This workflow template automates the process of managing URLs on the Global Blacklist in Zscaler via Slack commands. Users can easily check URL categories or remove URLs from the blacklist. It streamlines network security operations by filtering for unique URLs, categorizing them, and updating the global blacklist based on approval – all through Slack interactions. This efficient system facilitates quick response to security alerts and maintains the integrity of network access policies.

Trigger

Slack

Optional Triggers

Webhook,"Microsoft Teams",Webex

Use Cases

Remediate Network Security Alerts

Workflow Breakdown

Receive a trigger from Slack for either check url or remove url
Filter for unique URLs and provide the hostname.domain name for the blacklist
If check url, the URL's are looked up to the current categories, and if approved added to the global blacklist
If remove url, the URL's are removed from the global blacklist if approved
After either operation, the user is asked if they would like to review the current blacklist

Vendors

Slack, Utils, Zscaler Internet Access

Workflow Output

Success/Failure via Slack

Tips

Modify the Slack command based on the filter for the trigger","Multiple URLs can be sent in one command to the workflow

Assign New Alerts from Hunters.ai - Workflow Template

Slack Mention to Analyze Suspicious URLs and IPs with VirusTotal - Workflow Template

Gather CircleCI Global Environment Variables with Creation Date - Workflow Template

Add/Remove Entra ID User from Global Address List (ex-Azure AD) - Workflow Template

IP Penalty Box with Timeout via Slack (Cloudflare) - Workflow Template