Zscaler Security

the zscaler security connector facilitates seamless integration of zscaler's cloud security services with automated workflows, enhancing threat protection and policy enforcement zscaler security is a cloud based information security company that provides an integrated platform of web security, advanced threat protection, and data protection the zscaler security turbine connector enables users to automate policy management and threat response, streamlining security operations within the swimlane turbine platform by integrating with zscaler security, users can dynamically manage firewall rules, ip groups, network services, and url categories, as well as perform url lookups and sandbox analyses, enhancing their security posture and response capabilities prerequisites to effectively utilize the zscaler security connector with swimlane turbine, ensure you have the following prerequisites client credentials and tenant id authentication with these parameters url endpoint for zscaler api access client id unique identifier for client authentication client secret secret key associated with the client id tenant id identifier for the tenant space within zscaler scope permissions scope for the api access api key authentication with these parameters url endpoint for zscaler api access username account username for zscaler login password account password for zscaler login api token personal token for api requests client credential flow authentication authentication uses azure application oauth2 you will need an admin account in azure to create the application recommended application permissions (feel free use custom permissions if you only use certain actions) user readwrite all directory readwrite all directory accessasuser all securityevents read all securityevents readwrite all mail readwrite mail send sites readwrite all files readwrite all auditlog read all mail readbasic all securityanalyzedmessage readwrite all securityalert readwrite all user manageidentities all, user enabledisableaccount all, and so on sites readwrite all is needed by sharepoint actions only in order to set up the asset, you need the following azure application client id azure application client secret azure tenant id steps to create the azure app go to the app registration page https //portal azure com/#blade/microsoft aad registeredapps/applicationslistblade in the azure portal click new registration enter a name for your new application and choose accounts in this organizational directory only , then click register at the bottom navigate to the api permissions tab on the left navigation menu select add a permission select microsoft graph select application permissions , then mark all the permissions you need for the actions you are using (see suggested permissions at the top of the asset setup section) click the add permissions button at the bottom of the page select grant admin consent for your organization, then your permissions should look as below navigate to the certificates & secrets tab and select new client secret fill out the description and expiration, then click the add button at the bottom the value of the secret you just created is the client secret needed for the swimlane asset navigate to the overview tab on the left menu the client id and tenant id needed in the asset are shown on this page the client id , tenant id , and client secret described in the steps above are the credentials you need for the asset capabilities the zscaler connector has the following capabilities activate changes block urls unblock urls create url category get url category get md5 report update url category url lookup add url to category remove url from category get firewall filtering policy rules add firewall filtering policy rule update firewall filtering policy rule delete firewall filtering policy rule add ip source group and so on actions setup firewall and ip destination actions the following actions have enumerated inputs types add firewall filtering policy rule update firewall filtering policy rule add ip destination group update ip destination group you can find listed below all the possible values for the following inputs destination ip categories any none other adult material adult themes lingerie bikini nudity pornography sexuality adult sex education k 12 sex education social adult other threat phishing botnet malware site and so on destination countries any none country ad country ae country af country ag country ai country al country am country an country ao country aq country ar country as country at and so on network service actions below are listed all the possible values for enumerated inputs types for add network service and update network service actions tag icmp any udp any tcp any other network service dns netbios ftp gnutella h 323 http https ike imap ils ike nat and so on configurations api key authentication authenticates using an api key configuration parameters parameter description type required url a url to the target host string required username username string required secret password string required api key api token string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional zscaler microsoft graph api asset tenant id authenticates using client credentials and tenant id configuration parameters parameter description type required url a url to the target host string required tenant id the tenant id string required client id the client id string required client secret the client secret string required scope list of permission scopes for this action array required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions activate