.. _examples: Examples ======== This section provides comprehensive example prompts for all Zscaler products and services available through the MCP Server. These examples demonstrate the various capabilities and use cases for each service. Zscaler Client Connector (ZCC) Examples ---------------------------------------- **Device Management:** * "List all ZCC devices in my organization" * "Show me ZCC devices for user john.doe@company.com" * "Get ZCC device information for iOS devices only" * "Export ZCC device data to CSV for audit purposes" * "List all trusted networks configured in ZCC" * "Show me the forwarding profiles available in ZCC" **Device Monitoring:** * "What is the enrollment status of ZCC devices?" * "Show me devices that haven't been active in the last 30 days" * "List all ZCC devices with their current service status" Zscaler Digital Experience (ZDX) Examples ------------------------------------------ **Application Monitoring:** * "List all applications configured in ZDX" * "Show me the ZDX score for application ID 12345" * "Get performance metrics for our main web application" * "What users are accessing the Salesforce application?" * "Show me application performance trends for the last week" **Device Discovery:** * "Discover all active ZDX devices in our organization" * "Find devices used by users in the IT department" * "Show me devices with poor ZDX scores" * "List devices that haven't been seen in the last 7 days" **Alert Management:** * "Show me all ongoing ZDX alerts" * "Get details for alert ID 67890" * "List all devices affected by the current network performance alert" * "Show me historical alerts from the last month" **Software Inventory:** * "List all software installed across our organization" * "Show me devices running outdated versions of Chrome" * "Find all devices with specific software installed" * "Get software inventory for the Engineering department" **Deep Trace Analysis:** * "Run a deep trace for device ID 11111" * "Show me deep trace results for troubleshooting connectivity issues" * "Get detailed network path information for a specific device" Zscaler Internet Access (ZIA) Examples --------------------------------------- **User and Group Management:** * "List all user groups in ZIA" * "Show me users in the Marketing department" * "Create a new user group for contractors" * "Update the IT department user group settings" **URL and Content Filtering:** * "List all URL categories in ZIA" * "Create a custom URL category for social media" * "Show me blocked URL categories" * "Update the URL category for streaming services" **Firewall Rules:** * "List all cloud firewall rules" * "Create a firewall rule to block access to specific IP ranges" * "Show me firewall rules for the Finance department" * "Update the existing firewall rule for remote workers" **Location Management:** * "List all ZIA locations" * "Create a new location for our branch office" * "Show me location details for our main office" * "Update the location settings for remote users" **DLP and Security:** * "List all DLP engines configured in ZIA" * "Show me DLP dictionaries for data classification" * "Create a new DLP rule for sensitive data" * "List web DLP rules for the HR department" **Network Applications:** * "List all network application groups" * "Create a network application group for cloud services" * "Show me network applications used by the Sales team" * "Update network application settings for better performance" **IP Management:** * "List all IP source groups" * "Create an IP destination group for our data center" * "Show me static IP addresses assigned to locations" * "Update IP group settings for remote offices" **VPN and Tunneling:** * "List all GRE tunnels configured in ZIA" * "Show me available GRE IP ranges" * "Create a new GRE tunnel for branch connectivity" * "List VPN credentials for remote access" **Sandbox and Threat Protection:** * "Show me sandbox analysis results" * "List malicious URLs in the ATP policy" * "Get threat protection statistics" * "Show me quarantine information" **System Administration:** * "Check ZIA configuration activation status" * "Activate pending ZIA configuration changes" * "Show me system health and status" * "List all rule labels in ZIA" Zscaler Private Access (ZPA) Examples -------------------------------------- **Application Segments:** * "List all ZPA application segments" * "Create a new application segment for our internal tools" * "Show me application segments by type (web, tcp, udp)" * "Update the application segment for our development environment" **Server Groups:** * "List all ZPA server groups" * "Create a server group for our database servers" * "Show me server group details for production" * "Update server group settings for better load balancing" **Access Policies:** * "List all ZPA access policy rules" * "Create an access policy for contractor access" * "Show me access policies for the Finance department" * "Update access policy to include new user groups" **Provisioning Keys:** * "List