Zscaler Integration

XGEN SOAR Integration

Integrating the Zscaler Platform with D3 XGEN SOAR enables rapid orchestration of firewall actions to protect users, endpoints, and data, no matter where they are. With D3, threat intelligence and uncovered IOCs can be turned into Zscaler updates via automated playbooks, with no screen-switching or manual data entry required.
Zscaler Integration

Download Integration Guide



Integration Features

1
Orchestrate Zscaler operations from D3 playbooks, including updating Allowlists and Denylists
2
Retrieve sandbox reports from Zscaler to identify malicious files
3
Automate bulk updates, such as blacklisting all URLs from a threat intelligence report
4
Assign URLs to Zscaler categories from D3

Key Use Case

Zscaler Integration

#1: Phishing Response Orchestration

When a potential phishing email is detected, D3 strips out all of the elements for analysis, including the URL of any links in the email. The elements are checked against threat intelligence and historical incident data and given a risk score. If any URLs are found to be malicious, D3 can blacklist them in Zscaler, directly from the automated playbook. The playbook will also orchestrate any other necessary tasks across the security infrastructure, such as blocking the sender’s domain, deleting the email from inboxes, and scanning for any other affected endpoints.
Zscaler Integration

#2: Bulk Firewall Updates

Updating firewall Allowlists and Denylists to respond to new threat intelligence or internal policies can be a time-consuming process. When done manually, Allowlists and Denylists usually need to be updated one-by-one. When a Zscaler user needs to make bulk updates to their firewall rules, they can run an automated playbook in D3 to make all of the updates at once, including assigning URLs to categories within Zscaler.
X Zscaler Integration