configuration changes applies the latest configuration changes in zscaler security to ensure immediate effect endpoint url api/v1/status/activate method post output parameter type description status code number http status code of the response reason string response reason phrase status string status value example \[ { "status code" 200, "response headers" { "strict transport security" "max age=31622400;includesubdomains;preload", "x frame options" "sameorigin", "x content type options" "nosniff", "x xss protection" "1; mode=block", "content disposition" "attachment; filename=\\"api json\\"", "x zscaler mode" "read write", "cache control" "no store, no cache", "content type" "application/json", "content length" "19", "date" "wed, 13 mar 2024 18 34 56 gmt", "server" "zscaler" }, "reason" "", "json body" { "status" "active" } } ] add firewall filtering policy rule adds a new firewall filtering policy rule to zscaler security, specifying name, order, action, and rank endpoint url api/v1/firewallfilteringrules method post input argument name type required description name string required name of the resource order number required parameter for add firewall filtering policy rule rank number required parameter for add firewall filtering policy rule defaultrule boolean optional parameter for add firewall filtering policy rule predefined boolean optional parameter for add firewall filtering policy rule action string required parameter for add firewall filtering policy rule output parameter type description status code number http status code of the response reason string response reason phrase enablefulllogging boolean output field enablefulllogging id number unique identifier name string name of the resource order number output field order rank number output field rank action string output field action state string output field state destipcategories array output field destipcategories destcountries array output field destcountries file name string name of the resource file string output field file predefined boolean output field predefined defaultrule boolean output field defaultrule example \[ { "status code" 200, "response headers" { "strict transport security" "max age=31622400;includesubdomains;preload", "x frame options" "sameorigin", "x content type options" "nosniff", "x xss protection" "1; mode=block", "x zscaler mode" "read write", "content disposition" "attachment; filename=\\"api json\\"", "cache control" "no store", "content type" "application/json", "content length" "207", "date" "tue, 29 nov 2022 21 31 19 gmt", "server" "zscaler" }, "reason" "", "json body" { "enablefulllogging" false, "id" 325899, "name" "ip group source 711", "order" 1, "rank" 7, "action" "allow", "state" "enabled", "destipcategories" \[], "destcountries" \[], "predefined" false, "defaultrule" false } } ] add ip destination group adds a new ip destination group to zscaler security for streamlined management of ip address collections endpoint url api/v1/ipdestinationgroups method post input argument name type required description name string optional name of the resource type string optional type of the resource addresses array optional parameter for add ip destination group description string optional parameter for add ip destination group ipcategories array optional parameter for add ip destination group countries array optional parameter for add ip destination group isnoneditable boolean optional parameter for add ip destination group output parameter type description status code number http status code of the response reason string response reason phrase id number unique identifier name string name of the resource type string type of the resource addresses array output field addresses description string output field description ipcategories array output field ipcategories countries array output field countries isnoneditable boolean output field isnoneditable example \[ { "status code" 200, "response headers" { "strict transport security" "max age=31622400;includesubdomains;preload", "x frame options" "sameorigin", "x content type options" "nosniff", "x xss protection" "1; mode=block", "x zscaler mode" "read write", "content disposition" "attachment; filename=\\"api json\\"", "cache control" "no store", "content type" "application/json", "content length" "170", "date" "tue, 29 nov 2022 19 06 37 gmt", "server" "zscaler" }, "reason" "", "json body" { "id" 17531270, "name" "test", "type" "dstn ip", "addresses" \[], "description" "string", "ipcategories" \[], "countries" \[], "isnoneditable" true } } ] add ip source group adds a new ip source group to zscaler security using the specified name in the json body endpoint url api/v1/ipsourcegroups method post input argument name type required description name string required name of the resource ipaddresses array optional parameter for add ip source group description string optional parameter for add ip source group isnoneditable boolean optional parameter for add ip source group output parameter type description status code number http status code of the response reason string response reason phrase id number unique identifier name string name of the resource ipaddresses array output field ipaddresses description string output field description isnoneditable boolean output field isnoneditable example \[ { "status code" 200, "response headers" { "strict transport security" "max age=31622400;includesubdomains;preload", "x frame options" "sameorigin", "x content type options" "nosniff", "x xss protection" "1; mode=block", "x zscaler mode" "read write", "content disposition" "attachment; filename=\\"api json\\"", "cache control" "no