Security events can be securely pulled from the zConsole using the script defined in our SIEM Integration Guide.
This guide contains a bash script, which can be run as part of a crontab where it will access the zCloud server at regular intervals over HTTPS and retrieve the events in JSON format. These events are then saved as files locally on the customer machine from which the bash script is executed. The files can then be imported into the customer’s SIEM system using the SIEM native JSON capabilities or syslog. The advantage of this approach is that it does not require the customer to perform any networking changes or expose any secure resources to the network. The script is a starting point and the customer can update it as needed. However, if an inbound syslog connection is preferred, this can be configured as well.
Please login to the Support Portal to access the user guide under the Product Documentation section
To implement either of the above for event information, contact your Zimperium Customer Success team.