icon-itdr.svg
ITDR

About Containment Integration

Zscaler ITDR integrates seamlessly with third-party security solutions to isolate active attackers with automated containment.

Containment integration provides the following benefits and enables you to:

  • Forward the attacker's identity to the integrated security solution, which then isolates the attacker's system from the network.
  • Prevent advanced targeted attacks.

You can contain an attack from the Rules page (Orchestrate > Rules) by creating a response or containment rule, or manually contain the attack from the Investigate dashboard.

About the Containment Page

On the Containment page (Orchestrate > Containment), you can do the following:

  1. View a list of all configured containment integrations. For each integration, you can see:
    • Enabled: Indicates if the containment integration is enabled or not.
    • Settings: The name of the third-party security solution.
    • Blocked Identities: The total number of blocked attackers.

      You can click the number under Blocked Identities to view the details of the contained attacker.

  2. Configure containment integrations on the following supported solutions:

Related Articles
About Containment IntegrationContainment Configuration Guide for CrowdStrikeContainment Configuration Guide for Identity Threat Protection with Okta AIContainment Configuration Guide for Zscaler Internet Access (ZIA)Containment Configuration Guide for Zscaler Private Access (ZPA)Viewing the Blocked Identities