store", "content type" "application/json", "content length" "122", "date" "tue, 29 nov 2022 20 13 49 gmt", "server" "zscaler" }, "reason" "", "json body" { "id" 17531274, "name" "unique name in here", "ipaddresses" \[], "description" "a description", "isnoneditable" false } } ] add network service create a new network service in zscaler security by specifying at least one destination tcp or udp port endpoint url api/v1/networkservices method post input argument name type required description name string optional name of the resource srctcpports array optional parameter for add network service file name string required name of the resource file string required parameter for add network service desttcpports array optional parameter for add network service start number optional parameter for add network service end number optional parameter for add network service type string optional type of the resource creatorcontext string optional parameter for add network service isnamel10ntag boolean optional name of the resource srcudpports array optional parameter for add network service start number optional parameter for add network service end number optional parameter for add network service destudpports array optional parameter for add network service start number optional parameter for add network service end number optional parameter for add network service description string optional parameter for add network service output parameter type description status code number http status code of the response reason string response reason phrase id number unique identifier name string name of the resource srctcpports array output field srctcpports file name string name of the resource file string output field file desttcpports array output field desttcpports start number output field start end number output field end srcudpports array output field srcudpports start number output field start end number output field end destudpports array output field destudpports start number output field start end number output field end type string type of the resource description string output field description creatorcontext string output field creatorcontext isnamel10ntag boolean name of the resource example \[ { "status code" 200, "response headers" { "strict transport security" "max age=31622400;includesubdomains;preload", "x frame options" "sameorigin", "x content type options" "nosniff", "x xss protection" "1; mode=block", "x zscaler mode" "read write", "content disposition" "attachment; filename=\\"api json\\"", "cache control" "no store", "content type" "application/json", "content length" "296", "date" "tue, 29 nov 2022 14 22 17 gmt", "server" "zscaler" }, "reason" "", "json body" { "id" 17531231, "name" "renamed network service1234", "srctcpports" \[], "desttcpports" \[], "srcudpports" \[], "destudpports" \[], "type" "custom", "description" "a description", "creatorcontext" "zia", "isnamel10ntag" false } } ] blacklist urls adds or removes urls from the zscaler denylist, requiring an action parameter (add to list/remove from list) and blacklisturls endpoint url api/v1/security/advanced/blacklisturls method post input argument name type required description action string required the action applied to the advanced threat protection policy’s denylist (i e , adding a url or removing a url) blacklisturls array required urls on the denylist for your organization allow up to 25000 urls output parameter type description status code number http status code of the response reason string response reason phrase blacklisturls array url endpoint for the request example \[ { "status code" 200, "response headers" { "content type" "application/json", "content length" "160", "connection" "keep alive", "strict transport security" "max age=31622400;includesubdomains;preload", "x frame options" "sameorigin", "x content type options" "nosniff", "x xss protection" "1; mode=block", "cache control" "no store, no cache", "content disposition" "attachment; filename=\\"api json\\"", "x zscaler mode" "read write", "date" "fri, 13 sep 2024 13 39 32 gmt", "server" "zscaler", "x cache" "miss from cloudfront", "via" "1 1 80b8b1b9b894db76db52fa97ad6ed63a cloudfront net (cloudfront)", "x amz cf pop" "hyd57 p4" }, "reason" "", "json body" { "blacklisturls" \[] } } ] create url category creates a new url category in zscaler security with a specified id from the json body input endpoint url api/v1/urlcategories method post input argument name type required description id string required unique identifier supercategory string optional parameter for create url category configuredname string optional name of the resource keywords array optional parameter for create url category keywordsretainingparentcategory array optional parameter for create url category urls array optional url endpoint for the request dbcategorizedurls array optional url endpoint for the request customcategory boolean optional parameter for create url category editable boolean optional parameter for create url category description string optional parameter for create url category type string optional type of the resource urlkeywordcounts object optional url endpoint for the request totalurlcount number optional url endpoint for the request retainparenturlcount number optional url endpoint for the request totalkeywordcount number optional count value retainparentkeywordcount number optional count value customurlscount number optional url endpoint for the request output parameter type description status code number http status code of the response reason string response reason phrase id string unique identifier configuredname string name of the resource supercategory string output field supercategory keywords array output field keywords file name string name of the resource file string output field file keywordsretainingparentcategory array output field keywordsretainingparentcategory urls array url endpoint for the request file name string name of the resource file string output field file dbcategorizedurls array url endpoint for the request file name string name of the resource file string output field file customcategory boolean output field customcategory editable boolean output field editable description string output field description type string type of the resource val number output field val customurlscount number url endpoint for the request urlsretainingparentcategorycount number url endpoint for the request customiprangescount number count value iprangesretainingparentcategorycount number count value example \[ { "status code" 200, "response headers" { "strict transport security" "max age=31622400;includesubdomains;preload", "x frame options" "sameorigin", "x content type options" "nosniff", "x xss protection" "1; mode=block", "x zscaler mode" "read write", "content disposition" "attachment; filename=\\"api json\\"", "cache control" "no store", "content type" "application/json", "content length" "407", "date" "tue, 29 nov 2022 18 07 45 gmt", "server" "zscaler" }, "reason" "", "json body" { "id" "custom 11", "configuredname" "string", "supercategory" "news and media", "keywords" \[], "keywordsretainingparentcategory" \[], "urls" \[], "dbcategorizedurls" \[], "customcategory" true, "editable" true, "description" "string", "type" "url category", "val" 138, "customurlscount" 0, "urlsretainingparentcategorycount" 0, "customiprangescount" 0 } } ] delete firewall filtering policy rule removes a specific firewall filtering policy rule from zscaler security using the provided rule id endpoint url api/v1/firewallfilteringrules/{{rule id}} method delete input argument name type required description rule id string required unique identifier output parameter type description status code number http status code of the response reason string response reason phrase response text string output field response text example \[ { "status code" 204, "response headers" { "strict transport security" "max age=31622400;includesubdomains;preload", "x frame options" "sameorigin", "x content type options" "nosniff", "x xss protection" "1; mode=block", "x zscaler mode" "read write", "content disposition" "attachment; filename=\\"api json\\"", "cache control" "no store", "date" "tue, 29 nov 2022 21 36 53 gmt", "server" "zscaler" }, "reason" "", "response text" "" } ] delete ip destination group removes a specified ip destination group from zscaler security using the unique ip group id endpoint url api/v1/ipdestinationgroups/{{ip group id}} method delete input argument name type required description ip group id string required unique identifier output parameter type description status code number http status code of the response reason string response reason phrase response text string output field response text example \[ { "status code" 204, "response headers" { "strict transport security" "max age=31622400;includesubdomains;preload", "x frame options" "sameorigin", "x content type options" "nosniff", "x xss protection" "1; mode=block", "x zscaler mode" "read write", "content disposition" "attachment; filename=\\"api json\\"", "cache control" "no store", "date" "tue, 29 nov 2022 19 40 10 gmt", "server" "zscaler" }, "reason" "", "response text" "" } ] delete ip source group removes a specified ip source group from zscaler security using the unique ip group id provided endpoint url /api/v1/ipsourcegroups/{{ip group id}} method delete input argument name type required description ip group id string required unique identifier output parameter type description status code number http status code of the response reason string response reason phrase response text string output field response text example \[ { "status code" 204, "response headers" { "strict transport security" "max age=31622400;includesubdomains;preload", "x frame options" "sameorigin", "x content type options" "nosniff", "x xss protection" "1; mode=block", "x zscaler mode" "read write", "content disposition" "attachment; filename=\\"api json\\"", "cache control" "no store", "date" "tue, 29 nov 2022 20 18 10 gmt", "server" "zscaler" }, "reason" "", "response text" "" } ] delete network service removes a specified network service from zscaler security using the provided network service id endpoint url api/v1/networkservices/{{network service id}} method delete input argument name type required description network service id string required unique identifier output parameter type description status code number http status code of the response reason string response reason phrase response text string output field response text example \[ { "status code" 204, "response headers" { "strict transport security" "max age=31622400;includesubdomains;preload", "x frame options" "sameorigin", "x content type options" "nosniff", "x xss protection" "1; mode=block", "x zscaler mode" "read write", "content disposition" "attachment; filename=\\"api json\\"", "cache control" "no store", "date" "tue, 29 nov 2022 14 16 27 gmt", "server" "zscaler" }, "reason" "", "response text" "" } ] get firewall filtering policy rules retrieves all rules within the firewall filtering policy for a specified rule id in zscaler security endpoint url api/v1/firewallfilteringrules/{{rule id}} method get input argument name type required description rule id string required unique identifier name string optional name of the resource output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" { "strict transport security" "max age=31622400;includesubdomains;preload", "x frame options" "sameorigin", "x content type options" "nosniff", "x xss protection" "1; mode=block", "x zscaler mode" "read write", "content disposition" "attachment; filename=\\"api json\\"", "cache control" "no store", "vary" "accept encoding", "content type" "application/json", "content length" "5462", "date" "tue, 29 nov 2022 20 54 52 gmt", "server" "zscaler" }, "reason" "", "json body" \[ { "accesscontrol" "read write", "enablefulllogging" false, "id" 92329, "name" "default firewall filtering rule", "order" 1, "rank" 7, "action" "block drop", "state" "enabled", "destipcategories" \[], "destcountries" \[], "predefined" false, "defaultrule" true }, { "accesscontrol" "read write", "enablefulllogging" true, "id" 92332, "name" "office 365 one click rule", "order" 2, "rank" 7, "action" "allow", "state" "enabled", "destipcategories" \[], "destcountries" \[], "appservicegroups" \[ { "id" 1, "name" "office365", "isnamel10ntag" true } ], "predefined" true, "defaultrule" false }, { "accesscontrol" "read write", "enablefulllogging" true, "id" 92333, "name" "recommended firewall rule", "order" 15, "rank" 7, "action" "allow", "state" "enabled", "destipcategories" \[], "destcountries" \[], "nwservices" \[ { "id" 124834, "name" "dns", "isnamel10ntag" true }, { "id" 124844, "name" "http", "isnamel10ntag" true }, { "id" 124846, "name" "https", "isnamel10ntag" true } ], "predefined" false, "defaultrule" false } ] } ] get ip destination groups retrieve details for a specific ip destination group in zscaler security using the provided unique group id endpoint url api/v1/ipdestinationgroups/{{ip group id}} method get input argument name type required description ip group id string required unique identifier output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" { "strict transport security" "max age=31622400;includesubdomains;preload", "x frame options" "sameorigin", "x content type options" "nosniff", "x xss protection" "1; mode=block", "x zscaler mode" "read write", "content disposition" "attachment; filename=\\"api json\\"", "cache control" "no store", "vary" "accept encoding", "content type" "application/json", "content length" "2503", "date" "tue, 29 nov 2022 19 16 21 gmt", "server" "zscaler" }, "reason" "", "json body" \[ { "id" 13124033, "name" "my frist ip dest group ips", "type" "dstn ip", "addresses" \[ "128 0 0 1" ], "description" "string", "creatorcontext" "zia", "ipcategories" \[], "countries" \[], "urlcategories" \[], "ipaddresses" \[ "128 0 0 1" ] }, { "id" 13124106, "name" "the ip destination group name ips", "type" "dstn ip", "addresses" \[ "128 0 0 1" ], "description" "a description", "creatorcontext" "zia", "ipcategories" \[], "countries" \[], "urlcategories" \[], "ipaddresses" \[ "128 0 0 1" ] }, { "id" 13124108, "name" "the ip destination group name2", "type" "dstn other", "addresses" \[], "creatorcontext" "zia", "ipcategories" \[ "custom 02" ], "countries" \[], "urlcategories" \[ "custom 02" ], "ipaddresses" \[] } ] } ] get ip source groups retrieves a list of ip source groups from zscaler security using the specified ip group id for targeted information endpoint url api/v1/ipsourcegroups/{{ip group id}} method get input argument name type required description ip group id string required unique identifier output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" { "strict transport security" "max age=31622400;includesubdomains;preload", "x frame options" "sameorigin", "x content type options" "nosniff", "x xss protection" "1; mode=block", "x zscaler mode" "read write", "content disposition" "attachment; filename=\\"api json\\"", "cache control" "no store", "vary" "accept encoding", "content type" "application/json", "content length" "1461", "date" "tue, 29 nov 2022 19 48 09 gmt", "server" "zscaler" }, "reason" "", "json body" \[ { "id" 13016072, "name" "my new ip source group", "ipaddresses" \[ "200 148 123 123", "200 148 123 10" ], "creatorcontext" "zia" }, { "id" 13016074, "name" "my new ip source group with id", "ipaddresses" \[ "200 148 123 10", "200 148 123 123" ], "description" "my new ip source group description", "creatorcontext" "zia" }, { "id" 13016076, "name" "my new ip source group with id2", "ipaddresses" \[ "200 148 123 123", "200 148 123 10" ], "description" "my new ip source group description", "creatorcontext" "zia" } ] } ] get network services retrieve a list of network services or specific service details from zscaler security, with an option to filter by service id endpoint url /api/v1/networkservices method get input argument name type required description network service id string optional unique identifier output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" { "strict transport security" "max age=31622400;includesubdomains;preload", "x frame options" "sameorigin", "x content type options" "nosniff", "x xss protection" "1; mode=block", "x zscaler mode" "read write", "content disposition" "attachment; filename=\\"api json\\"", "cache control" "no store", "vary" "accept encoding", "content type" "application/json", "transfer encoding" "chunked", "date" "mon, 28 nov 2022 20 35 40 gmt", "server" "zscaler" }, "reason" "", "json body" \[ { "id" 124826, "name" "icmp any", "tag" "icmp any", "type" "standard", "description" "icmp any desc", "creatorcontext" "zia", "isnamel10ntag" true }, { "id" 124828, "name" "udp any", "tag" "udp any", "srcudpports" \[], "destudpports" \[], "type" "standard", "description" "udp any desc", "creatorcontext" "zia", "isnamel10ntag" true }, { "id" 124830, "name" "tcp any", "tag" "tcp any", "srctcpports" \[], "desttcpports" \[], "type" "standard", "description" "tcp any desc", "creatorcontext" "zia", "isnamel10ntag" true } ] } ] get url categories retrieve and classify web content by obtaining a list of url categories from zscaler security endpoint url api/v1/urlcategories method get input argument name type required description data body object optional data body headers object optional request headers output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" { "strict transport security" "max age=31622400;includesubdomains;preload", "x frame options" "sameorigin", "x content type options" "nosniff", "x xss protection" "1; mode=block", "x zscaler mode" "read write", "content disposition" "attachment; filename=\\"api json\\"", "cache control" "no store", "vary" "accept encoding", "content type" "application/json", "transfer encoding" "chunked", "date" "tue, 29 nov 2022 15 41 09 gmt", "server" "zscaler" }, "reason" "", "json body" \[ { "id" "other adult material", "urls" \[], "dbcategorizedurls" \[], "customcategory" false, "editable" true, "description" "other adult material desc", "type" "url category", "val" 1, "customurlscount" 0, "urlsretainingparentcategorycount" 0, "customiprangescount" 0, "iprangesretainingparentcategorycount" 0 }, { "id" "adult themes", "urls" \[], "dbcategorizedurls" \[], "customcategory" false, "editable" true, "description" "adult themes desc", "type" "url category", "val" 2, "customurlscount" 0, "urlsretainingparentcategorycount" 0, "customiprangescount" 0, "iprangesretainingparentcategorycount" 0 }, { "id" "lingerie bikini", "urls" \[], "dbcategorizedurls" \[], "customcategory" false, "editable" true, "description" "lingerie bikini desc", "type" "url category", "val" 3, "customurlscount" 0, "urlsretainingparentcategorycount" 0, "customiprangescount" 0, "iprangesretainingparentcategorycount" 0 } ] } ] sandbox get md5 report retrieve a detailed sandbox report for a specific md5 hash from zscaler security using the required path parameter endpoint url api/v1/sandbox/report/{{md5}} method get input argument name type required description md5 string required parameter for sandbox get md5 report output parameter type description status code number http status code of the response reason string response reason phrase summary string output field summary example \[ { "status code" 200, "response headers" { "strict transport security" "max age=31622400;includesubdomains;preload", "x frame options" "sameorigin", "x content type options" "nosniff", "x xss protection" "1; mode=block", "x zscaler mode" "read write", "content disposition" "attachment; filename=\\"api json\\"", "cache control" "no store", "content type" "application/json", "content length" "90", "date" "tue, 29 nov 2022 21 40 34 gmt", "server" "zscaler" }, "reason" "", "json body" { "summary" "md5 is unknown or analysis has yet not been completed please try again later" } } ] update firewall filtering policy rule updates a firewall filtering policy rule in zscaler security by rule id, including details like name, action, order, and rank endpoint url api/v1/firewallfilteringrules/{{rule id}} method put input argument name type required description rule id string required unique identifier name string required name of the resource order number required parameter for update firewall filtering policy rule rank number required parameter for update firewall filtering policy rule defaultrule boolean optional parameter for update firewall filtering policy rule predefined boolean optional parameter for update firewall filtering policy rule action string required parameter for update firewall filtering policy rule output parameter type description status code number http status code of the response reason string response reason phrase enablefulllogging boolean output field enablefulllogging id number unique identifier name string name of the resource order number output field order rank number output field rank action string output field action state string output field state destipcategories array output field destipcategories destcountries array output field destcountries file name string name of the resource file string output field file predefined boolean output field predefined defaultrule boolean output field defaultrule example \[ { "status code" 200, "response headers" { "strict transport security" "max age=31622400;includesubdomains;preload", "x frame options" "sameorigin", "x content type options" "nosniff", "x xss protection" "1; mode=block", "x zscaler mode" "read write", "content disposition" "attachment; filename=\\"api json\\"", "cache control" "no store", "content type" "application/json", "content length" "206", "date" "tue, 29 nov 2022 21 27 11 gmt", "server" "zscaler" }, "reason" "", "json body" { "enablefulllogging" false, "id" 248300, "name" "ip group source 71", "order" 1, "rank" 7, "action" "allow", "state" "enabled", "destipcategories" \[], "destcountries" \[], "predefined" false, "defaultrule" false } } ] update ip destination group updates an existing ip destination group in zscaler security by using the specified group id endpoint url api/v1/ipdestinationgroups/{{ip group id}} method put input argument name type required description ip group id string required unique identifier name string optional name of the resource type string optional type of the resource addresses array optional parameter for update ip destination group description string optional parameter for update ip destination group ipcategories array