The service analyzes user logs and suggests AI-powered recommendations for application segments. AI-powered recommendations are application segments that have been pulled based on the filters you have configured in the AI-Powered Recommendations Settings. These AI-powered recommendations for application segments can be merged with existing defined application segments, added as newly defined application segments, or ignored if they do not apply.

To learn more about the configuration options available for your applications before configuring an application segment, see About Applications and Configuring AI-Powered Recommendations.

Prerequisites

The following prerequisites are required to activate the AI-Powered Recommendations page:

• Have a minimum of 100 discovered applications.
• Have at least 20 enrolled users.
• Enable SCIM Sync for identity management.

To activate this feature, click Activate Recommendations on the AI-Powered Recommendations page.

See image

The AI-Powered Recommendations page is only populated with data for users who have activated it. If you want to enable this feature and the AI-Powered Recommendations page is not displayed, contact Zscaler Support.

About the AI-Powered Recommendations Page

On the AI-Powered Recommendations page (Policies > Access Control > Private Applications > App Segments > AI-Powered Recommendations), you can do the following:

1. Open the Settings drawer to add parameters to AI-powered recommended application segment findings.
2. Download a CSV file of the AI-Powered Recommendations list.
3. Filter the information that appears in the table. By default, no filters are applied.
4. View a list of all AI-powered recommendations that were configured for your organization.
   • View elements of each application segment.

     Each AI-powered recommended application segment contains the following elements:

     • Name: The name of the application segment.
     • Applications: A list of up to three recommended applications within the AI-powered recommendations for application segments.
     • Grouping Reasons: The 5 categories that an AI-powered recommended application segment can be grouped by (IP Similarity, User Access Similarity, Domain Name Similarity, Co-occurring Applications Similarity, and Ports and Protocols Similarity).
     • Confidence: The measurement of accuracy of an AI-powered recommended application segment that matches the set requirements. The range is from 0 to 100, with higher numbers meaning a more accurate match, given the configured filters configured in the AI-Powered Recommendations Settings.
     • Attack Surface Reduction: The percentage reduction in the attack surface (i.e., percentage difference between potential users and recommended users).

     By default, the list is sorted in ascending order by Attack Surface Reduction.

     Close
   • Click any application in the Applications column to view its details.

     • Name: The name of the application segment for the application.
     • Download: Click Download to export a CSV file containing information for this specific application segment. The file lists the application segments based on the selected table filters. Larger files can take several minutes to download.
     • Attack Surface Reduction: The percentage reduction in the attack surface (i.e., percentage difference between potential users and recommended users).
     • Current Configuration: The number of Applications, Defined Application Segments, and Current Users.
     • Recommended Configuration: The number of Applications, Recommended Users, and Observed Users for the AI-Powered recommendation.

     • Recommended Users: If SCIM Sync is enabled, the number of suggested users for this recommended application segment is displayed. Click the number of users to list the recommended users. You can search by email.

       If SCIM Sync or SCIM Attributes for Policy are not enabled, the user recommendations appear as N/A in the recommendations.

     • Recommended Basis: Lists the recommendation's basic information to configure.
       • Number of Transactions: The total number of transactions.
       • TCP Port Ranges: The TCP port ranges used to access applications.
       • UDP Port Ranges: The UDP port ranges used to access applications.
       • Grouping Reasons: The 5 categories that a recommended application segment can be grouped by (IP Similarity, User Access Similarity, Domain Name Similarity, Co-occurring Applications Similarity, and Ports and Protocols Similarity).
       • Description: Information about the recommendation.
     • Applications: The list of applications assigned to the selected application segment. Click Next or Previous at the bottom of the table to view additional applications. You can filter the information that appears in the table. By default, no filters are applied.
       • Application: The name of the application.
       • Defined Application Segment: The defined application segment merged with this application, if applicable.
       • Port and Protocol: The web server port and protocol used by the application.
       • Server IP: The web server IP address (e.g., 192.0.2.0).

     See image.

     

     Close

     Close
5. Add an AI-powered recommended application segment.
6. Merge with a defined application segment.
7. Access the table menu to:
   • Ignore an AI-powered recommended application segment.

     If you click the Ignore icon, you need to select a reason in the Send Feedback window. Add additional comments if needed and click Save. The ignored recommended application segment will no longer appear in the table. Click Cancel to cancel the ignore action. To view the list of ignored AI-powered recommended application segments, select the Ignored Recommendations filter.

     Close
   • View the Diagnostics page, filtered with the applications related to that specific AI-powered recommended application segment.

     The Diagnostics page shows up to 200 applications per recommended application segment. Any additional applications are not shown.

     Close
   • Download the configuration information for the recommended application group to a CSV file.
8. Navigate between the pages of AI-powered recommendations.
9. Validate a client hostname.
10. View and add DNS search domains.
11. Access pages or tabs (depending on what features you have enabled).
    • View a list of accessible pages or tabs.

      • Go to the Browser Access page to manage applications where Browser Access is enabled.
      • Go to the AppProtection page to manage applications where AppProtection is enabled.
      • Go to the Privileged Remote Access page to manage applications where Privileged Remote Access is enabled.
      • Go to the Segment Groups page to add a new segment group or manage existing groups.
      • Go to the Defined Application Segments tab to view and manage defined application segments.

      Close