Network Logs
      Back to home
      1. Radiant Help Center
      2. Getting Started
      3. Network Logs

      ZScaler Cloud NSS Feed

      Configure ZScaler NSS Cloud HTTPS log forwarding to Radiant Security.

      Overview

      In this guide, you will create custom log formats for ZScaler NSS Cloud log configuration. This is required in order to send ZScaler logs to Radiant Security through HTTPS.

      To do this, you’ll need to complete the following steps:

      Add the data connector in Radiant Security

      1.   Log in to Radiant Security.
      2.   From the navigation menu, click Settings > Data Connectors and click + Add Connector.
      3.   Search for and select the Zscaler NSS (webhook) option and then click Data Feeds. Screenshot 2024-12-04 at 12.50.12

       
      4.   Select the ZScaler NSS Cloud data feed and then click Credentials. Screenshot 2024-12-04 at 12.50.58

       
      5.   Under Credential Name, give the credential an identifiable name (e.g. ZScaler NSS - Token ). If you already have a credential in place, select it from the drop-down menu. Click Add Connector.

      6.   In the Connector tag field, enter a random value. This value will act as the salt to randomize the Token you’ll download in the next step.

      7.   Click Add Connector.

      Screenshot 2024-12-04 at 12.51.42

       

      8.   Copy and save the Token and Webhook URL values. Click Download File to download the SSL Certificate and Custom Template as you will need these files when configuring the HTTPS source.    

      9.   Click Done to save your changes.

      Screenshot 2024-12-04 at 12.52.36

       

      Set up NSS Cloud Integration with the Radiant Security Connector

      Some log types have specific parameters, please refer to the table at the end of this section to check those parameters.

      1. Log in to the ZScaler admin portal and go to the Administration > Nanolog streaming service > Cloud NSS Feed section.image(1)
      2. Click Add Cloud NSS Feed.image(2) 
      3. Enter the following information:
        1. Enter the feed name, preferably with the radiantSecurity_ prefix to easily identify the feed.image(3)
        2. Select NSS for Web in the NSS Type field.
        3. Select the SIEM destination type: Other.
        4. For SIEM Rate, select Unlimited.
        5. Max Batch Size: 1024 KB
        6. For the API URL field, enter the Webhook URL provided during the Radiant Connector setup.
        7. Under HTTP Headers, add a new header with the following parameters:
          1. Name: rs_token
          2. Value: enter the Token value provided during the Radiant Connector setup
        8. For Log Type, select Web Log.
        9. For Feed Output Type, select Custom.
        10. Feed Escape Character: \"
        11. Feed Output Format:
          1. Paste the format according to the log type selected. The custom formats can be found on the Custom Templates file that you downloaded during the Radiant Security data connector setup.image(5)
        12. Set the Timezone to GMT.
        13. Click Save.
        14. Click Activate.
          image(6)
      4. Repeat step 2 for each log type listed in the table below. Some log types require additional parameters, as indicated in the table.
        Log Type Parameters
        Web Logs NSS Type: NSS for Web
        Firewall Logs NSS Type: NSS for Firewall
        Log Domain: Firewall
        Firewall Log Type: Aggregate Logs
        DNS Logs Log Domain: Firewall
        Tunnel Logs NSS Type: NSS for Web
        Record Type: Tunnel Event
        SaaS Security Logs NSS Type: NSS for Web
        Application Category: Select all the application categories that apply
        SaaS Security Activity Logs NSS Type: NSS for Web
        Endpoint DLP Logs NSS Type: NSS for Web
        Email DLP Logs NSS Type: NSS for Web
        Alerts Default Settings


      We value your opinion. Did you find this article helpful? Share your thoughts by clicking here or reach to our Product and Customer Success teams at support@radiantsecurity.ai 

       

      Last updated: 2025-01-12