Skip to main content

ZHERO Analysis Templates

ZHERO's Analysis Template Engine continuously monitors your Zscaler configuration to identify security gaps, optimization opportunities, and compliance issues. Each template provides actionable insights to help you maintain a secure and efficient Zscaler deployment.

Available Templates

Security Configuration Analysis

ATP (Advanced Threat Protection) Templates

ATP Security Exceptions: File Blocking

  • What it does: Verifies that 'Block Unscannable Files' and 'Block Password Protected Archive Files' are enabled in your ATP security exceptions
  • Why it's useful: Prevents potentially malicious files that cannot be inspected from bypassing your security controls
  • Severity: Low

ATP Security Exceptions: Bypass URLs Review

  • What it does: Reviews your ATP bypass URL list to ensure it's minimal or empty
  • Why it's useful: Each bypassed URL creates a security blind spot where ATP policies aren't applied, potentially allowing threats through
  • Severity: Medium

ATP Settings: Security Features Activation

  • What it does: Checks if all recommended Advanced Threat Protection features are enabled
  • Why it's useful: Ensures comprehensive protection against advanced threats by enabling all available security features
  • Severity: High (varies based on disabled features)

ATP Settings: Risk Tolerance Review

  • What it does: Validates that your ATP risk tolerance setting is below the recommended threshold of 33
  • Why it's useful: Settings that are too low might be overly aggressive, causing false positives and blocking legitimate content
  • Severity: Medium (varies based on configured value)

Malware Protection

Malware Protection Best Practices

  • What it does: Verifies that malware protection is configured according to security best practices
  • Why it's useful: Ensures all threat types (virus, trojan, worm, ransomware, etc.) are properly blocked
  • Severity: High

SSL Inspection Analysis

SSL Inspection: Legacy TLS Versions

  • What it does: Identifies SSL inspection policies that still allow TLS 1.0 or 1.1
  • Why it's useful: Legacy TLS versions have known vulnerabilities and should be disabled to maintain security
  • Severity: High

Potentially Useless SSL Inspection Policy

  • What it does: Identifies SSL inspection policies that may be unreachable or redundant
  • Why it's useful: Helps optimize and simplify your configuration by removing unnecessary policies
  • Severity: Medium

SSL Inspection Bypassing CDN CategoryPremium

  • What it does: Identifies 'Do Not Inspect' rules that apply to CDN (Content Delivery Network) categories
  • Why it's useful: CDNs can host malicious content; bypassing SSL inspection for these categories creates major security blind spots
  • Severity: Critical (varies based on specific CDNs)

SSL Inspection Traffic Analysis (Last 30 Days)Premium

  • What it does: Analyzes 30 days of web traffic logs to calculate SSL inspection rates and identify traffic patterns
  • Why it's useful: Shows exactly how much encrypted traffic is being inspected versus bypassed, helping you understand your security coverage
  • Severity: Informational (varies based on inspection percentage)

Android Device SSL Exception ConfigurationPremium

  • What it does: Verifies proper SSL exceptions are configured for Android Enterprise devices according to Google's requirements
  • Why it's useful: Android devices require specific SSL exceptions to function properly with enterprise features and apps
  • Severity: Informational (varies based on configuration)

Apple Device SSL Exception ConfigurationPremium

  • What it does: Ensures proper SSL exceptions are configured for iOS/macOS devices according to Apple's requirements
  • Why it's useful: Apple devices require specific SSL exceptions for device setup, management, and core services to work correctly
  • Severity: Informational (varies based on configuration)

Missing/Misconfigured ANY/ANY Inspect Catch-AllPremium

  • What it does: Verifies that SSL inspection policies have a properly configured final 'ANY/ANY' inspect rule
  • Why it's useful: Ensures all traffic not matched by specific rules is still properly inspected, preventing security gaps
  • Severity: Medium (varies based on specific issue)

Configuration Optimization

Redundant URL Entries

  • What it does: Identifies specific URLs that are already covered by wildcard entries in URL categories
  • Why it's useful: Simplifies configuration management by removing unnecessary duplicate entries
  • Severity: Low

How It Works

  1. Continuous Monitoring: ZHERO automatically runs these analysis templates against your Zscaler configuration
  2. Smart Severity Scoring: Each finding is assigned a dynamic severity score (0-10) based on actual impact
  3. Actionable Insights: Templates provide specific recommendations and can even propose configuration changes
  4. Performance Optimized: Templates are designed to run efficiently without impacting your Zscaler performance

Premium Features

Templates marked with ⭐ Premium require a ZHERO premium subscription. These advanced templates provide:

  • Deep traffic analysis with historical data
  • Vendor-specific compliance checks (Google, Apple)
  • Advanced SSL inspection gap analysis
  • Resource-intensive computations for comprehensive insights

Getting Started

  1. Install the ZHERO Chrome extension
  2. Navigate to any Zscaler admin portal
  3. Open the ZHERO panel to view analysis results
  4. Click on any finding to see detailed recommendations
  5. Apply suggested fixes directly or export findings for review

For more information about ZHERO and its capabilities, visit our Setup Guide.