We have successfully connected Sentinel with Zscaler and so far the logs that are getting ingested into the workspace are more or less the urls that are getting allowed/blocked. Is there anything else that needs to be done to get more logs or any documentation that could help us do it? 

If it not too much to ask can a status of the machine active/inactive, last connected time etc be ingested as well so that we can create a playbook for the respective IT teams to take action on it?

Any help wrt to this will be on great help to us!