Services API¶

Service classes for each Zscaler product (ZCC, ZIA, ZPA, ZDX, ZTW, ZIdentity, EASM, Z-Insights).

Zscaler Integrations MCP Server Services

This module provides the service classes for the Zscaler Integrations MCP Server.

class BaseService[source]¶

Bases: ABC

Base class for all Zscaler services.

register_resources(server)[source]¶

Parameters:: server – The MCP server instance

abstractmethod register_tools(server, enabled_tools=None, enable_write_tools=False, write_tools=None, disabled_tools=None, selected_toolsets=None)[source]¶

Parameters:

server – The MCP server instance
enabled_tools – Set of enabled tool names (if None, all tools are enabled)
enable_write_tools – Whether to enable write tools (default: False)
write_tools – Explicit allowlist of write tools (supports wildcards). Requires enable_write_tools=True.
disabled_tools – Set of tool name patterns to exclude (supports wildcards via fnmatch).
selected_toolsets – Set of toolset ids (e.g. {"zia_url_filtering"}) that this service is allowed to register tools for. None disables toolset filtering. The meta toolset is always exempt. See zscaler_mcp.common.toolsets.

class ZCCService[source]¶

Bases: BaseService

Zscaler Client Connector (ZCC) service.

register_tools(server, enabled_tools=None, enable_write_tools=False, write_tools=None, disabled_tools=None, selected_toolsets=None)[source]¶: Register ZCC tools with the server.

class ZDXService[source]¶

Bases: BaseService

Zscaler Digital Experience (ZDX) service.

register_tools(server, enabled_tools=None, enable_write_tools=False, write_tools=None, disabled_tools=None, selected_toolsets=None)[source]¶: Register ZDX tools with the server.

class ZEASMService[source]¶

Bases: BaseService

Zscaler External Attack Surface Management (EASM) service.

register_tools(server, enabled_tools=None, enable_write_tools=False, write_tools=None, disabled_tools=None, selected_toolsets=None)[source]¶: Register EASM tools with the server.

class ZIAService[source]¶

Bases: BaseService

Zscaler Internet Access (ZIA) service.

register_tools(server, enabled_tools=None, enable_write_tools=False, write_tools=None, disabled_tools=None, selected_toolsets=None)[source]¶: Register ZIA tools with the server.

class ZIDService[source]¶

Bases: BaseService

Zscaler ZIdentity service.

register_tools(server, enabled_tools=None, enable_write_tools=False, write_tools=None, disabled_tools=None, selected_toolsets=None)[source]¶: Register ZIdentity tools with the server.

class ZINSService[source]¶

Bases: BaseService

Zscaler Z-Insights Analytics service.

Provides analytics and reporting capabilities through the Z-Insights GraphQL API. All tools in this service are read-only operations.

Available domains in Z-Insights API: - WEB_TRAFFIC: Web traffic analytics and threat data - CYBER_SECURITY: Cybersecurity incidents and threat analysis - ZERO_TRUST_FIREWALL: Firewall activity and rule analytics - SAAS_SECURITY: Cloud Access Security Broker (CASB) data - SHADOW_IT: Unsanctioned application discovery - IOT: IoT device visibility and statistics

register_tools(server, enabled_tools=None, enable_write_tools=False, write_tools=None, disabled_tools=None, selected_toolsets=None)[source]¶: Register Z-Insights tools with the server.

class ZMSService[source]¶

Bases: BaseService

Zscaler Microsegmentation (ZMS) service.

Provides read-only tools for managing and inspecting microsegmentation deployments through the ZMS GraphQL API.

Available domains in the ZMS API: - AGENTS: Agent inventory, connection status, and version statistics - AGENT_GROUPS: Agent group management and TOTP secrets - RESOURCES: Workload inventory and protection status - RESOURCE_GROUPS: Resource group membership and protection status - POLICY_RULES: Microsegmentation policy rules and defaults - APP_ZONES: Application zone definitions - APP_CATALOG: Discovered application catalog - NONCES: Provisioning key management - TAGS: Tag namespace, key, and value hierarchy

register_tools(server, enabled_tools=None, enable_write_tools=False, write_tools=None, disabled_tools=None, selected_toolsets=None)[source]¶: Register ZMS tools with the server.

class ZPAService[source]¶

Bases: BaseService

Zscaler Private Access (ZPA) service.

register_tools(server, enabled_tools=None, enable_write_tools=False, write_tools=None, disabled_tools=None, selected_toolsets=None)[source]¶: Register ZPA tools with the server.

class ZTWService[source]¶

Bases: BaseService

Zscaler Cloud & Branch Connector (ZTW) service.

register_tools(server, enabled_tools=None, enable_write_tools=False, write_tools=None, disabled_tools=None, selected_toolsets=None)[source]¶: Register ZTW tools with the server.

get_available_services()[source]¶

Get all available services.

