Zscaler Internet Access (ZIA)
Zscaler ZIA cloud proxy — NSS web log feed with URL categorization, threat/malware blocking, DLP content inspection, browser isolation, bandwidth throttling, and file type control across 20 users and 16 endpoints.
Quick Start
uv tool install eventum-generator
git clone https://github.com/eventum-generator/content-packs.git
cd content-packs
eventum generate \
--path generators/proxy-zscaler/generator.yml \
--id zscaler-zia \
--live-mode trueEvent Types
| Event ID | Description | Frequency | Category |
|---|---|---|---|
| allowed | Normal allowed web traffic | ~80% | web |
| blocked-policy | Blocked by URL filtering policy | ~8% | web |
| throttled | Bandwidth throttled (streaming) | ~5% | web |
| blocked-security | Blocked by security threat | ~3% | web |
| blocked-filetype | Blocked executable/archive downloads | ~2% | web |
| cautioned-dlp | DLP policy violation detected | ~1.5% | web |
| isolated | Browser Isolation for risky sites | ~0.5% | web |
Realism Features
- Log-normal distributions for request/response byte sizes
- Weighted URL categories across Zscaler's 3-level hierarchy (class/super/sub)
- Realistic TLS details — cipher suites, TLS versions, certificate validation, OCSP results
- Multi-device fleet — 16 endpoints (Windows, macOS, iOS, Android) with varied OS versions
- DLP engine simulation — HIPAA, PCI, GDPR, Code Protection with dictionary hit counts
- 21 cloud applications with class and risk score
Sample Output
{
"@timestamp": "2026-02-22T19:11:26+00:00",
"event": {
"action": "allowed",
"category": ["web"],
"module": "zscaler_zia",
"outcome": "success"
},
"url": {
"domain": "www.zendesk.com",
"full": "https://www.zendesk.com/agent/dashboard"
},
"user": { "email": "jmorales@safemarch.com", "name": "jmorales" },
"zscaler_zia": {
"web": {
"action": "Allowed",
"app": { "class": "Collaboration", "name": "Slack" },
"department": "Engineering",
"url": {
"category": { "super": "Business and Economy" },
"class": "Business Use"
}
}
}
}Parameters
| Parameter | Default | Description |
|---|---|---|
| company | SafeMarch Inc | Organization name |
| cloudname | zscaler.net | Zscaler cloud name |
| datacenter | US-CA1 Client Node DC | Zscaler datacenter |
| nss_server | nss-feed-01 | NSS feed server name |
| agent_id | a1b2c3d4-... | Filebeat agent UUID |
| agent_version | 8.17.0 | Elastic Agent version |
Related Generators
Nginx Access & Error Logs
Nginx reverse proxy and web server — access logs with upstream timing, error logs with module context, bot/crawler traffic, scanner probes, and correlated 4xx/5xx error entries.
Apache HTTP Server
Apache httpd access and error logs — page/asset/API requests, bot crawlers (Googlebot, GPTBot), scanner probes, 3xx redirects, and correlated 4xx/5xx error log entries with module context.
Cisco AnyConnect VPN
Cisco ASA AnyConnect SSL VPN — session lifecycle from RADIUS authentication through tunnel establishment, IP assignment, DAP policy evaluation, session roaming between gateways, to graceful disconnection.