icon-unified.svg
Experience Center

About AI-Powered Recommendations for Application Segments

The service analyzes user logs and suggests AI-powered recommendations for application segments. AI-powered recommendations are application segments that have been pulled based on the filters you have configured in the AI-Powered Recommendations Settings. These AI-powered recommendations for application segments can be merged with existing defined application segments, added as newly defined application segments, or ignored if they do not apply.

AI-powered recommendations for application segments provide the following benefits and enable you to:

  • Discover and create new application segments based on application similarity or user behavior.
  • Find missing applications for existing application segments and easily merge them.
  • Accelerate your journey toward achieving Zero Trust for private access.

To learn more about the configuration options available for your applications before configuring an application segment, see About Applications and Configuring AI-Powered Recommendations.

Prerequisites

The following prerequisites are required to activate the AI-Powered Recommendations page:

To activate this feature, click Activate Recommendations on the AI-Powered Recommendations page.

The AI-Powered Recommendations page is only populated with data for users who have activated it. If you want to enable this feature and the AI-Powered Recommendations page is not displayed, contact Zscaler Support.

About the AI-Powered Recommendations Page

On the AI-Powered Recommendations page (Policies > Access Control > Private Applications > App Segments > AI-Powered Recommendations), you can do the following:

  1. Open the Settings drawer to add parameters to AI-powered recommended application segment findings.
  2. Download a CSV file of the AI-Powered Recommendations list.
  3. Filter the information that appears in the table. By default, no filters are applied.
  4. View a list of all AI-powered recommendations that were configured for your organization.
    • Each AI-powered recommended application segment contains the following elements:

      • Name: The name of the application segment.
      • Applications: A list of up to three recommended applications within the AI-powered recommendations for application segments.
      • Grouping Reasons: The 5 categories that an AI-powered recommended application segment can be grouped by (IP Similarity, User Access Similarity, Domain Name Similarity, Co-occurring Applications Similarity, and Ports and Protocols Similarity).
      • Confidence: The measurement of accuracy of an AI-powered recommended application segment that matches the set requirements. The range is from 0 to 100, with higher numbers meaning a more accurate match, given the configured filters configured in the AI-Powered Recommendations Settings.
      • Attack Surface Reduction: The percentage reduction in the attack surface (i.e., percentage difference between potential users and recommended users).

      By default, the list is sorted in ascending order by Attack Surface Reduction.

      Close
      • Name: The name of the application segment for the application.
      • Download: Click Download to export a CSV file containing information for this specific application segment. The file lists the application segments based on the selected table filters. Larger files can take several minutes to download.
      • Attack Surface Reduction: The percentage reduction in the attack surface (i.e., percentage difference between potential users and recommended users).
      • Current Configuration: The number of Applications, Defined Application Segments, and Current Users.
      • Recommended Configuration: The number of Applications, Recommended Users, and Observed Users for the AI-Powered recommendation.
      • Recommended Users: If SCIM Sync is enabled, the number of suggested users for this recommended application segment is displayed. Click the number of users to list the recommended users. You can search by email.

        If SCIM Sync or SCIM Attributes for Policy are not enabled, the user recommendations appear as N/A in the recommendations.

      • Recommended Basis: Lists the recommendation's basic information to configure.
        • Number of Transactions: The total number of transactions.
        • TCP Port Ranges: The TCP port ranges used to access applications.
        • UDP Port Ranges: The UDP port ranges used to access applications.
        • Grouping Reasons: The 5 categories that a recommended application segment can be grouped by (IP Similarity, User Access Similarity, Domain Name Similarity, Co-occurring Applications Similarity, and Ports and Protocols Similarity).
        • Description: Information about the recommendation.
      • Applications: The list of applications assigned to the selected application segment. Click Next or Previous at the bottom of the table to view additional applications. You can filter the information that appears in the table. By default, no filters are applied.
        • Application: The name of the application.
        • Defined Application Segment: The defined application segment merged with this application, if applicable.
        • Port and Protocol: The web server port and protocol used by the application.
        • Server IP: The web server IP address (e.g., 192.0.2.0).

      Close
  5. Add an AI-powered recommended application segment.
  6. Merge with a defined application segment.
  7. Access the table menu to:
  8. Navigate between the pages of AI-powered recommendations.
  9. Validate a client hostname.
  10. View and add DNS search domains.
  11. Access pages or tabs (depending on what features you have enabled).

Related Articles
About ApplicationsConfiguring Defined Application SegmentsEditing Defined Application SegmentsAbout AI-Powered Recommendations for Application SegmentsConfiguring AI-Powered RecommendationsMerging AI-Powered RecommendationsSharing Defined Application SegmentsConfiguring AI-Powered Recommendations SettingsValidating a Client HostnameAdding DNS Search DomainsSetting Application Segment Configuration WarningsAbout AppProtection ApplicationsAbout Privileged Remote Access ApplicationsAbout Application DiscoveryAbout Application AccessUnderstanding Double EncryptionUnderstanding Health ReportingDefining a Dynamically Discovered ApplicationConfiguring Bypass SettingsDisabling Access to ApplicationsUnderstanding Source IP Anchoring DirectUsing Application Segment MultimatchAbout Application Segment ImportUsing Application Segment ImportMerging Imported Application Segments