Products: Zscaler - Firewall

Rules

Rule ID	Rule Name
LEGACY-S00003	Base32 in DNS Query
LEGACY-S00004	Bitsadmin to Uncommon TLD
LEGACY-S00013	Connection to High Entropy Domain
LEGACY-S00026	DNS Lookup of High Entropy Domain
LEGACY-S00030	Domain Resolution in Non-Standard TLD
THRESHOLD-S00074	Excessive Firewall Denies
MATCH-S00454	Firewall Allowed SMB Traffic
FIRST-S00030	First Seen Outbound Connection to External IP Address on Port 445 from IP Address
FIRST-S00025	First Seen SMB Allowed Traffic From IP
LEGACY-S00041	HTTP External Request to PowerShell Extension
LEGACY-S00045	HTTP request for single character file name
LEGACY-S00027	Hexadecimal in DNS Query Domain
THRESHOLD-S00080	Internal Port Scan
THRESHOLD-S00081	Internal Port Sweep
MATCH-S00457	Large File Upload
MATCH-S00396	Large Outbound ICMP Packets
MATCH-S00556	Outbound Data Transfer Protocol Over Non-standard Port
MATCH-S00554	Outbound IRC Traffic
THRESHOLD-S00026	Possible Credential Abuse
LEGACY-S00061	Possible DNS Data Exfiltration
LEGACY-S00008	Possible Dynamic DNS Domain
MATCH-S00835	Possible Dynamic URL Domain
MATCH-S00637	Possible Malicious Download
LEGACY-S00095	Server-Side Code Injection in URL
OUTLIER-S00010	Spike in URL Length from IP Address
LEGACY-S00182	Suspicious HTTP User-Agent
LEGACY-S00109	Threat Intel - Matched Domain Name
LEGACY-S00107	Threat Intel Match - IP Address
LEGACY-S00165	VBS file downloaded from Internet
MATCH-S00566	Web Request to Punycode Domain
MATCH-S00222	ZScaler Proxy-Traffic to Malicious Categorized Domain

Log Mapper ID	Log Mapper Name
fae9dbd1-ab32-4008-9c12-5c0e678921f6	Zscaler Firewall
0b77ec02-8d97-4b32-9694-1eaa89ab7e22	Zscaler Firewall Log