all ZPA provisioning keys" * "Create a new provisioning key for branch offices" * "Show me provisioning key details and usage" * "Update provisioning key settings for better security" **App Connectors:** * "List all ZPA app connector groups" * "Show me app connector health status" * "Create a new app connector group for cloud resources" * "Update app connector settings for better performance" **Service Edges:** * "List all ZPA service edge groups" * "Show me service edge performance metrics" * "Create a service edge group for specific regions" * "Update service edge settings for optimal routing" **Trusted Networks:** * "List all ZPA trusted networks" * "Create a trusted network for our office locations" * "Show me trusted network details and coverage" * "Update trusted network settings for new locations" **Inspection and Protection:** * "List all ZPA app protection policies" * "Show me app protection profiles for data security" * "Create an inspection policy for sensitive applications" * "Update app protection settings for compliance" **Identity and Access:** * "List all ZPA SAML attributes" * "Show me SCIM attributes for user provisioning" * "Create SCIM groups for automated user management" * "Update identity provider settings" **Certificates and Security:** * "List all ZPA browser access certificates" * "Show me enrollment certificates for device management" * "Create a new certificate for secure access" * "Update certificate settings for better security" **Posture and Compliance:** * "List all ZPA posture profiles" * "Show me posture requirements for device compliance" * "Create a posture profile for mobile devices" * "Update posture settings for security compliance" **Privileged Access:** * "List all ZPA PRA portals" * "Show me PRA credentials for privileged access" * "Create a PRA portal for administrative access" * "Update PRA settings for better security" **Timeouts and Policies:** * "List all ZPA timeout policies" * "Show me timeout settings for different applications" * "Create a timeout policy for long-running sessions" * "Update timeout settings for better user experience" **Isolation and Security:** * "List all ZPA isolation policies" * "Show me cloud browser isolation profiles" * "Create an isolation policy for untrusted content" * "Update isolation settings for better security" Zscaler Cloud & Branch Connector (ZTW) Examples ------------------------------------------------ **IP Group Management:** * "List all ZTW IP destination groups" * "Create an IP destination group for our data center" * "Show me IP source groups for branch offices" * "Update IP group settings for better routing" **Network Service Groups:** * "List all ZTW network service groups" * "Create a network service group for web services" * "Show me network service groups for database access" * "Update network service settings for better performance" **Administration:** * "List all ZTW admin roles" * "Show me admin users in the organization" * "Create a new admin role for branch management" * "Update admin user permissions for better security" **User Management:** * "List all ZTW admin users" * "Show me admin users with specific roles" * "Get details for admin user john.doe@company.com" * "Update admin user settings and permissions" Zscaler Identity (ZIdentity) Examples -------------------------------------- **User Management:** * "List all users in ZIdentity" * "Show me users in the Engineering department" * "Search for users with specific attributes" * "Get user details for john.doe@company.com" **Group Management:** * "List all groups in ZIdentity" * "Show me groups for the Finance department" * "Search for groups with specific permissions" * "Get group details and member information" Zscaler External Attack Surface Management (EASM) Examples ---------------------------------------------------------- **Organization Management:** * "List all EASM organizations configured for my tenant" * "Show me the organizations being monitored by EASM" * "What organizations are configured in my EASM environment?" **Findings and Vulnerabilities:** * "List all findings for organization ID 12345" * "Show me security findings for our external assets" * "What vulnerabilities have been discovered on our internet-facing assets?" * "Get details for finding ID 67890" * "Show me the evidence for a specific security finding" * "Get the complete scan output for finding ID 11111" * "List all high-severity findings across our external attack surface" * "Show me findings related to exposed services" **Lookalike Domain Monitoring:** * "List all lookalike domains detected for organization ID 12345" * "Show me domains that are impersonating our brand" * "What phishing domains have been detected targeting our organization?" * "Get details for lookalike domain ID 22222" * "Show me recently detected lookalike domains" * "List all active lookalike domain threats" * "Are there any domains similar to our company name being used maliciously?" Z-Insights Analytics Examples ----------------------------- Z-Insights provides analytics and reporting capabilities through Zscaler's GraphQL-based analytics API. These tools provide read-only access to historical traffic and security data across 16 specialized analytics tools. .. note:: Z-Insights data has a 24-48 hour processing delay. When querying data, use time ranges that end at least 2 days ago for accurate results. Use ``start_days_ago`` and ``end_days_ago`` parameters for easy time range specification. **Available Z-Insights Domains:** - WEB_TRAFFIC: Web traffic analytics and threat data - CYBER_SECURITY: Cybersecurity incidents and threat analysis - ZERO_TRUST_FIREWALL: Firewall activity and rule analytics - SAAS_SECURITY: Cloud Access Security Broker (CASB) data - SHADOW_IT: Unsanctioned application discovery - IOT: IoT device visibility and statistics **Web Traffic Analytics (5 tools):** * "What's our total web traffic volume for the past week?" * "Show me web traffic by location for the last 7 days" * "Which office locations have the highest web traffic?" * "What's the traffic distribution across our branch offices?" * "Show me traffic trends for the past 14 days" * "How much bandwidth are we using across all locations?" * "Compare traffic volume between different office locations" * "Get web traffic in bytes instead of transactions" * "Show me overall traffic without any grouping" * "What's our total bandwidth consumption this month?" **Protocol Analysis:** * "What protocols are being used in our web traffic?" * "Show me HTTP vs HTTPS traffic distribution" * "What's our SSL/TLS adoption rate?" * "Are there any non-HTTPS protocols being used?" * "Show me protocol usage trends over the past week" * "What percentage of traffic is encrypted?" * "List all protocols with transaction counts" **Threat Analytics:** * "What types of threats are we seeing?" * "Show me threat categories detected in our traffic" * "What malware types have been detected?" * "Are there any phishing attempts in our traffic?" * "Show me threat super categories for the past week" * "What's our threat detection breakdown by category?" * "List all security threats detected recently" * "Show me top 10 threat categories by volume" * "What spyware has been blocked?" **Threat Classification:** * "What threat classes are present in our traffic?" * "Show me virus and spyware detections" * "Are there any advanced threats detected?" * "What's the distribution of threat types?" * "Show me behavioral analysis detections" * "List threat classes for the past 14 days" * "How many threats were in the VIRUS_SPYWARE class?" **Cyber Security Incidents (4 tools):** * "Show me cybersecurity incidents from the past two weeks" * "What security incidents have we had by category?" * "Which locations have the most security incidents?" * "Show me daily security incident trends" * "What applications are being targeted by threats?" * "Give me a breakdown of incidents by threat category" * "How many cyber incidents did we have per day last month?" * "Which departments have the most security incidents?" * "Show me incident correlation between threats and applications" * "What's the security incident trend over the past 30 days?" * "Group incidents by user to find risky employees" * "Show incidents by source country" * "Which apps have the most threat-related incidents?" **Firewall Analytics (3 tools):** * "Show me firewall traffic by action" * "How much traffic is being blocked vs allowed?" * "Which locations have the most firewall activity?" * "What network services are being used through the firewall?" * "Show me firewall stats by location" * "What's our firewall block rate?" * "List network services with traffic volumes" * "Which locations generate the most firewall logs?" * "Show me allowed vs blocked traffic ratio" **SaaS Security / CASB (1 tool):** * "What SaaS applications are being used?" * "Show me CASB application report" * "Which cloud apps have the most usage?" * "List cloud applications monitored by CASB" * "What's our cloud app usage by transaction count?" * "Show me top 20 SaaS applications" **Shadow IT Analytics (2 tools):** * "What shadow IT applications have been discovered?" * "Show me unsanctioned apps being used" * "Give me a shadow IT summary" * "What high-risk shadow applications are in use?" * "Show me shadow IT apps by risk score" * "How much data is being transferred to shadow apps?" * "What's our total shadow IT exposure?" * "Show me shadow apps grouped by category" * "How many shadow apps are sanctioned vs unsanctioned?" * "What's the total data uploaded to shadow IT apps?" * "Show me shadow IT apps with risk index above 5" **IoT Device Analytics (1 tool):** * "How many IoT devices are on our network?" * "Show me IoT device statistics" * "What types of IoT devices are connected?" * "List IoT device classifications" * "Are there any unclassified devices?" * "How many unmanaged user devices do we have?" * "What's the breakdown of IoT vs user vs server devices?" * "Show me device categories like cameras, printers"