Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add references to rules (zendesk_rules) #1034

Merged
merged 3 commits into from
Dec 12, 2023
Merged

Add references to rules (zendesk_rules) #1034

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
4221029
Add references to rules (zendesk_rules)
akozlovets098 Dec 12, 2023
69960cb
Add references to rules (zendesk_rules)
akozlovets098 Dec 12, 2023
614d031
Merge branch 'main' into Add-references-to-rules-zendesk
Dec 12, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions rules/zendesk_rules/zendesk_mobile_app_access.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ Reports:
- TA0003:T1078
Severity: Medium
Description: A user updated account setting that enabled or disabled mobile app access.
Reference: https://support.zendesk.com/hc/en-us/articles/4408846407066-About-the-Zendesk-Support-mobile-app#:~:text=More%20settings.-,Configuring%20the%20mobile%20app,-Activate%20the%20new
SummaryAttributes:
- p_any_ip_addresses
Tests:
Expand Down
1 change: 1 addition & 0 deletions rules/zendesk_rules/zendesk_new_api_token.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ Reports:
- TA0006:T1528
Description: A user created a new API token to be used with Zendesk.
Runbook: Validate the api token was created for valid use case, otherwise delete the token immediately.
Reference: https://support.zendesk.com/hc/en-us/articles/4408889192858-Managing-access-to-the-Zendesk-API#topic_bsw_lfg_mmb:~:text=enable%20token%20access.-,Generating%20API%20tokens,-To%20generate%20an
SummaryAttributes:
- p_any_ip_addresses
Tests:
Expand Down
1 change: 1 addition & 0 deletions rules/zendesk_rules/zendesk_new_owner.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ Reports:
MITRE ATT&CK:
- TA0004:T1078
Description: Only one admin user can be the account owner. Ensure the change in ownership is expected.
Reference: https://support.zendesk.com/hc/en-us/articles/4408822084634-Changing-the-account-owner
SummaryAttributes:
- p_any_ip_addresses
Tests:
Expand Down
1 change: 1 addition & 0 deletions rules/zendesk_rules/zendesk_sensitive_data_redaction.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ Reports:
Severity: High
Description: A user updated account setting that disabled credit card redaction.
Runbook: Re-enable credit card redaction.
Reference: https://support.zendesk.com/hc/en-us/articles/4408822124314-Automatically-redacting-credit-card-numbers-from-tickets
SummaryAttributes:
- p_any_ip_addresses
Tests:
Expand Down
1 change: 1 addition & 0 deletions rules/zendesk_rules/zendesk_user_assumption.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ Severity: Medium
Description: User enabled or disabled zendesk support user assumption.
Runbook: >
Investigate whether allowing zendesk support to assume users is necessary. If not, disable the feature.
Reference: https://support.zendesk.com/hc/en-us/articles/4408894200474-Assuming-end-users#:~:text=In%20Support%2C%20click%20the%20Customers,user%20in%20the%20information%20dialog
SummaryAttributes:
- p_any_ip_addresses
Tests:
Expand Down
1 change: 1 addition & 0 deletions rules/zendesk_rules/zendesk_user_role.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ LogTypes:
- Zendesk.Audit
Severity: Info
Description: A user's Zendesk role was changed
Reference: https://support.zendesk.com/hc/en-us/articles/4408824375450-Setting-roles-and-access-in-Zendesk-Admin-Center
SummaryAttributes:
- p_any_ip_addresses
Tests:
Expand Down
1 change: 1 addition & 0 deletions rules/zendesk_rules/zendesk_user_suspension.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ Reports:
Severity: High
Description: A user's Zendesk suspension status was changed.
Runbook: Ensure the user's suspension status is appropriate.
Reference: https://support.zendesk.com/hc/en-us/articles/4408889293978-Suspending-a-user#:~:text=select%20Unsuspend%20access.-,Identifying%20suspended%20users,name%20on%20the%20Customers%20page
SummaryAttributes:
- p_any_ip_addresses
Tests:
Expand Down