Zscaler Private Access - Learn more about collecting Zscaler Private Access logs using a Syslog Collector applet and content pack integration in Cortex XDR. - Administrator Guide - Cortex XDR - Cortex

Zscaler Private Access - Learn more about collecting Zscaler Private Access logs using a Syslog Collector applet and content pack integration in Cortex XDR. - Administrator Guide - Cortex XDR - Cortex - Security Operations

Cortex XDR 5.x Documentation

Product

Cortex XDR

License

XDR + Cloud

Creation date

2025-07-13

Last date published

2026-06-11

Category

Administrator Guide

Abstract

Learn more about collecting Zscaler Private Access logs using a Syslog Collector applet and content pack integration in Cortex XDR.

You can configure collecting Zscaler Private Access logs using a Broker VM Syslog Collector applet or with a content pack integration:

Zscaler Private Access vendor	Description
Syslog Collector applet overview	If you use Zscaler Private Access (ZPA) in your network as an alternative to VPNs, you can forward your network logs to Cortex XDR from Zscaler Private Access using the Broker VM Syslog Collector applet in a LEEF format.
Link to Syslog Collector applet instructions	Ingest logs from Zscaler Private Access
Link to content pack/integration instructions	The ZscalerZPA content pack provides data modeling capabilities for event logs ingested from the Zscaler Private Access (ZPA) service, which enables secure access to internal applications and services. It includes the `Zscaler Private Access Modeling Rule`. Event collection relies on configuring the generic Syslog Collector on the Broker VM.