Returns:: Dictionary mapping service names to service classes
Return type:: Dict[str, Type]

get_service_names()[source]¶

Get the names of all available services.

Returns:: List of available service names
Return type:: List[str]

Service Overview¶

The Zscaler Integrations MCP Server provides service classes for each Zscaler product:

ZCC Service¶

Zscaler Client Connector service for device management.

ZCC Service Methods¶
Method	Description
`list_devices`	List ZCC devices
`devices_csv_exporter`	Export device data to CSV
`list_trusted_networks`	List trusted networks
`list_forwarding_profiles`	List forwarding profiles

ZIA Service¶

Zscaler Internet Access service for web security and policy management.

ZIA Service Methods¶
Method	Description
`activation`	Check or activate configuration changes
`atp_malicious_urls`	Manage malicious URL denylist
`auth_exempt_urls`	Manage authentication exempt URLs
`cloud_applications`	Manage Shadow IT cloud applications
`cloud_firewall_rule`	Manage cloud firewall rules
`geo_search`	Perform geographical lookups
`gre_range`	Discover GRE internal IP ranges
`gre_tunnels`	Manage GRE tunnels
`ip_destination_groups`	Manage IP destination groups
`ip_source_group`	Manage IP source groups
`user_groups`	List and retrieve user groups
`user_departments`	List and retrieve user departments
`users`	List and retrieve users
`location_management`	Manage locations
`network_app_group`	Manage network application groups
`rule_labels`	Manage rule labels
`ssl_inspection_rules`	Manage SSL inspection rules
`get_sandbox_quota`	Retrieve current sandbox quota usage
`get_sandbox_behavioral_analysis`	Retrieve sandbox behavioral analysis hash list
`get_sandbox_file_hash_count`	Retrieve sandbox file hash usage counts
`get_sandbox_report`	Retrieve sandbox analysis report for a specific hash
`static_ips`	Manage static IP addresses
`url_categories`	Manage URL categories
`vpn_credentials`	Manage VPN credentials

ZPA Service¶

Zscaler Private Access service for zero trust network access.

ZPA Service Methods¶
Method	Description
`access_policy`	Manage access policy rules
`app_connector_groups`	Manage app connector groups
`app_protection_policy`	Manage inspection policy rules
`app_protection_profiles`	List and search app protection profiles
`app_segments_by_type`	Retrieve application segments by type
`application_segments`	Manage application segments
`application_servers`	Manage application servers
`ba_certificates`	Manage browser access certificates
`enrollment_certificates`	Retrieve enrollment certificates
`forwarding_policy`	Manage client forwarding policy rules
`isolation_policy`	Manage isolation policy rules
`isolation_profile`	Retrieve cloud browser isolation profiles
`posture_profiles`	Retrieve posture profiles
`pra_credentials`	Manage privileged remote access credentials
`pra_portals`	Manage privileged remote access portals
`provisioning_key`	Manage provisioning keys
`saml_attributes`	Query SAML attributes
`scim_attributes`	Manage SCIM attributes
`scim_groups`	Retrieve SCIM groups
`segment_groups`	Manage segment groups
`server_groups`	Manage server groups
`service_edge_groups`	Manage service edge groups
`timeout_policy`	Manage timeout policy rules
`trusted_networks`	Retrieve trusted networks

ZDX Service¶

Zscaler Digital Experience service for application performance monitoring.

ZDX Service Methods¶
Method	Description
`administration`	Discover departments or locations
`active_devices`	Discover devices using filters
`list_applications`	List active applications
`list_application_score`	Get application scores or trends
`get_application_metric`	Retrieve application metrics
`get_application_user`	List users/devices for applications
`list_software_inventory`	List software inventory
`list_alerts`	List ongoing alerts
`list_historical_alerts`	List historical alert rules
`list_deep_traces`	Retrieve deep trace information

ZTW Service¶

Zscaler Cloud & Branch Connector service for branch connectivity.

ZTW Service Methods¶
Method	Description
`ip_destination_groups`	Manage IP destination groups
`ip_group`	Manage IP groups
`ip_source_groups`	Manage IP source groups
`network_service_groups`	Manage network service groups
`list_roles`	List admin roles
`list_admins`	List admin users
`discovery_service`	Manage workload discovery service settings

ZIdentity Service¶

Zscaler Identity service for user and group management.

ZIdentity Service Methods¶
Method	Description
`groups`	Retrieve group information
`users`	Retrieve user information

EASM Service¶

Zscaler External Attack Surface Management service for monitoring external assets.

