Zscaler Z-Insights Analytics Tools

The Z-Insights Analytics tools provide read-only access to Zscaler’s analytics and reporting capabilities via the GraphQL-based analytics API. These 16 tools cover web traffic, cybersecurity incidents, firewall analytics, SaaS security, shadow IT, and IoT device visibility.

Note

Z-Insights data has a 24-48 hour processing delay. When querying data, use time ranges that end at least 2 days ago for accurate results. Use start_days_ago and end_days_ago parameters for easy time range specification.

Available Tools

Z-Insights Tools

Tool Name

Description

zins_get_web_traffic_by_location

Get web traffic analytics grouped by location

zins_get_web_traffic_no_grouping

Get overall web traffic volume metrics

zins_get_web_protocols

Get web traffic by protocol (HTTP, HTTPS, SSL)

zins_get_threat_super_categories

Get threat super categories (malware, phishing, spyware)

zins_get_threat_class

Get detailed threat class breakdown

zins_get_cyber_incidents

Get cybersecurity incidents by category

zins_get_cyber_incidents_by_location

Get cybersecurity incidents grouped by location

zins_get_cyber_incidents_daily

Get daily cybersecurity incident trends

zins_get_cyber_incidents_by_threat_and_app

Get incidents correlated by threat and application

zins_get_firewall_by_action

Get Zero Trust Firewall traffic by action (allow/block)

zins_get_firewall_by_location

Get firewall traffic grouped by location

zins_get_firewall_network_services

Get firewall network service usage

zins_get_casb_app_report

Get CASB SaaS application usage report

zins_get_shadow_it_apps

Get discovered shadow IT applications with risk scores

zins_get_shadow_it_summary

Get shadow IT summary statistics and groupings

zins_get_iot_device_stats

Get IoT device statistics and classifications

Analytics Domains

Z-Insights tools are organized across six analytics domains:

Domain

Tools

Description

WEB_TRAFFIC

3

Web traffic volume, location distribution, and protocol analysis

CYBER_SECURITY

4

Cybersecurity incidents by category, location, daily trend, and threat-app correlation

ZERO_TRUST_FIREWALL

3

Firewall traffic by action (allow/block), location, and network services

SAAS_SECURITY

1

CASB SaaS application usage report

SHADOW_IT

2

Discovered shadow IT applications and summary statistics

IOT

1

IoT device statistics and classifications

Common Parameters

Most Z-Insights tools accept these filtering parameters:

  • start_days_ago (int): How many days back to start the time range (default varies by tool)

  • end_days_ago (int): How many days back to end the time range (minimum 1 for data availability)

  • interval (str): Aggregation interval — must be 7d or 14d

  • metric (str): Metric type — transactions (default) or total_bytes

Important

The interval parameter must be either 7d or 14d. Other values will be auto-corrected to the nearest valid interval.

Authentication

Z-Insights tools use OneAPI authentication:

  • ZSCALER_CLIENT_ID

  • ZSCALER_CLIENT_SECRET

  • ZSCALER_VANITY_DOMAIN

  • ZSCALER_CUSTOMER_ID

Common Use Cases

  1. Traffic Analysis — Monitor web traffic volume and distribution across locations

  2. Threat Investigation — Investigate cybersecurity incidents and threat categories

  3. Firewall Monitoring — Analyze firewall allow/block rates and service usage

  4. Shadow IT Discovery — Find unsanctioned applications and assess risk

  5. SaaS Visibility — Monitor cloud application usage across the organization

  6. IoT Inventory — Discover and classify IoT devices on the network