Skip to content

[zscaler_zia] Add SaaS Security data stream#18844

Merged
brijesh-elastic merged 7 commits into
elastic:mainfrom
brijesh-elastic:zscaler_zia-3.18.0
May 25, 2026
Merged

[zscaler_zia] Add SaaS Security data stream#18844
brijesh-elastic merged 7 commits into
elastic:mainfrom
brijesh-elastic:zscaler_zia-3.18.0

Conversation

@brijesh-elastic
Copy link
Copy Markdown
Contributor

@brijesh-elastic brijesh-elastic commented May 6, 2026

Proposed commit message

zscaler_zia: Add support for SaaS Security data stream.

This data stream collects SaaS Security logs[1] (including Collaboration, CRM, Email,
File, Gen AI, ITSM, Public Cloud Storage, and Repository) using Zscaler ZIA
Nanolog Streaming Service (NSS).

Test samples were derived from documentation and live data samples, 
which were subsequently sanitized.

[1] https://help.zscaler.com/zia/nss-feed-output-format-saas-security-logs

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

How to test this PR locally

  • Clone integrations repo.
  • Install elastic package locally.
  • Start elastic stack using elastic-package.
  • Move to integrations/packages/zscaler_zia directory.
  • Run the following command to run tests.

elastic-package test -v

@brijesh-elastic brijesh-elastic self-assigned this May 6, 2026
@brijesh-elastic brijesh-elastic added documentation Improvements or additions to documentation. Applied to PRs that modify *.md files. enhancement New feature or request Integration:zscaler_zia Zscaler Internet Access Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] Team:SDE-Crest Crest developers on the Security Integrations team [elastic/sit-crest-contractors] labels May 6, 2026
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 6, 2026

Vale Linting Results

Summary: 10 warnings, 7 suggestions found

⚠️ Warnings (10)
File Line Rule Message
packages/zscaler_zia/_dev/build/docs/README.md 177 Elastic.Latinisms Latin terms and abbreviations are a common source of confusion. Use 'for example' instead of 'e.g'.
packages/zscaler_zia/docs/README.md 177 Elastic.Latinisms Latin terms and abbreviations are a common source of confusion. Use 'for example' instead of 'e.g'.
packages/zscaler_zia/docs/README.md 1492 Elastic.Latinisms Latin terms and abbreviations are a common source of confusion. Use 'and so on' instead of 'etc'.
packages/zscaler_zia/docs/README.md 1492 Elastic.DirectionalLanguage Don't use directional language. Use 'earlier on this page' instead of 'noted above'.
packages/zscaler_zia/docs/README.md 1493 Elastic.DirectionalLanguage Don't use directional language. Use 'earlier on this page' instead of 'noted above'.
packages/zscaler_zia/docs/README.md 1494 Elastic.QuotesPunctuation Place punctuation inside closing quotation marks.
packages/zscaler_zia/docs/README.md 1495 Elastic.Latinisms Latin terms and abbreviations are a common source of confusion. Use 'for example' instead of 'e.g'.
packages/zscaler_zia/docs/README.md 1496 Elastic.Latinisms Latin terms and abbreviations are a common source of confusion. Use 'for example' instead of 'e.g'.
packages/zscaler_zia/docs/README.md 1578 Elastic.Latinisms Latin terms and abbreviations are a common source of confusion. Use 'that is' instead of 'i.e'.
packages/zscaler_zia/docs/README.md 1580 Elastic.Latinisms Latin terms and abbreviations are a common source of confusion. Use 'that is' instead of 'i.e'.
💡 Suggestions (7)
File Line Rule Message
packages/zscaler_zia/_dev/build/docs/README.md 175 Elastic.Semicolons Use semicolons judiciously.
packages/zscaler_zia/_dev/build/docs/README.md 179 Elastic.Ellipses In general, don't use an ellipsis.
packages/zscaler_zia/_dev/build/docs/README.md 181 Elastic.WordChoice Consider using 'can, might' instead of 'may', unless the term is in the UI.
packages/zscaler_zia/docs/README.md 175 Elastic.Semicolons Use semicolons judiciously.
packages/zscaler_zia/docs/README.md 179 Elastic.Ellipses In general, don't use an ellipsis.
packages/zscaler_zia/docs/README.md 181 Elastic.WordChoice Consider using 'can, might' instead of 'may', unless the term is in the UI.
packages/zscaler_zia/docs/README.md 1533 Elastic.WordChoice Consider using 'select, press, visits' instead of 'hit', unless the term is in the UI.

The Vale linter checks documentation changes against the Elastic Docs style guide.

