Zendesk IP restriction settings is disabled

zendesk

Classification:

attack

Set up the zendesk integration.

이 페이지는 아직 한국어로 제공되지 않으며 번역 작업 중입니다. 번역에 관한 질문이나 의견이 있으시면 언제든지 저희에게 연락해 주십시오.

Goal

Detect when IP restriction is disabled.

Strategy

Monitor Zendesk audit logs to look for events with an @source_label value of "Security: Enable IP restrictions" and message:"Turned off". IP restriction allows administrators to limit access to Zendesk to users within a certain range of IP addresses only.

Triage and response

  1. Determine if the user {{@usr.name}} intended to disable IP restriction.
  2. If there is not a legitimate business use case, reset the IP restrictions to the original configuration.