Add references to rules (zendesk_rules) (#1034)

* Add references to rules (zendesk_rules) * Add references to rules (zendesk_rules) --------- Co-authored-by: Evan Gibler <[email protected]>
panther-labs · Dec 12, 2023 · 6d95214 · 6d95214
1 parent ac00a3c
commit 6d95214
Show file tree

Hide file tree

Showing 7 changed files with 7 additions and 0 deletions.
diff --git a/rules/zendesk_rules/zendesk_mobile_app_access.yml b/rules/zendesk_rules/zendesk_mobile_app_access.yml
@@ -14,6 +14,7 @@ Reports:
     - TA0003:T1078
 Severity: Medium
 Description: A user updated account setting that enabled or disabled mobile app access.
+Reference: https://support.zendesk.com/hc/en-us/articles/4408846407066-About-the-Zendesk-Support-mobile-app#:~:text=More%20settings.-,Configuring%20the%20mobile%20app,-Activate%20the%20new
 SummaryAttributes:
   - p_any_ip_addresses
 Tests:

diff --git a/rules/zendesk_rules/zendesk_new_api_token.yml b/rules/zendesk_rules/zendesk_new_api_token.yml
@@ -15,6 +15,7 @@ Reports:
     - TA0006:T1528
 Description: A user created a new API token to be used with Zendesk.
 Runbook: Validate the api token was created for valid use case, otherwise delete the token immediately.
+Reference: https://support.zendesk.com/hc/en-us/articles/4408889192858-Managing-access-to-the-Zendesk-API#topic_bsw_lfg_mmb:~:text=enable%20token%20access.-,Generating%20API%20tokens,-To%20generate%20an
 SummaryAttributes:
   - p_any_ip_addresses
 Tests:

diff --git a/rules/zendesk_rules/zendesk_new_owner.yml b/rules/zendesk_rules/zendesk_new_owner.yml
@@ -14,6 +14,7 @@ Reports:
   MITRE ATT&CK:
     - TA0004:T1078
 Description: Only one admin user can be the account owner. Ensure the change in ownership is expected.
+Reference: https://support.zendesk.com/hc/en-us/articles/4408822084634-Changing-the-account-owner
 SummaryAttributes:
   - p_any_ip_addresses
 Tests:

diff --git a/rules/zendesk_rules/zendesk_sensitive_data_redaction.yml b/rules/zendesk_rules/zendesk_sensitive_data_redaction.yml
@@ -15,6 +15,7 @@ Reports:
 Severity: High
 Description: A user updated account setting that disabled credit card redaction.
 Runbook: Re-enable credit card redaction.
+Reference: https://support.zendesk.com/hc/en-us/articles/4408822124314-Automatically-redacting-credit-card-numbers-from-tickets
 SummaryAttributes:
   - p_any_ip_addresses
 Tests:

diff --git a/rules/zendesk_rules/zendesk_user_assumption.yml b/rules/zendesk_rules/zendesk_user_assumption.yml
@@ -15,6 +15,7 @@ Severity: Medium
 Description: User enabled or disabled zendesk support user assumption.
 Runbook: >
   Investigate whether allowing zendesk support to assume users is necessary. If not, disable the feature.
+Reference: https://support.zendesk.com/hc/en-us/articles/4408894200474-Assuming-end-users#:~:text=In%20Support%2C%20click%20the%20Customers,user%20in%20the%20information%20dialog
 SummaryAttributes:
   - p_any_ip_addresses
 Tests:

diff --git a/rules/zendesk_rules/zendesk_user_role.yml b/rules/zendesk_rules/zendesk_user_role.yml
@@ -8,6 +8,7 @@ LogTypes:
   - Zendesk.Audit
 Severity: Info
 Description: A user's Zendesk role was changed
+Reference: https://support.zendesk.com/hc/en-us/articles/4408824375450-Setting-roles-and-access-in-Zendesk-Admin-Center
 SummaryAttributes:
   - p_any_ip_addresses
 Tests:

diff --git a/rules/zendesk_rules/zendesk_user_suspension.yml b/rules/zendesk_rules/zendesk_user_suspension.yml
@@ -15,6 +15,7 @@ Reports:
 Severity: High
 Description: A user's Zendesk suspension status was changed.
 Runbook: Ensure the user's suspension status is appropriate.
+Reference: https://support.zendesk.com/hc/en-us/articles/4408889293978-Suspending-a-user#:~:text=select%20Unsuspend%20access.-,Identifying%20suspended%20users,name%20on%20the%20Customers%20page
 SummaryAttributes:
   - p_any_ip_addresses
 Tests: