Zscaler Private Access - Learn more about collecting Zscaler Private Access logs using a Syslog Collector applet and content pack integration in Cortex Cloud. - Administrator Guide - Cortex CLOUD

Cortex Cloud Runtime Security Documentation
Product
Cortex Cloud Application Security > Cortex CLOUD
License
Cloud Runtime Security
Creation date
2024-12-24
Last date published
2026-06-04
Category
Administrator Guide
Abstract

Learn more about collecting Zscaler Private Access logs using a Syslog Collector applet and content pack integration in Cortex Cloud.

You can configure collecting Zscaler Private Access logs using a Broker VM Syslog Collector applet or with a content pack integration:

Zscaler Private Access vendor

Description

Syslog Collector applet overview

If you use Zscaler Private Access (ZPA) in your network as an alternative to VPNs, you can forward your network logs to Cortex Cloud from Zscaler Private Access using the Broker VM Syslog Collector applet in a LEEF format.

Link to Syslog Collector applet instructions

Ingest logs from Zscaler Private Access

Link to content pack/integration instructions

The ZscalerZPA content pack provides data modeling capabilities for event logs ingested from the Zscaler Private Access (ZPA) service, which enables secure access to internal applications and services. It includes the Zscaler Private Access Modeling Rule. Event collection relies on configuring the generic Syslog Collector on the Broker VM.