Red Canary and Zscaler Integration

Red Canary integrates with Zscaler to accelerate investigations and give you the quickest path from detection to protection.

Quicker context for investigations

See relevant ZIA web logs and insights directly in Red Canary—eliminating console-hopping, filtering out activity ZIA already blocked, and giving analysts the context they need to quickly validate true threats.

Screenshot of how investigation insights look in the tool

Screenshot of how triggers look in the tool

Trigger network-level protection

Initiate ZIA response actions from Red Canary or set them to trigger automatically.

Add domains, URLs, or IPs to block lists
Apply browser isolation or conditional access policies
Add malicious file hashes to the ZIA Sandbox denylist

The benefits

Accelerate investigations

Make the jump from “logs” to “insights” without swiveling

Streamline response

Take the quickest path from detection to protection

Focus on true positives

Immediately see if ZIA has already blocked activity

“The level of analysis and the quality of information we receive when a threat is detected empower us to respond effectively. I no longer wonder if there’s more to the story, because Red Canary provides the complete narrative.”

DAN SCOTT, DIRECTOR OF IT

ELMBROOK SCHOOLS

Datasheet

Red Canary and ZIA

View Datasheet

Blog

Use Response Actions to Update Zscaler Policies and Block Threats

Read Blog

Newly Released

Report

2026 Threat Detection Report

View Report

24/7 Threat Detection and Response

Red Canary & Zscaler