We have been trying to get ZPA (Zscaler Private Access) logs into Sentinel using the data connector described in Sentinel. The LSS was setup in AWS and the Log Receiver is an Azure Ubuntu VM.
It has not been successful at all and we just have some gibberish data (likely TCP traffic after a failed TLS handshake) in the Sentinel table. The plugin used by Sentinel is FluentD which is capturing the TCP data.
Has anyone succeeded in ingesting ZPA logs into Sentinel yet?