Zendesk API token is created

zendesk

Classification:

attack

Tactic:

TA0003-persistence

Technique:

T1098-account-manipulation

Set up the zendesk integration.

이 페이지는 아직 영어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Goal

Detect when an API token is created in Zendesk Admin Center.

Strategy

Monitor Zendesk audit logs to look for events with an @source_label value of "Zendesk API: Active API tokens" and @evt.category:create. API tokens are auto-generated passwords in the Zendesk Admin Center. API tokens can be used to impersonate anyone in the account, including admins.

Triage and response

  1. Determine if the user {{@usr.name}} intended to create a new API token.
  2. If the API token is not required for a legitimate business use case, delete the token.
PREVIEWING: drodriguezhdez/add_public_docs_log_summarization