The NSS Collector functionality and the data collected using this functionality are exclusive to Shadow IT Report. To enable this feature for your organization, contact Zscaler Support.

Zscaler supports real-time ingestion of traffic logs from third-party firewall and web proxy services. The log data from third-party security solutions is integrated with Zscaler's unified console to provide advanced reporting and analytics of the cloud applications used by the organization through a comprehensive Shadow IT Report in the ZIA Admin Portal. To do this, Zscaler requires you to deploy an NSS Collector, typically within your organization’s network perimeter, to collect logs from third-party feeds, process the log data, and push the logs securely to the Zscaler cloud. To learn more, see Understanding Nanolog Streaming Service (NSS).

You can configure the NSS Collector server in the ZIA Admin Portal to obtain the packaged software (VM image) for installation. The NSS Collector can be deployed on VMware. To learn more about the deployment procedure, see NSS Collector Deployment Guide for VMware vSphere.

Zscaler supports log ingestion from Palo Alto Networks, Blue Coat, and Fortinet.

About the NSS Collector Servers Page

On the NSS Collector Servers page (Administration > Nanolog Streaming Service), you can do the following:

1. Add an NSS Collector server.
2. View the list of all configured NSS Collector servers. By default, the table displays the following information:

• Server Name: The name of the NSS Collector server.
• Vendor: The third-party vendor of the firewall or web proxy services used by your organization.
• Status: The server status that indicates whether it is enabled or disabled.
• SSL Certificate: The option to download the SSL certificate for the server.

3. Download the SSL certificate for an NSS Collector server.
4. Edit an NSS Collector server.
5. Modify the table and its columns.
6. Search for an NSS Collector server.
7. Go to the NSS Servers, NSS Feeds, or Cloud NSS Feeds tabs.