Cribl Search Pack for Zscaler: Setup & security dashboard walkthrough

Learn how to install and configure the Cribl Search Pack for Zscaler, then walk through prebuilt dashboards for your Zscaler security logs. This video is for security engineers, Zscaler administrators, and SOC/observability teams using Cribl Search to monitor and investigate Zscaler activity.

In this walkthrough, you’ll see:

• How to add the Zscaler pack from the Cribl Dispensary and open it in Cribl Search
• How to choose the correct data types (raw vs. Zscaler pack data) so your dashboards parse correctly
• How to adjust macros to match your environment’s naming and datasets
• Overview dashboards for Email DLP logs, CASB logs, VPN tunnel logs, firewall logs, web logs, DNS logs, and Zscaler audit logs
• How to use time range and user selectors to narrow your views
• What outliers to watch for, like unexpected countries, unusual users, or new top queried domains
• How to set up alerts on saved searches for high-priority events

If you need a reminder or want to share feedback on the pack, you can always refer to the README bundled with the pack or reach out to the Cribl team.

00:03 Overview: Cribl Search Pack for Zscaler

00:19 Installing the pack from the Dispensary

00:29 Configuration basics & data types

01:05 Macros and README for the Zscaler pack

01:43 Verifying datasets and data types

02:11 Email DLP logs dashboard overview

02:59 CASB logs dashboard overview

03:19 VPN tunnel logs dashboard overview

03:53 Firewall logs dashboard: allowed vs. blocked traffic

05:04 Web logs dashboard and threat monitoring

05:23 DNS logs dashboard and top queried domains

05:59 Audit logs dashboard & admin activity

06:22 Setting alerts and closing thoughts

## Follow Cribl

LinkedIn: https://www.linkedin.com/company/cribl/
Twitter: https://www.twitter.com/cribl_io
Sign up for a Cribl.Cloud account: https://cribl.cloud/signup/
Learn more about Cribl: https://cribl.io