Block-URL-Zscaler playbook leverages power of two leading native cloud solutions, Azure Sentinel and Zscaler Internet Access to make fully automated threat responses. This playbook can be run from Azure Sentinel in response to an alert based on Zscaler Internet Access (ZIA) logs connected via the standard Zscaler data connector currently available in the Azure Sentinel Data connectors page or any other alert and data source which can return URLs for future actions. Playbook can be run manually or set to run automatically when specific alerts are triggered. When the alert is triggered, the URL will be added to the Blocked Malicious URLs in the Advanced Threat Protection policy via Zscaler API.
Note. Playbooks leverage Azure Logic Apps, therefore charges apply.
MITRE ATT&ACK Mitigation: Restrict Web-Based Content https://attack.mitre.org/mitigations/M1021/