Zendesk Automatic Redaction is disabled

zendesk

Classification:

attack

Set up the zendesk integration.

Goal

Detect when the Automatic Redaction setting is disabled.

Strategy

Monitor Zendesk audit logs to look for events with an @source_label value of "Security: Automatic redaction" and message:"Turned off". The Automatic Redaction feature redacts or removes digits from credit card numbers found in ticket comments or custom fields so that the numbers are no longer useful.

Triage and response

  1. Determine if the user {{@usr.name}} intended to disable the Automatic Redaction feature.
  2. If the Automatic Redaction is required for a legitimate business use case, enable the feature.