icon-zws.svg
Workflow Automation

Managing Workflow Mappings for ZDX Alerts

If you have subscriptions to multiple integrated applications of Workflow Automation such as Data Loss Prevention (DLP), you are prompted to select an application when you log in to the Workflow Automation Admin Portal. Select Zscaler Digital Experience (ZDX) to configure automated workflows for ZDX alerts.

A workflow mapping specifies the ZDX alerts that are associated with the workflow. Alerts are mapped to workflows based on one or more of the attributes associated with an alert. The mappings can be simple or more complex based on your requirements. Then, when an alert occurs in your organization that includes those attributes, the workflow automatically triggers and performs the actions specified in the workflow.

Only admins with full access to Workflow Automation can map the workflows.

The mapping statements are evaluated in the order in which you configure and position them in the Workflow Automation Admin Portal. Workflow Automation uses the first statement that matches with alert attributes. If no statements match an alert, then a workflow is not triggered.

On the Workflow Mappings page, you can:

  • Prerequisites

    In the Workflow Automation Admin Portal, ensure that the workflows are added to the Workflows page.

    Adding Workflow Mappings

    To add a workflow mapping:

    1. Go to Workflows > Workflow Mappings. The Workflow Mappings page appears.

    2. On the Workflow Mappings page, click Add Statement. A new expanded row appears after the last workflow mapping. The statement section appears within that row.

    You can also access the Workflow Mappings page by clicking the Add Workflow Mapping icon in the Mapping column on the Workflows page.

    Viewing the Workflows page with the Add Workflow Mapping icons highlighted in the Mapping column

    Close

    1. In the new row, from the Workflow Name drop-down menu, select the name of the workflow that you want to map.

    2. Configure a basic or advanced alert property mapping for the workflow, as required.

      • To configure a basic workflow mapping:

        1. Add a predicate for the first condition:

          1. Property: From the drop-down menu, select the property. All the attributes associated with an alert transaction are available as properties. A property can be a number or a string.

            • The following is a list of the properties available for workflow mapping:

              • Alert
                • Type
              • Department Count
              • Geo Location Count
              • Impacted Device Count
              • Notification Labels
                • Notification Label Description
                • Notification Label Name
              • OS Version Count
              • Rule Name
              • Severity
              • Total Device Count
              • Zscaler Location Count
              Close
          2. Operation: From the drop-down menu, select the operation. The operations vary depending on the property you choose.

            • The following table lists the operations and their descriptions:

              OperationDescription

              CONTAINS_EXACT

              It can be used for the following types of property fields:

              • Array of strings
              • Number
              • Boolean
              		This operation tests whether the property selected for these types of alerts contains the exact value that you entered in the property value field. You must enter the full value for the property because no partial comparisons are performed. The property field value is not case sensitive. You can use this operation for properties that might include multiple values (e.g., Notification Labels[*].Notification Label Name).

              NOT_CONTAINS_EXACT

              It can be used for the following types of property fields:

              • Array of strings
              • Number
              • Boolean
              		This operation tests whether the property selected for the event type does not contain the exact value that you entered in the property value field. You must enter the full value for the property because no partial comparisons are performed. The property field value is not case sensitive. You can use this operation for properties that might include multiple values (e.g., Notification Labels[*].Notification Label Name).

              EQUALS

              It can be used for the following types of property fields:

              • String
              • Number
              		This operation tests whether the property selected for these types of alerts equals the value that you entered in the property value field.

              NOT_EQUALS

              It can be used for the following types of property fields:

              • String
              • Number
              		This operation tests whether the property selected for these types of alerts does not equal the value that you entered in the property value field.

              LIKE

              It can be used for a String type property field.

              		This operation tests whether the property selected for these types of alerts is like the value that you entered in the property value field. This operation partially compares the substrings.

              EXISTS

              It can be used for all types of property fields.

              		This operation tests whether the property selected exists for these types of alerts. For this type of operation, you do not enter a property value.

              LESS_THAN

              It can be used for a Number type property field.

              		This operation tests whether the property selected for these types of alerts is less than the value that you entered in the property value field. You can use this operation for numeric properties (e.g., Geo Location Count).

              GREATER_THAN

              It can be used for a Number type property field.

              		This operation tests whether the property selected for these types of alerts is greater than the value that you entered in the property value field. You can use this operation for numeric properties (e.g., Geo Location Count).
              Close
          3. Property value: Enter the value of the property.
          4. Select the function for the condition. The default function is NOT. The functions OR and AND are only available when you add another predicate.

        2. (Optional) Add another predicate:

          1. Click Add Predicate. A new predicate row appears under the first predicate row.
          2. In the new row, select the appropriate values for the Property, Operation, and Property value fields.
          3. If required, select the function for the condition. The default function for the new row is AND.

        3. (Optional) Add another condition to the statement:

          1. Above the predicates that have been defined, click the Add icon. Another condition box appears.
          2. Enter the predicates for the condition. Add a predicate for the first condition and optionally add another predicate.

        4. Click Save.
        Close

      • To configure an advanced workflow mapping:

        1. Click Advanced. The statement section displays multiple nested conditions.

        2. Configure the predicates as required. To add another predicate to the condition, click Add Predicate. To learn how to add a predicate and a condition to a statement, see Basic Workflow Mapping.
        3. Click Save.
        Close
    Close

  • To view and edit a workflow mapping:

    1. Go to Workflows > Workflow Mappings. The Workflow Mappings page appears.

    2. (Optional) On the Workflow Mappings page, use the Search field to locate the workflow for which you want to edit the mappings.

    3. At the end of the row next to the workflow you want to edit, click the Expand icon. The row expands to display the mappings in the statement section for the workflow.

    4. In the statement section, edit any of the existing predicates and conditions for the statement. You can edit the properties, operations for the properties, and property values within the existing predicates and the function for the condition.
    5. (Optional) Add additional predicates or conditions to the statement. To learn more, see Adding Workflow Mappings.
    6. Click Save.

    To delete a predicate or condition within a statement, click the Delete icon next to the predicate or condition.

    Close

  • To delete a workflow mapping:

    1. Go to Workflows > Workflow Mappings. The Workflow Mappings page appears.

    2. On the Workflow Mappings page, click the Delete icon next to a workflow. A message appears asking whether you are sure you want to delete this statement.

    3. Click OK.
    Close

  • Rules equate to statements in Workflow Automation.

    To arrange workflow mapping rules:

    1. Go to Workflows > Workflow Mappings. The Workflow Mappings page appears.

    2. On the Workflow Mappings page, click the down arrow or up arrow next to a workflow to arrange the order in which the rules are processed. Workflow Automation stops processing an alert after it finds its first rule match for the alert.

    3. Click Save.
    Close
Related Articles
Understanding Workflows for ZDX AlertsManaging Workflow Templates for ZDX AlertsManaging Workflows for ZDX AlertsManaging Workflow Mappings for ZDX AlertsManaging Shared Configurations for ZDX Alerts