Overview
A sophisticated APT group known as SCRUBZero has infiltrated Sea Cure Health. With patient data at risk and suspicious traffic escalating, your team must investigate, contain, and stop the attack before sensitive information is lost. Explore a custom scenario built on Zscaler that emulates a real‑world breach with realistic constraints and timelines.

Tools
Zscaler Internet Access (ZIA) for secure web gateway, threat detection, and traffic inspection; Zscaler Private Access (ZPA) for zero‑trust access to internal applications; Wireshark for packet analysis; Ghidra for reverse engineering.

Why it matters
Enterprise environments face relentless, targeted campaigns. Defenders must correlate suspicious traffic, validate phishing and SQL‑injection activity, and apply zero‑trust access controls quickly to contain intrusions. Practicing in a realistic Zscaler‑centric scenario builds confidence to protect regulated data and sustain critical services under pressure.

Who should play

SOC analysts, incident responders, blue‑team practitioners, cloud and network security engineers, security architects, and teams seeking practical experience investigating suspicious activity, validating threats, and applying Zero Trust access controls during active intrusion scenarios. Ideal for groups that want to strengthen coordination, decision‑making, and communication under pressure.

Zscaler Code Blue