Automatically Update URL Blocklists in Zscaler Using Torq

Blocking access to certain URLs is a simple, effective strategy for protecting users and the network. But, in a world where new and increasingly sophisticated scams seem to appear almost weekly, the task of maintaining that list can become overly burdensome when performed manually. 

Torq offers a number of ways to automate URL blocklist management, reducing manual effort and speeding up response to new threats.

How to automate URL blocklists using Torq

All Torq users have access to the pre-built workflow template Add and Remove URLs from the Global Blacklist (Zscaler). This flow will use the Torq chatbot to check URLs on request, then add to a global blocklist in Zscaler if needed. 

The default applications in this workflow are Slack and Zscaler, for chat and network security respectively. However, these can be customized with just a few clicks. 

Here’s how it works:

  1. A user sends a request to the Torq bot, either to check an unknown URL or to remove a previously-blocked URL. 
  2. If removing, the bot will return the associated information from Zscaler and ask to confirm removal before finishing the process. 
  3. If adding a new URL, Torq will return the associated categories from Zscaler, and ask to confirm the block request.
  4. Torq performs the requested action within Zscaler, then generates an updated list of blocked URLs. 
  5. The Torq bot then sends a confirmation of the request, along with the updated list for the user to reference. 

A portion of the Torq workflow for automating URL blocklists in Zscaler

This is a good example that shows how simple, off-the-shelf templates from Torq can help you automate security tasks in just a matter of minutes, giving analysts time back for higher impact work.  

Get the workflow template

Already a Torq customer? You can find this workflow and dozens more in the Torq template library. There you can find other network security workflows, like Analyze Suspicious URLs and IPs in VirusTotal, Block Malicious Files as IOCs using CrowdStrike, and Create IP Penalty Box with Timeout using Cloudflare

Get Started Today

Not using Torq yet? Get in touch for a trial account and see how the no-code security automation platform unifies your security, infrastructure, and collaboration tools to create a stronger security posture.