Documentation
Zscaler Connectors
Developer Center
Zscaler Legacy
Training & Certification
Tools
Deception Help
- Getting Started
- What Is Zscaler Deception?
- Understanding the Zscaler Deception Architecture
- Step-by-Step Configuration Guide for Zscaler Deception
- Admin Portal
- Best Practices
- Administration
- Authentication
- SAML Configuration
- OpenID Configuration
- Authentication Settings
- Investigate
- Understanding the Investigate Module
- Understanding the Zscaler Deception Dashboard
- Understanding and Building Queries
- Viewing the Details Pane
- Taking Action From the Dashboard
- Extended Details
- Viewing Extended Details
- Viewing ThreatParse Details
- Viewing Attack Chronology Details
- Viewing Network Details
- Event Logs
- Evidence
- Orchestrate
- Orchestration Rules
- Enrichment Integrations
- About Enrichment Integration
- Enrichment Configuration Guide for AbuseIPDB
- Enrichment Configuration Guide for GreyNoise Intelligence
- Enrichment Configuration Guide for Hybrid Analysis
- Enrichment Configuration Guide for IPinfo
- Enrichment Configuration Guide for Joe Sandbox
- Enrichment Configuration Guide for Palo Alto Networks WildFire
- Enrichment Configuration Guide for Shadowserver
- Enrichment Configuration Guide for VirusTotal
- Containment Integrations
- About Containment Integration
- Containment Configuration Guide for Check Point Firewall
- Containment Configuration Guide for CrowdStrike
- Containment Configuration Guide for Fortinet
- Containment Configuration Guide for Identity Threat Protection with Okta AI
- Containment Configuration Guide for Microsoft Defender
- Containment Configuration Guide for Palo Alto Networks
- Containment Configuration Guide for VMware Carbon Black EDR
- Containment Configuration Guide for VMware Carbon Black Endpoint Standard
- Containment Configuration Guide for Zscaler Internet Access (ZIA)
- Containment Configuration Guide for Zscaler Private Access (ZPA)
- Viewing the Blocked Identities
- API Token Management
- Event Templates
- SIEM Integrations
- About Service Connectors
- About SIEM Integrations
- Configuring a Service Connector
- SIEM Configuration Guide for ArcSight Enterprise Security Manager
- SIEM Configuration Guide for IBM QRadar
- SIEM Configuration Guide for Microsoft Sentinel
- SIEM Configuration Guide for Netmonastery DNIF
- SIEM Configuration Guide for Splunk Enterprise and Cloud Platform
- SIEM Configuration Guide for Syslog
- SIEM Configuration Guide for Sumo Logic
- Editing or Deleting a Service Connector
- Editing or Deleting a SIEM Integration
- Miragemaker
- Application Datasets
- Static Application Datasets
- Vulnerable Application Datasets
- Dynamic Application Datasets
- High-Interaction Containers
- SCADA/IoT Datasets
- Keyword Datasets
- Custom Service Datasets
- ThreatParse Rules
- File Datasets & Templates
- Strategy Builder
- Deception Strategy
- Network Decoy Personalities
- Threat Intelligence Decoy Personalities
- Landmine Decoy Personalities
- Active Directory Decoy Personalities
- Miscellaneous
- Deceive
- About Deceive
- About Deceive Summary
- Starting and Stopping Decoys
- Viewing Decoy Deployment Health Status
- Viewing Decoy Deployment Logs
- Generative AI Decoys
- Threat Intelligence Decoys
- About Threat Intelligence Decoys
- Creating a Threat Intelligence Decoy
- Creating Threat Intelligence Decoys Based on Recommendations
- Testing a Threat Intelligence Decoy
- Threat Intelligence Decoy Management
- Deploy Strategy
- MITM Detection
- Network Decoys
- About Network Decoys
- Using Network Decoy Personalities and Services
- Creating an Internal Decoy
- Creating a Zero Trust Network Decoy
- Configuring Services on a Network Decoy
- Adding an Internal Network Decoy to an Active Directory Domain
- Testing a Network Decoy
- Network Decoy Management
- Active Directory Decoys
- About Active Directory Decoys
- Adding an Active Directory Domain
- Creating an Active Directory Decoy User
- Viewing Active Directory Decoy Computers
- Configuring and Downloading a Trigger Script
- Configuring Windows Task Scheduler to Enable Alerting
- Configuring Microsoft Azure Sentinel to Forward Active Directory Event Logs
- Configuring IBM QRadar to Forward Active Directory Event Logs
- Configuring LogRhythm to Forward Active Directory Event Logs
- Configuring Splunk to Forward Active Directory Event Logs
- Exporting a Root CA Certificate from an Active Directory Certificate Service
- Running the Decoy Deployment Script on an Active Directory
- Active Directory Decoy Management
- Cloud Deception
- Azure
- AWS
- Landmine Decoys
- Policies
- About Landmine Policies
- Creating a Landmine Policy
- Configuring the Password Settings Module
- Configuring the Defense Evasion Module
- Configuring the Privilege Escalation Module
- Configuring the Cloud Lures Module
- Configuring the Browser Lures Module
- Configuring the Session Lures Module
- Configuring the File Decoys Module
- Configuring the Lure Settings Module
- Configuring the Advanced Deception Capabilities Module
- Testing Landmine Decoys
- Endpoint Deception With Zscaler Client Connector
- Deceive Settings
- Settings
- Topology
- Network Interfaces
- Decoy Connectors
- Decoy Connector Deployment Guides for Supported Platforms
- Decoy Connector Deployment Guide for VMware Platforms
- Decoy Connector Deployment Guide for Microsoft Hyper-V
- Decoy Connector Deployment Guide for Amazon Web Services
- Decoy Connector Deployment Guide for Microsoft Azure
- Decoy Connector Deployment Guide for Nutanix AHV
- Configuring a Decoy Connector Management Network
- Adding and Connecting a Decoy Connector to the Zscaler Deception Admin Portal
- Configuring Proxy Settings for a Decoy Connector
- Decoy Connector Management
- Aggregators
- ZPA App Connectors
- Virtual Machines
- Endpoint Settings
- Agents
- About Landmine Agent and Agentless
- Obtaining the Agent Registration Token
- Supported Deception Features for Landmine Agent and Agentless Installers
- Downloading Landmine Agents
- Installing a Landmine Agent on Windows
- Installing Landmine Agents on Windows Using MECM or SCCM
- Installing a Landmine Agent Using an Active Directory Group Policy Object
- Installing a Landmine Agent on Linux
- Installing a Landmine Agent on macOS
- Landmine Agentless
- Agent Management
- Agent Configuration
- Agent Update Groups
- Safe Processes
- Server Agents Settings
- Domains
- Agents
- Agent Update Groups
- Agent Configuration
- Audit Logs & Messages
- Network Settings
- Advanced Settings
- Release Notes