specific source IP’s? Or do we approach this as it cannot be done with the cloud environment and requires a local UF in a DMZ that will forward the data up to the cloud for processing?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ytenenbaum_splu
Splunk Employee
Splunk Employee
‎05-24-2018 07:46 AM

They just need a HF next to their internal NSS server which we can listen to and forward onto Cloud.

Watch the 3 min video. It’s around 1 minute in.

https://help.zscaler.com/zia/about-nanolog-streaming-service

So customers need to purchase and deploy the NSS product:

https://help.zscaler.com/zia/about-nanolog-streaming-service
https://www.zscaler.com/resources/data-sheets/zscaler-nanolog-streaming-service.pdf

Communication is encrypted between zScaler cloud and a customer’s NSS VM. It is only syslog/tcp from NSS -> Splunk, which by this point, is within their internal network (or this could be within a DMZ, …etc).

View solution in original post

Reply
Solved! Jump to solution
Solution

ytenenbaum_splu
Splunk Employee
Splunk Employee
‎05-24-2018 07:46 AM

They just need a HF next to their internal NSS server which we can listen to and forward onto Cloud.

Watch the 3 min video. It’s around 1 minute in.

https://help.zscaler.com/zia/about-nanolog-streaming-service

So customers need to purchase and deploy the NSS product:

https://help.zscaler.com/zia/about-nanolog-streaming-service
https://www.zscaler.com/resources/data-sheets/zscaler-nanolog-streaming-service.pdf

Communication is encrypted between zScaler cloud and a customer’s NSS VM. It is only syslog/tcp from NSS -> Splunk, which by this point, is within their internal network (or this could be within a DMZ, …etc).

Reply
Get Updates on the Splunk Community!

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...

September Community Champions: A Shoutout to Our Contributors!

As we close the books on another fantastic month, we want to take a moment to celebrate the people who are the ...

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...