# ZScaler Cloud NSS Feed In this guide, you will create custom log formats for ZScaler NSS Cloud log configuration. This is required in order to send ZScaler logs to Radiant Security through HTTPS. ### Add the data connector in Radiant Security 1. Log in to [Radiant Security](https://app.radiantsecurity.ai/). 2. From the navigation menu, click **Settings > Data Connectors** and click **+ Add Connector**. 3. Search for and select the **ZScaler NSS (webhook)** option and then click **Data Feeds**, then click **Credentials**. 4. Under **Credential Name**, give the credential an identifiable name (e.g. `ZScaler Cloud NSS - Token`). If you already have a credential in place, select it from the drop-down menu. 5. In the **Connector** **tag** field, enter a random value. This value will act as the salt to randomize the **Token** you’ll download in the next step. 6. Click **Add** **Connector**. 7. Copy and save the **Token** and **Webhook URL** values. Click **Download** **File** to download the SSL Certificate and **Custom** **Template** as you will need these files when configuring the HTTPS source. 8. Click **Done** to save your changes. ### Set up NSS Cloud Integration with the Radiant Security Connector Some log types have specific parameters, please refer to the table at the end of this section to check those parameters. 1. Log in to the ZScaler admin portal and go to the **Administration > Nanolog streaming service > Cloud NSS Feed** section.

2. Click **Add** **Cloud NSS** **Feed**.

3. Enter the following information: * Enter the feed name, preferably with the `radiantSecurity_` prefix to easily identify the feed.

* Select **NSS for Web** in the **NSS Type** field. * **Select the SIEM destination type**: **Other.** * For **SIEM** **Rate**, select **Unlimited**. * **Max Batch Size**: `1024 KB` * For the **API URL** field, enter the **Webhook URL** provided during the Radiant Connector setup. * Under **HTTP** **Headers**, add a new header with the following parameters: * **Name**: `rs_token` * **Value**: enter the `Token` value provided during the Radiant Connector setup * For **Log** **Type**, select **Web Log**. * For **Feed** **Output** Type, select **Custom**. * **Feed Escape Character**: **`\",`** * **Feed Output Format**: * Paste the format according to the log type selected. The custom formats can be found on the **Custom** **Templates** file that you downloaded during the Radiant Security data connector setup.

* Set the **Timezone** to **GMT**. * Click **Save**. * Click **Activate**. 4. Repeat **step 2** for each log type listed in the table below. Some log types require additional parameters, as indicated in the table. | **Log Type** | **Parameters** | | --------------------------- | ------------------------------------------------------------------------------------------------------ | | Web Logs | NSS Type: NSS for Web | | Firewall Logs |

NSS Type: NSS for Firewall
Log Domain: Firewall
Firewall Log Type: Aggregate Logs

NSS Type: NSS for Web
Record Type: Tunnel Event

| | SaaS Security Logs |

NSS Type: NSS for Web
Application Category: Select all the application categories that apply

| | SaaS Security Activity Logs | NSS Type: NSS for Web | | Endpoint DLP Logs | NSS Type: NSS for Web | | Email DLP Logs | NSS Type: NSS for Web | | Alerts | Default Settings | --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://help.radiantsecurity.ai/radiant-connectors/data-connectors/zscaler-cloud-nss-feed.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.