Zendesk Logs
Panther supports pulling logs directly from Zendesk
Panther supports pulling logs directly from Zendesk. Panther can fetch Zendesk audit logs by querying the Zendesk Support API.
In order to set up Zendesk as a log source in Panther, you'll need to authorize Panther in Zendesk and then set up Zendesk as a log source in Panther.
Note the following limitations:
- Zendesk API rate limits depend on your Zendesk Suite Plan.
- This integration is only available for Zendesk's Enterprise and Enterprise Plus Suite Plans.
There are three different options to configure Zendesk to integrate with Panther:
You must be signed in as a Zendesk Support administrator to register an OAuth2 app. For more information, see Zendesk's OAuth documentation.
- 1.Log in to your Zendesk Admin Center.
- 2.Click the gear icon in the left sidebar, then navigate to Channels > Apps and Integrations> APIs> Zendesk API.
- 3.Click the OAuth Clients tab on the Channels/API page, and then click Add Oauth Client on the right side of the client list.
- A page for registering your application appears. The Secret field is pre-populated.
- 4.Complete the following required fields:
- Client Name - This is the name that you will see on a list of apps that have access to your Zendesk Support instance.
- Unique Identifier - Click the field to auto-populate it with the name you entered for your app. You can change it if you want.
- Redirect URLs - You will find this in the Zendesk log source onboarding flow in the Panther UI (see screenshot below). This is the URL that Zendesk Support will use to send the user's decision to grant access to your application.
- 5.Click Save.
- 6.When prompted, copy the Secret value and store it securely, as you will need it in the next steps.
- The characters may extend past the width of the text box, so make sure to select everything before copying.
- 7.Click Save.
You can also set up Zendesk as a log source by providing your Zendesk Support Admin email and password in the Panther. If you choose to go with this approach, proceed to the last section of this article and have your Admin email and password handy as you onboard Zendesk as a log source in the Panther Console.
The steps below can only be performed if you are a Zendesk Support administrator. You can read more on generating a Personal Access Token in Zendesk here.
- 1.Log in to your Zendesk Support account.
- 2.Click the gear icon in the left sidebar, then select Channels > Apps and Integrations> APIs > Zendesk API.
- 3.Click the Settings tab, and make sure Token Access is enabled.
- 4.Click the + button to the right of Active API Tokens.
- 5.Enter a name for the token, and click Create. The token is generated, and displayed in a pop-up window.
- 6.Copy the token (in red), and store it in a secure location. You will need it in the next steps.
- Note: Once this window is closed, the full token will never be displayed again.
- 1.Log in to your Panther Console.
- 2.In the left sidebar menu, click Configure > Log Sources.
- 3.Click Create New.
- 4.Select Zendesk from the list of available log sources. Click Start Source Setup.
- 5.On the next screen, enter a descriptive name for the source e.g.,
My Zendesk Audit logsand your organization's Zendesk subdomain. - 6.Click Continue Setup.
- 7.Authorize Panther to receive logs from Zendesk. Depending on the option you chose to configure Zendesk, follow the accompanying steps below:
- Option 1: Created an OAuth App.
- Fill in the fields. You can find this information on the details page of the OAuth app in your Zendesk account once you register the application.
- Client ID: Enter your Unique Identifier from Zendesk.
- Client Secret: Enter the Secret from Zendesk that you obtained in the earlier steps of this documentation.
- Option 2: Zendesk Support Admin Email and Password.
- Enter your Zendesk Support Admin Email and Password for basic authentication.
- Option 3: Generate a Personal Access Token.
- Enter your Zendesk Support Admin email. Copy the personal access token and paste it into the API token field.
- 8.Click Continue Setup.
- You will be directed to a success screen:
- 9.To finish the source setup:
- 1.Optionally configure a log drop-off alarm.
- Before you finish the setup, we recommend that you create a log drop-off alarm to alert you if data stops flowing from the log source. Be sure to set an appropriate time interval for when you would like Panther to alert you that the log source is not sending data.
- 2.
- 3.Click Finish Setup.
Required fields in the schema are listed as "required: true" just below the "name" field.
The audit log shows various changes in your Zendesk since the account was created. It saves a record of these changes indefinitely, and you can view the entire change history.
schema: Zendesk.Audit
parser:
native:
name: Zendesk.Audit
description: The audit log shows various changes in your Zendesk since the account was created. It saves a record of these changes indefinitely, and you can view the entire change history.
referenceURL: https://developer.zendesk.com/rest_api/docs/support/audit_logs
fields:
- name: action
description: Values can be 'login', 'create', 'update', or 'destroy'
type: string
- name: action_label
description: Localized string of action field
type: string
- name: actor_id
description: The id of the user creating the ticket
type: bigint
- name: change_description
description: The description of the change that occurred
type: string
- name: created_at
required: true
description: The time the audit got created
type: timestamp
timeFormat: rfc3339
isEventTime: true
- name: id
required: true
description: The id automatically assigned upon creation
type: bigint
- name: ip_address
description: The IP address of the user doing the audit
type: string
indicators:
- ip
- name: source_id
description: The id of the item being audited
type: bigint
- name: source_label
description: The name of the item being audited
type: string
- name: source_type
description: The item type being audited
type: string
- name: url
description: The URL to access the audit log
type: string
Last modified 1mo ago