From 33fa9ce5ec6db74e5083405ed83c027b3d92ba49 Mon Sep 17 00:00:00 2001 From: Jagadisha V <129049263+JV0812@users.noreply.github.com> Date: Fri, 25 Oct 2024 23:14:32 +0530 Subject: [PATCH] Zendesk App doc (#4689) * Zendesk App doc * minor fix * Update 2024-10-30-apps.md * Update docs/integrations/saas-cloud/zendesk.md Co-authored-by: John Pipkin (Sumo Logic) --------- Co-authored-by: John Pipkin (Sumo Logic) --- blog-service/2024-10-30-apps.md | 16 +++ cid-redirects.json | 1 + .../product-list/product-list-m-z.md | 2 +- docs/integrations/saas-cloud/index.md | 6 ++ docs/integrations/saas-cloud/zendesk.md | 102 ++++++++++++++++++ sidebars.ts | 1 + 6 files changed, 127 insertions(+), 1 deletion(-) create mode 100644 blog-service/2024-10-30-apps.md create mode 100644 docs/integrations/saas-cloud/zendesk.md diff --git a/blog-service/2024-10-30-apps.md b/blog-service/2024-10-30-apps.md new file mode 100644 index 0000000000..fa549a4c8a --- /dev/null +++ b/blog-service/2024-10-30-apps.md @@ -0,0 +1,16 @@ +--- +title: Zendesk (Apps) +image: https://help.sumologic.com/img/sumo-square.png +keywords: + - zendesk + - apps +hide_table_of_contents: true +--- + +import useBaseUrl from '@docusaurus/useBaseUrl'; + +icon + +We're excited to introduce the new Zendesk app for Sumo Logic. This app leverages the Sumo Logic Cloud-to-Cloud Zendesk source to collect audit logs, providing security analysts with critical visibility into their Zendesk environment. + +Explore our technical documentation [here](/docs/integrations/saas-cloud/zendesk/) to learn how to set up and use the Zendesk app for Sumo Logic. diff --git a/cid-redirects.json b/cid-redirects.json index 11b5e5b389..6a3cef4372 100644 --- a/cid-redirects.json +++ b/cid-redirects.json @@ -1975,6 +1975,7 @@ "/cid/22673": "/docs/integrations/google/cloud-storage", "/cid/22674": "/docs/integrations/google/cloud-functions", "/cid/22675": "/docs/integrations/google/cloud-sql", + "/cid/23233": "/docs/integrations/saas-cloud/zendesk", "/cid/2323": "/docs/integrations/saas-cloud/zoom", "/cid/2324": "/docs/integrations/saas-cloud/workday", "/cid/23433": "/docs/search/search-query-language/search-operators/topk", diff --git a/docs/integrations/product-list/product-list-m-z.md b/docs/integrations/product-list/product-list-m-z.md index 53d4da8d3b..c56979060c 100644 --- a/docs/integrations/product-list/product-list-m-z.md +++ b/docs/integrations/product-list/product-list-m-z.md @@ -221,7 +221,7 @@ For descriptions of the different types of integrations Sumo Logic offers, see [ | Logo | Vendors and Products | Integrations | | :-- | :-- | :-- | | Thumbnail icon | [Zebrium](https://www.zebrium.com/) | Webhook: [Zebrium RCaaS](/docs/integrations/webhooks/zebrium-rcaas/) | -| Thumbnail icon | [Zendesk](https://www.zendesk.com/) | Automation integration: [Zendesk](/docs/platform-services/automation-service/app-central/integrations/zendesk/)
Collector: [Zendesk Source](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/zendesk-source/) | +| Thumbnail icon | [Zendesk](https://www.zendesk.com/) | App: [Zendesk](/docs/integrations/saas-cloud/zendesk/)
Automation integration: [Zendesk](/docs/platform-services/automation-service/app-central/integrations/zendesk/)
Collector: [Zendesk Source](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/zendesk-source/) | | Thumbnail icon | [Zenduty](https://www.zenduty.com/) | Webhook: [Zenduty](/docs/integrations/webhooks/zenduty/) | | Thumbnail icon | [Zero Networks](https://zeronetworks.com/) | Cloud SIEM integration: [Zero Networks](https://github.com/SumoLogic/cloud-siem-content-catalog/blob/master/vendors/3e3c8813-9644-4fd6-9d6f-78bb8ffc5f44.md)
Collector: [Zero Networks Segment Source](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/zero-networks-segment-source/) | | Thumbnail icon | [ZeroFox](https://www.zerofox.com/) | Automation integration: [ZeroFOX](/docs/platform-services/automation-service/app-central/integrations/zerofox/)
Partner integration: ZeroFox integration | diff --git a/docs/integrations/saas-cloud/index.md b/docs/integrations/saas-cloud/index.md index 193285d418..2adf6691d4 100644 --- a/docs/integrations/saas-cloud/index.md +++ b/docs/integrations/saas-cloud/index.md @@ -286,6 +286,12 @@ Learn about the Sumo Logic apps for SaaS and Cloud applications.

Monitor Workday login activity, user activity, and admin activity.

+
+
+ icon

Zendesk

 +

Identify security threats by analyzing audit logs.

