zendesk

Classification:

attack

Set up the zendesk integration.

Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.

Goal

Detect when the Zendesk account assumption setting is enabled.

Strategy

Monitor Zendesk audit logs to look for events with an @source_label value of "Security: Enable Account assumption". Account assumption grants Zendesk the ability to access your account to troubleshoot an issue. It allows Zendesk to assume the role of an agent for a specified amount of time.

Triage and response

  1. Determine if the user {{@usr.name}} intended to enable the account assumption setting.
  2. If Zendesk support should not have the ability to assume the role of an agent, disable the setting.
PREVIEWING: may/unit-testing