-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathZscaler.json
62 lines (62 loc) · 1.91 KB
/
Zscaler.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
{
"name": "Zscaler",
"author": "Simon Lavigne",
"license": "AGPL-V3",
"url": "https://github.com/xg5-simon/Zscaler-Cortex-Analyzer",
"version": "1.2",
"description": "Check Zscaler category for a domain, fqdn, IP address or FQDN. This analyzer requires a paid subscription to Zscaler ZIA",
"dataTypeList": ["ip", "domain", "url", "fqdn"],
"baseConfig": "Zscaler",
"config": {
"check_tlp": true,
"max_tlp": 2,
"service" : "query"
},
"command": "Zscaler/zscaler_analyzer.py",
"configurationItems": [
{
"name": "username",
"description": "Zscaler username",
"type": "string",
"multi": false,
"required": true
},
{
"name": "password",
"description": "Zscaler password",
"type": "string",
"multi": false,
"required": true
},
{
"name": "api_key",
"description": "API key",
"type": "string",
"multi": false,
"required": true
},
{
"name": "base_uri",
"description": "The base URL of your Zscaler subscription",
"type": "string",
"multi": false,
"required": true
},
{
"name": "malicious_categories",
"description": "List of Zscaler categories to be considered as malicious",
"type": "string",
"multi": true,
"required": true,
"defaultValue": ["PHISHING", "MALWARE_SITE", "BOTNET", "SPYWARE_OR_ADWARE", "ADSPYWARE_SITES", "ADWARE_OR_SPYWARE", "CRYPTOMINING", "WEB_SPAM"]
},
{
"name": "suspicious_categories",
"description": "List of Zscaler categories to be considered as suspicious",
"type": "string",
"multi": true,
"required": true,
"defaultValue": ["SHAREWARE_DOWNLOAD", "REMOTE_ACCESS", "MISCELLANEOUS_OR_UNKNOWN", "NEWLY_REG_DOMAINS", "OTHER_ILLEGAL_OR_QUESTIONABLE", "COPYRIGHT_INFRINGEMENT", "GAMBLING", "COMPUTER_HACKING", "ANONYMIZER", "MISCELLANEOUS_OR_UNKNOWN"]
}
]
}