Zendesk API token is created
Set up the zendesk integration.
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。
Goal
Detect when an API token is created in Zendesk Admin Center.
Strategy
Monitor Zendesk audit logs to look for events with an @source_label
value of "Zendesk API: Active API tokens"
and @evt.category:create
. API tokens are auto-generated passwords in the Zendesk Admin Center. API tokens can be used to impersonate anyone in the account, including admins.
Triage and response
- Determine if the user
{{@usr.name}}
intended to create a new API token. - If the API token is not required for a legitimate business use case, delete the token.