+
+
icon

Zoom

 diff --git a/docs/integrations/saas-cloud/zendesk.md b/docs/integrations/saas-cloud/zendesk.md new file mode 100644 index 0000000000..7e90dada9d --- /dev/null +++ b/docs/integrations/saas-cloud/zendesk.md @@ -0,0 +1,102 @@ +--- +id: zendesk +title: Zendesk +sidebar_label: Zendesk +description: The Zendesk app for Sumo Logic provides security analysts with critical visibility into their Zendesk environment. +--- + +import useBaseUrl from '@docusaurus/useBaseUrl'; + +Zendesk-icon + +The Sumo Logic app for Zendesk is designed to provide security analysts with critical visibility into their organization's Zendesk environment. It offers real-time monitoring of audit events, user activity, and security-related changes such as logins, user provisioning, and configuration updates. The app includes dashboards that track the actions of users, groups, and organizations, highlighting potential risks like audits from risky locations or impossible login attempts. + +Security analysts can quickly identify anomalous behavior, unauthorized access, and suspicious activities through detailed visualizations of audit trails and geographic trends. The app's integration with Zendesk ensures seamless tracking of key security metrics, empowering analysts to detect, investigate, and respond to threats promptly. This makes it an essential tool for securing Zendesk environments and ensuring compliance with security policies. + +:::info +This app includes [built-in monitors](#zendesk-monitors). For details on creating custom monitors, refer to [Create monitors for Zendesk app](#create-monitors-for-zendesk-app). +::: + +## Log types + +This app uses Sumo Logic’s Zendesk Source to collect [audit logs](https://developer.zendesk.com/api-reference/ticketing/account-configuration/audit_logs/) from Zendesk platform. + +## Sample log messages + +```json title="Event Log" + { + "url": "https://unity/api/v2/audit_logs/17296759404950.json", + "id": 1729675940, + "action_label": "Updated", + "actor_id": 1729675940, + "source_id": 44991493, + "source_type": "organization", + "source_label": "Organization: NCSOFT Corporation", + "action": "update", + "change_description": "Group changed from Premium Support to Premium Support Korea", + "ip_address": "77.105.132.70", + "created_at": "2024-10-23T15:02:20Z", + "actor_name": "****** Langalia" +} +``` +## Sample queries + +```sql title="Total Audits" +_sourceCategory="Labs/Zendesk" +| json "url","id","action_label","actor_id","source_id","source_type","source_label","action","change_description","ip_address","created_at","actor_name" as url, id, action_label, actor_id, source_id, source_type, source_label, action, change_description, ip_address, created_at, actor_name nodrop + +// Global filters +| where action matches "{{action}}" +| where actor_name matches "{{actor_name}}" +| where source_type matches "{{source_type}}" +| count by id +| count +``` + +## Set up collection + +To set up the [Zendesk Source](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/zendesk-source) for the Zendesk app, follow the instructions provided. These instructions will guide you through the process of creating a source using the Zendesk Source category, which you will need to use when installing the app. By following these steps, you can ensure that your Zendesk app is properly integrated and configured to collect and analyze your Zendesk data. + +## Installing the Zendesk app​ + +import AppInstall2 from '../../reuse/apps/app-install-v2.md'; + + + +## Viewing Zendesk dashboards​​ + +import ViewDashboards from '../../reuse/apps/view-dashboards.md'; + + + +### Overview + +The **Zendesk - Overview** dashboard provides a high-level summary of key security metrics. It tracks total audit events, newly created users, groups, and organizations, helping security analysts monitor real-time activity. The dashboard breaks down audit actions by type, source, and geography, allowing for quick identification of suspicious activity or trends, such as logins or audits from risky locations. Top actors and recent audits are displayed to show who is making changes. Analysts can also track sign-in events over time to spot unusual login patterns, ensuring timely detection of potential threats.
Zendesk-Overview + +## Create monitors for Zendesk app + +import CreateMonitors from '../../reuse/apps/create-monitors.md'; + + + +### Zendesk monitors + +The Zendesk Monitors serve as a security tool, concentrating on observing essential operations and unusual occurrences within the Zendesk Platform. These notifications offer instantaneous insight into significant events, allowing security personnel to swiftly react to deviations or breaches. + +| Name | Description | Trigger Type (Critical / Warning / MissingData) | Alert Condition | +|:--|:--|:--|:--| +| `Zendesk - Audits from Risky Locations` | This alert is triggered when audit events, such as user actions or configuration changes are performed from geographical locations identified as high-risk. These risky locations may correlate with regions known for cyberattacks or unauthorized activity, making it crucial to investigate these events for potential security risks. | Critical | Count > 0 | +| `Zendesk - Impossible Login Events` | This alert notifies you of login attempts that are classified as *impossible*. This could mean logins from multiple geographically distant locations within a short time frame or logins from suspicious devices. Impossible login events often signal a compromise in account security, warranting immediate investigation to ensure no unauthorized access has occurred | Critical | Count > 0| + + +## Upgrading the Zendesk app (Optional) + +import AppUpdate from '../../reuse/apps/app-update.md'; + + + +## Uninstalling the Zendesk app (Optional) + +import AppUninstall from '../../reuse/apps/app-uninstall.md'; + + \ No newline at end of file diff --git a/sidebars.ts b/sidebars.ts index e0a5241080..89903eec1c 100644 --- a/sidebars.ts +++ b/sidebars.ts @@ -2482,6 +2482,7 @@ integrations: [ 'integrations/saas-cloud/tenable', 'integrations/saas-cloud/webex', 'integrations/saas-cloud/workday', + 'integrations/saas-cloud/zendesk', 'integrations/saas-cloud/zoom', ], },