Zendesk Automatic Redaction is disabled

zendesk

Classification:

attack

Set up the zendesk integration.

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。

Goal

Detect when the Automatic Redaction setting is disabled.

Strategy

Monitor Zendesk audit logs to look for events with an @source_label value of "Security: Automatic redaction" and message:"Turned off". The Automatic Redaction feature redacts or removes digits from credit card numbers found in ticket comments or custom fields so that the numbers are no longer useful.

Triage and response

  1. Determine if the user {{@usr.name}} intended to disable the Automatic Redaction feature.
  2. If the Automatic Redaction is required for a legitimate business use case, enable the feature.