Zendesk IP restriction settings is disabled

zendesk

Classification:

attack

Set up the zendesk integration.

Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.

Goal

Detect when IP restriction is disabled.

Strategy

Monitor Zendesk audit logs to look for events with an @source_label value of "Security: Enable IP restrictions" and message:"Turned off". IP restriction allows administrators to limit access to Zendesk to users within a certain range of IP addresses only.

Triage and response

  1. Determine if the user {{@usr.name}} intended to disable IP restriction.
  2. If there is not a legitimate business use case, reset the IP restrictions to the original configuration.