I would recommend using logmon for this purpose.
Unhappily, the processes probe does not pick up the fact that a process is a zombie other than that there is no CPU usage any more (which makes sense because the process actually exited).
There does not seem to be a way to configure the probe to look for a CPU-usage of "null" so to speak hence the processes probe is not the right way.
For me, setting up a logmon profile that just ran "/bin/ps aux" with one watcher looking for "defunct" did the trick.
I do get alarms for every zombie process that exists. Unhappily, the alarms don't clear afterwards.
The best solution I came up with was to "extract" the PID from the log message and use it as the suppression key for the alarm. That way, alarms are properly deduplicated.
I then set up an AO profile in nas to auto-close alarms those alarms after 10 minutes. With a logmon interval set to 5 minutes, the alarms effectively auto-close when the zombies have disappeared for at least 5 minutes.