optional parameter for update ip destination group countries array optional parameter for update ip destination group isnoneditable boolean optional parameter for update ip destination group output parameter type description status code number http status code of the response reason string response reason phrase id number unique identifier name string name of the resource type string type of the resource addresses array output field addresses description string output field description creatorcontext string output field creatorcontext ipcategories array output field ipcategories countries array output field countries example \[ { "status code" 200, "response headers" { "strict transport security" "max age=31622400;includesubdomains;preload", "x frame options" "sameorigin", "x content type options" "nosniff", "x xss protection" "1; mode=block", "x zscaler mode" "read write", "content disposition" "attachment; filename=\\"api json\\"", "cache control" "no store", "content type" "application/json", "content length" "172", "date" "tue, 29 nov 2022 19 36 30 gmt", "server" "zscaler" }, "reason" "", "json body" { "id" 17531270, "name" "test", "type" "dstn ip", "addresses" \[], "description" "string", "creatorcontext" "zia", "ipcategories" \[], "countries" \[] } } ] update ip source group updates an existing ip source group in zscaler security using the specified ip group id endpoint url api/v1/ipsourcegroups/{{ip group id}} method put input argument name type required description ip group id string required unique identifier name string optional name of the resource ipaddresses array optional parameter for update ip source group description string optional parameter for update ip source group isnoneditable boolean optional parameter for update ip source group output parameter type description status code number http status code of the response reason string response reason phrase id number unique identifier name string name of the resource ipaddresses array output field ipaddresses description string output field description creatorcontext string output field creatorcontext example \[ { "status code" 200, "response headers" { "strict transport security" "max age=31622400;includesubdomains;preload", "x frame options" "sameorigin", "x content type options" "nosniff", "x xss protection" "1; mode=block", "x zscaler mode" "read write", "content disposition" "attachment; filename=\\"api json\\"", "cache control" "no store", "content type" "application/json", "content length" "106", "date" "tue, 29 nov 2022 20 07 11 gmt", "server" "zscaler" }, "reason" "", "json body" { "id" 14570789, "name" "string", "ipaddresses" \[], "description" "anythings", "creatorcontext" "zia" } } ] update network service updates a specified network service in zscaler security using the provided network service id endpoint url api/v1/networkservices/{{network service id}} method put input argument name type required description network service id string required unique identifier name string optional name of the resource srctcpports array optional parameter for update network service file name string required name of the resource file string required parameter for update network service desttcpports array optional parameter for update network service start number optional parameter for update network service end number optional parameter for update network service type string optional type of the resource creatorcontext string optional parameter for update network service isnamel10ntag boolean optional name of the resource srcudpports array optional parameter for update network service start number optional parameter for update network service end number optional parameter for update network service destudpports array optional parameter for update network service start number optional parameter for update network service end number optional parameter for update network service description string optional parameter for update network service output parameter type description status code number http status code of the response reason string response reason phrase id number unique identifier name string name of the resource srctcpports array output field srctcpports file name string name of the resource file string output field file desttcpports array output field desttcpports start number output field start end number output field end srcudpports array output field srcudpports start number output field start end number output field end destudpports array output field destudpports start number output field start end number output field end type string type of the resource description string output field description creatorcontext string output field creatorcontext isnamel10ntag boolean name of the resource example \[ { "status code" 200, "response headers" { "strict transport security" "max age=31622400;includesubdomains;preload", "x frame options" "sameorigin", "x content type options" "nosniff", "x xss protection" "1; mode=block", "x zscaler mode" "read write", "content disposition" "attachment; filename=\\"api json\\"", "cache control" "no store", "content type" "application/json", "content length" "307", "date" "tue, 29 nov 2022 15 37 27 gmt", "server" "zscaler" }, "reason" "", "json body" { "id" 17531231, "name" "renamed this network service1234", "srctcpports" \[], "desttcpports" \[], "srcudpports" \[], "destudpports" \[], "type" "custom", "description" "a description again", "creatorcontext" "zia", "isnamel10ntag" false } } ] update url category updates a specified url category in zscaler security by adding or removing items, requiring the url category id and action parameters