The Zscaler Incident Receiver is a tool that allows you to receive information about DLP policy violations securely. It can run on an EC2 instance on Amazon Web Services (AWS), on an Azure VM, or on-premises. The Zscaler service sends information about policy violations via ICAP to the Incident Receiver. This tool sends the policy-violating content and a JSON file containing the metadata for the inline web and CASB DLP policy scan (e.g., the URL, Collaborators, DLP dictionaries, DLP engines, etc.).

The incident receiver is only available for organizations that do not already own an ICAP server.

After a Zscaler Incident Receiver is created and the virtual machine (VM) for the tool is installed, you can add it to a DLP policy rule (with content inspection, without content inspection, or SaaS Security API) as a DLP incident receiver.

The Zscaler Incident Receiver does not store files locally and requires either an S3 storage bucket or a storage server or to store data. To learn more, see Configuring the Zscaler Incident Receiver for Amazon Web Services EC2 VMs, Configuring the Zscaler Incident Receiver for Azure VMs, and Configuring the Zscaler Incident Receiver for On-Premises VMs.

About the Zscaler Incident Receiver Page

On the Zscaler Incident Receiver page (Administration > DLP Incident Receiver > Zscaler Incident Receiver), you can do the following:

1. Add a Zscaler Incident Receiver.
2. Download the VM (.ova) for the Zscaler Incident Receiver.
3. Search for a Zscaler Incident Receiver.
4. View a list of all the Zscaler Incident Receivers for your organization. For each Zscaler Incident Receiver, you can see and sort the following:
   • Name: The name of the incident receiver.
   • URI: The incident receiver URI.
   • Status: Displays whether the incident receiver is enabled or disabled.
   • Certificate: Displays a link that allows you to download the certificate used by the incident receiver.
5. Edit a Zscaler Incident Receiver, including the ability to delete a configuration.
6. Modify the table and its columns.
7. View the ICAP Settings page. To learn more, see About ICAP Receivers for DLP.