This workflow template automates the process of managing URLs on the Global Blacklist in Zscaler via Slack commands. Users can easily check URL categories or remove URLs from the blacklist. It streamlines network security operations by filtering for unique URLs, categorizing them, and updating the global blacklist based on approval – all through Slack interactions. This efficient system facilitates quick response to security alerts and maintains the integrity of network access policies.
Trigger
Slack
Optional Triggers
Webhook,"Microsoft Teams",Webex
Use Cases
Remediate Network Security Alerts
Workflow Breakdown
Receive a trigger from Slack for either check url or remove url
Filter for unique URLs and provide the hostname.domain name for the blacklist
If check url, the URL's are looked up to the current categories, and if approved added to the global blacklist
If remove url, the URL's are removed from the global blacklist if approved
After either operation, the user is asked if they would like to review the current blacklist
Vendors
Slack, Utils, Zscaler Internet Access
Workflow Output
Success/Failure via Slack
Tips
Modify the Slack command based on the filter for the trigger","Multiple URLs can be sent in one command to the workflow