EASM Service Methods¶
Method	Description
`list_organizations`	List all EASM organizations
`list_findings`	List security findings for an organization
`get_finding`	Get details for a specific finding
`get_finding_evidence`	Get evidence for a finding
`get_finding_scan_output`	Get complete scan output for a finding
`list_lookalike_domains`	List lookalike domains for an organization
`get_lookalike_domain`	Get details for a specific lookalike domain

Z-Insights Service¶

Zscaler Z-Insights Analytics service for traffic and threat analytics.

Z-Insights provides read-only analytics through Zscaler’s GraphQL-based analytics API. All tools in this service query historical data with a 24-48 hour processing delay.

Note

Z-Insights uses OneAPI authentication (OAuth2). Data queries should use time ranges that end at least 2 days ago.

Available Domains:

WEB_TRAFFIC: Web traffic analytics and threat data
CYBER_SECURITY: Cybersecurity incidents and threat analysis
ZERO_TRUST_FIREWALL: Firewall activity and rule analytics
SAAS_SECURITY: Cloud Access Security Broker (CASB) data
SHADOW_IT: Unsanctioned application discovery
IOT: IoT device visibility and statistics

Z-Insights Service Methods (16 tools)¶
Method	Description
`get_web_traffic_by_location`	Get web traffic analytics grouped by location
`get_web_traffic_no_grouping`	Get total/overall web traffic volume
`get_web_protocols`	Get web protocol distribution (HTTP, HTTPS, etc.)
`get_threat_super_categories`	Get threat category analytics (malware, phishing, spyware)
`get_threat_class`	Get threat class analytics (virus, trojan, ransomware)
`get_cyber_incidents`	Get cybersecurity incidents by category
`get_cyber_incidents_by_location`	Get incidents grouped by location, user, app, or department
`get_cyber_incidents_daily`	Get daily cybersecurity incident trends
`get_cyber_incidents_by_threat_and_app`	Get incidents correlated by threat category and application
`get_firewall_by_action`	Get firewall traffic by action (allow/block)
`get_firewall_by_location`	Get firewall traffic grouped by location
`get_firewall_network_services`	Get firewall network service usage
`get_casb_app_report`	Get CASB SaaS application usage report
`get_shadow_it_apps`	Get discovered shadow IT applications
`get_shadow_it_summary`	Get shadow IT summary statistics
`get_iot_device_stats`	Get IoT device statistics and classifications

Key Parameters:

start_days_ago / end_days_ago: Recommended way to specify time range (e.g., 7 to 2 for last week)
start_time / end_time: Alternative epoch milliseconds for specific timestamps
traffic_unit: TRANSACTIONS (request counts) or BYTES (data volume)
include_trend: Include time series trend data
trend_interval: DAY or HOUR for trend granularity

Usage Examples¶

Accessing Services¶

from zscaler_mcp.client import get_zscaler_client

client = get_zscaler_client()

# Access ZIA service
zia_service = client.zia

# Access ZPA service
zpa_service = client.zpa

# Access ZDX service
zdx_service = client.zdx

# Access ZCC service
zcc_service = client.zcc

# Access ZTW service
ztw_service = client.ztw

# Access ZIdentity service
zid_service = client.zid

Service Methods¶

# ZIA example
from zscaler_mcp.client import get_zscaler_client

client = get_zscaler_client()

# List users
users = client.zia.users.list_users()

# List URL categories
categories = client.zia.url_categories.list_categories()

# ZPA example
# List application segments
segments = client.zpa.application_segments.list_segments()

# List segment groups
groups = client.zpa.segment_groups.list_groups()

Z-Insights Analytics¶

# Z-Insights authenticates via OneAPI (OAuth2)
from zscaler_mcp.client import get_zscaler_client

client = get_zscaler_client(service="zins")

# Get web traffic by location for the past week
# Using days_ago approach (recommended)
import time

# Calculate timestamps: 7 days ago to 2 days ago
current_time_ms = int(time.time() * 1000)
end_time = current_time_ms - (2 * 24 * 60 * 60 * 1000)   # 2 days ago
start_time = current_time_ms - (7 * 24 * 60 * 60 * 1000)  # 7 days ago

# Get traffic by location
entries, response, err = client.zins.web_traffic.get_traffic_by_location(
    start_time=start_time,
    end_time=end_time,
    traffic_unit="TRANSACTIONS",
    limit=10
)

# Get threat categories
entries, response, err = client.zins.web_traffic.get_threat_super_categories(
    start_time=start_time,
    end_time=end_time,
    traffic_unit="TRANSACTIONS",
    limit=50
)

# Get web protocols distribution
entries, response, err = client.zins.web_traffic.get_protocols(
    start_time=start_time,
    end_time=end_time,
    traffic_unit="BYTES",
    limit=20
)