Get a Demo

Zscaler + D3 Morpheus

Automated IOC Enrichment, Sandboxing, and Orchestration

The Zscaler Platform enables fast and secure off-network connections and local internet breakouts for all your user traffic, without appliances. Integrating Zscaler with D3 Morpheus enables rapid orchestration of firewall actions to protect users, endpoints, and data, no matter where they are. 

Automate network security actions to reduce MTTR

Triage threats with D3’s Event Pipeline

Increase the quality of investigations

Get the D3 Integrations Guide

Benefits and Capabilities

With Morpheus, threat intelligence and uncovered IOCs can be turned into Zscaler updates via automated playbooks, with no screen-switching or manual data entry required. Our expert-built integration takes the burden of coding, maintenance, and troubleshooting off your hands, and enables you to:

  • Orchestrate Zscaler operations from Morpheus playbooks, including updating Allowlists and Denylists
  • Retrieve sandbox reports from Zscaler to identify malicious files
  • Automate bulk updates, such as blacklisting all URLs from a threat intelligence report
  • Assign URLs to Zscaler categories from Morpheus

Use Case 1

Phishing Response Orchestration

When a potential phishing email is detected, Morpheus strips out all of the elements for analysis, including the URL of any links in the email. The elements are checked against threat intelligence and historical incident data and given a risk score. If any URLs are found to be malicious, Morpheus can blacklist them in Zscaler, directly from the automated playbook. The playbook will also orchestrate any other necessary tasks across the security infrastructure, such as: 

  • Blocking the sender’s domain 
  • Deleting the email from inboxes 
  • Scanning for any other affected endpoints

Use Case 2

Bulk Firewall Updates

Updating firewall Allowlists and Denylists to respond to new threat intelligence or internal policies can be a time-consuming process. When done manually, Allowlists and Denylists usually need to be updated one-by-one. When a Zscaler user needs to make bulk updates to their firewall rules, they can run an automated playbook in Morpheus to make all of the updates at once.

  • Assign URLs to categories within Zscaler
  • Streamline firewall management
  • Parse complex threat intelligence reports to pull out relevant IOCs

Why Morpheus?

Joint users of Microsoft Security tools and D3 Morpheus don’t just get the capabilities we’ve described; they also get the countless other features that make Morpheus the leading autonomous SOC solution, including:

Expert-built AI-ready integrations across the stack

Tier 1–3 automation, based on deep research into the capabilities of common tools

Hyperpipe, which reduces alert volume by up to 98%

Cross-dimension correlation, which acts across tools, timeframes, TTPs, and artifacts

Zscaler Integration: Summary

Key Details
Feature-rich integration
Developed and maintained by D3
Drag integration into visual playbooks
Test integration from playbook
Automated firewall management

Integrations Done the Right Way

An unlimited number of pre-built integrations, expertly maintained by the largest technical team in security automation. Thoroughly researched, tested and built—and delivered for free. Always.

See All Integrations