Zscaler Private Access (ZPA)

Samurai [Local] Collector	Samurai [Cloud] Collector

Connectivity Requirements

You must ensure the following connectivity requirements are fulfilled:

Source	Destination	Ports	Description
Zscaler App Connector	Samurai Local Collector	TCP/514	For log transmission

You must leverage the Zscaler Log Streaming Service (LSS). LSS is deployed using two components: a log receiver (the Samurai local collector) and a ZPA Connector. For further information you can refer to the Zscaler documentation.

Log Receiver Configuration

Follow the steps outlined in the ZPA documentation.

Configuring a Log Receiver

Use the following parameters when completing the steps within the documentation under section 1. Log Receiver:

Field Name	Parameter
Name	Specify a unique name, such as User Activity
Description	Specify a relevant description
Domain or IP Address	IP address of your Samurai Local Collector
TCP Port	514
TLS Encryption	Disabled
App Connector Groups	Select the group(s) related to the on-prem App Connector(s) that will forward data to the Samurai Local Collector

Use the following parameters when completing the steps within the documentation under section 2. Log Stream:

Field Name	Parameter
Log Type	User Activity
Log Template	JSON
Policy	Select

Create Additional Log Receivers

A log receiver is required for each log type. Complete the Log Receiver Configuration steps outlined above for each log type listed below. Where User Activity is referenced in the previous section, replace it with the log types listed below:

Browser Access
Audit Logs

For integrations that utilize a Local Collector where we ingest syslog only, you do not need to follow specific steps in the Samurai MDR portal as we auto detect the vendor and product. The only reason you need to use the Samurai MDR portal is if you need to determine the Local Collector IP address. Of course you will still need to ensure the integration is functioning! See Integrations for more information on checking status.

Our Integration guide was accurate at the time of writing but vendors change things frequently! If you find errors or anything is outdated, let us know by raising a request in the Samurai MDR application and we shall get it updated.