ZSCALER AND MICROSOFT DEFENDER FOR CLOUD APPS DEPLOYMENT GUIDE
15©2023 Zscaler, Inc. All rights reserved.
• Response Codes: Use this filter to limit the logs based on the HTTP response code obtained from the server
or generated by the ZIA Public Service Edge. Multiple selections are allowed.
• Request Sizes: Use this filter to limit the logs based on HTTP request size. Enter either a specific size or
a range with a dash. By default, the service uses bytes, but you can also specify KB, MB, GB, or TB (e.g.,
10KB-1MB, 200). You can enter multiple entries. Press Enter aer each entry.
• Response Sizes: Use this filter to limit the logs based on HTTP response size. Enter either a specific size
or a range with a dash. By default, the service uses bytes, but you can also specify KB, MB, GB, or TB (e.g.,
10KB-1MB, 200). You can enter multiple entries. Press Enter aer each entry.
• Transaction Sizes: Use this filter to limit the logs based on transaction size, which is the header and body
request or response size, or the request and response size. Enter either a specific size or a range with a dash.
By default, the service uses bytes, but you can also specify KB, MB, GB, or TB (e.g., 10KB-1MB, 200). You can
enter multiple entries. Press Enter aer each entry.
• Referrer URLs: Use this filter to limit the logs based on the Referrer URL in the HTTP header. You can use
wildcards based on the rules:
• *string: Suffix matching match URLs ending with ‘string’.
• String*: Prefix matching match URLs beginning with ‘string’.
• *string*: Substring matching match URLs containing ‘string’.
• String: Exact matching match URLs that are exactly ‘string’.
Multiple strings are allowed. Enter one string per line. String search is not case-sensitive.
• To Where:
• URL Filter Type: Use this filter to limit the logs based on URLs in HTTP Requests. You can specify either a
Hostname or the Full URL. You can use wildcards based on the rules:
• *string: Suffix matching match URLs ending with ‘string’.
• String*: Prefix matching match URLs beginning with ‘string’.
• *string*: Substring matching match URLs containing ‘string’.
• String: Exact matching match URLs that are exactly ‘string’.
• Hostnames: Use this filter to limit the logs based on specific hostnames.
• URL Classes: Use this filter to limit the logs to specific URL classes (government agencies, see URL classes).
Select those that you want to include. Multiple selections are allowed.
• URL Super Categories: Use this filter to limit the logs to specific URL super categories (government agencies,
see URL super categories). Select those that you want to include. Multiple selections are allowed.
• URL Categories: Use this filter to limit the logs to specific URL categories (government agencies, see URL
classes). Select those that you want to include. Multiple selections are allowed.
• Server IP Addresses: Use this filter to limit the logs based on the destination server’s IP address. You can
enter:
• An IP address (e.g., 198.51.100.100).
• A range of IP addresses (e.g., 192.0.2.1-192.0.2.10).
• An IP address with a netmask (e.g., 203.0.113.0/24).
You can enter multiple entries. Press Enter aer each entry.