To use Vale locally or report issues, refer to Elastic style guide for Vale.

@elastic-vault-github-plugin-prod
Copy link
Copy Markdown

elastic-vault-github-plugin-prod Bot commented May 6, 2026
edited
Loading

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

@brijesh-elastic brijesh-elastic marked this pull request as ready for review May 12, 2026 17:32
@brijesh-elastic brijesh-elastic requested a review from a team as a code owner May 12, 2026 17:32
@infra-vault-gh-plugin-prod
Copy link
Copy Markdown

infra-vault-gh-plugin-prod Bot commented May 12, 2026

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

@andrewkroh andrewkroh added the dashboard Relates to a Kibana dashboard bug, enhancement, or modification. label May 12, 2026
efd6
efd6 reviewed May 12, 2026
View reviewed changes
Comment thread packages/zscaler_zia/kibana/dashboard/zscaler_zia-44e6d836-f55d-495d-93e0-79da0637042e.json
Comment thread packages/zscaler_zia/data_stream/saas_security/elasticsearch/ingest_pipeline/default.yml Outdated
@brijesh-elastic brijesh-elastic requested a review from efd6 May 13, 2026 07:04
kcreddy
kcreddy reviewed May 13, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@kcreddy kcreddy left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overall looks good. Caught few minor things.

Comment thread packages/zscaler_zia/_dev/build/docs/README.md
Comment thread ...scaler_zia/data_stream/saas_security/_dev/test/pipeline/test-saas-security.log-expected.json Outdated
Comment thread ...scaler_zia/data_stream/saas_security/_dev/test/pipeline/test-saas-security.log-expected.json Outdated
Comment thread ...scaler_zia/data_stream/saas_security/_dev/test/pipeline/test-saas-security.log-expected.json Outdated
Comment thread packages/zscaler_zia/data_stream/saas_security/elasticsearch/ingest_pipeline/default.yml Outdated
Comment thread packages/zscaler_zia/data_stream/saas_security/sample_event.json
@brijesh-elastic brijesh-elastic requested a review from kcreddy May 20, 2026 06:32
kcreddy
kcreddy reviewed May 20, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@kcreddy kcreddy left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just 1 pending: #18844 (comment)

@brijesh-elastic brijesh-elastic requested a review from kcreddy May 20, 2026 07:30
kcreddy
kcreddy approved these changes May 20, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@kcreddy kcreddy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, please wait for @efd6 approval as well. Thanks!

@brijesh-elastic brijesh-elastic marked this pull request as draft May 21, 2026 10:03
@brijesh-elastic brijesh-elastic marked this pull request as ready for review May 25, 2026 06:09
@brijesh-elastic brijesh-elastic requested a review from a team as a code owner May 25, 2026 06:09
@elasticmachine
Copy link
Copy Markdown

elasticmachine commented May 25, 2026

💚 Build Succeeded

History

cc @brijesh-elastic

@brijesh-elastic brijesh-elastic merged commit 7f9381b into elastic:main May 25, 2026
12 checks passed
@elastic-vault-github-plugin-prod
Copy link
Copy Markdown

elastic-vault-github-plugin-prod Bot commented May 25, 2026

Package zscaler_zia - 3.19.0 containing this change is available at https://epr.elastic.co/package/zscaler_zia/3.19.0/

@github-actions github-actions Bot mentioned this pull request May 25, 2026
Open
3 tasks
herrBez pushed a commit to herrBez/integrations that referenced this pull request Jun 1, 2026
@brijesh-elastic @herrBez
zscaler_zia: Add support for SaaS Security data stream (elastic#18844)
124c783 
This data stream collects SaaS Security logs[1] (including Collaboration, CRM, Email,
File, Gen AI, ITSM, Public Cloud Storage, and Repository) using Zscaler ZIA
Nanolog Streaming Service (NSS).

Test samples were derived from documentation and live data samples, 
which were subsequently sanitized.

[1] https://help.zscaler.com/zia/nss-feed-output-format-saas-security-logs
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kcreddy kcreddy kcreddy approved these changes

@efd6 efd6 efd6 approved these changes

Assignees

@brijesh-elastic brijesh-elastic

Labels

dashboard Relates to a Kibana dashboard bug, enhancement, or modification. documentation Improvements or additions to documentation. Applied to PRs that modify *.md files. enhancement New feature or request Integration:zscaler_zia Zscaler Internet Access Team:SDE-Crest Crest developers on the Security Integrations team [elastic/sit-crest-contractors] Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations]

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@brijesh-elastic @elasticmachine @kcreddy @efd6 @andrewkroh