endpoint url api/v1/urlcategories/{{url category id}} method put input argument name type required description url category id string required url endpoint for the request action string required parameter for update url category configuredname string optional name of the resource keywords array optional parameter for update url category keywordsretainingparentcategory array optional parameter for update url category urls array optional url endpoint for the request dbcategorizedurls array optional url endpoint for the request customcategory boolean optional parameter for update url category editable boolean optional parameter for update url category description string optional parameter for update url category type string optional type of the resource urlkeywordcounts object optional url endpoint for the request totalurlcount number optional url endpoint for the request retainparenturlcount number optional url endpoint for the request totalkeywordcount number optional count value retainparentkeywordcount number optional count value customurlscount number optional url endpoint for the request urlsretainingparentcategorycount number optional url endpoint for the request iprangesretainingparentcategorycount number optional count value output parameter type description status code number http status code of the response reason string response reason phrase id string unique identifier keywords array output field keywords file name string name of the resource file string output field file keywordsretainingparentcategory array output field keywordsretainingparentcategory urls array url endpoint for the request file name string name of the resource file string output field file dbcategorizedurls array url endpoint for the request customcategory boolean output field customcategory editable boolean output field editable description string output field description type string type of the resource val number output field val customurlscount number url endpoint for the request urlsretainingparentcategorycount number url endpoint for the request customiprangescount number count value iprangesretainingparentcategorycount number count value example \[ { "status code" 200, "response headers" { "strict transport security" "max age=31622400;includesubdomains;preload", "x frame options" "sameorigin", "x content type options" "nosniff", "x xss protection" "1; mode=block", "x zscaler mode" "read write", "content disposition" "attachment; filename=\\"api json\\"", "cache control" "no store", "content type" "application/json", "content length" "360", "date" "tue, 29 nov 2022 17 11 42 gmt", "server" "zscaler" }, "reason" "", "json body" { "id" "lingerie bikini", "keywords" \[], "keywordsretainingparentcategory" \[], "urls" \[], "dbcategorizedurls" \[], "customcategory" false, "editable" true, "description" "lingerie bikini desc", "type" "url category", "val" 3, "customurlscount" 0, "urlsretainingparentcategorycount" 1, "customiprangescount" 0, "iprangesretainingparentcategorycount" 0 } } ] url lookup retrieve zscaler's default classification for a specified set of urls using the json body input endpoint url /api/v1/urllookup method post input argument name type required description urls array required the given set of urls to be looked up (e g , \['abc com', 'xyz com']) output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" { "content type" "application/json", "content length" "233", "connection" "keep alive", "strict transport security" "max age=31622400;includesubdomains;preload", "x frame options" "sameorigin", "x content type options" "nosniff", "x xss protection" "1; mode=block", "content disposition" "attachment; filename=\\"api json\\"", "cache control" "no store, no cache", "x zscaler mode" "read write", "date" "thu, 26 sep 2024 06 09 52 gmt", "server" "zscaler", "x cache" "miss from cloudfront", "via" "1 1 dbae6b2ce4cce2f7c1803757a782b3e6 cloudfront net (cloudfront)", "x amz cf pop" "hyd57 p4" }, "reason" "", "json body" \[ {}, {} ] } ] response headers header description example alt svc http response header alt svc h3=" 443 "; ma=86400 cache control directives for caching mechanisms no store connection http response header connection keep alive content disposition http response header content disposition attachment; filename="api json" content length the length of the response body in bytes 206 content type the media type of the resource application/json date the date and time at which the message was originated tue, 29 nov 2022 15 37 27 gmt server information about the software used by the origin server zscaler strict transport security http response header strict transport security max age=31622400;includesubdomains;preload transfer encoding http response header transfer encoding chunked vary http response header vary accept encoding via http response header via 1 1 80b8b1b9b894db76db52fa97ad6ed63a cloudfront net (cloudfront) x amz cf id http response header x amz cf id dwq1mn 6 tb7jycia3etj4u0scg hfdtr1g1zounzakkxwzsywtsca== x amz cf pop http response header x amz cf pop hyd57 p4 x cache http response header x cache miss from cloudfront x content type options http response header x content type options nosniff x frame options http response header x frame options sameorigin x xss protection http response header x xss protection 1; mode=block x zscaler mode http response header x zscaler mode read write notes after modifying any configurations, you must activate the changes by using the activate changes action for more details, click here https //help zscaler com/zia/getting started zia api#activatechangeszscaler api https //help zscaler com/zia/api#/