Audit Logs

67 Comments

  • Caroline Kello
    Zendesk Product Manager

    Hey Randy, that's an interesting one! Like a success/failure log when... A comment is submitted on a ticket where the channel is email? When we send you a password reset email? If you could give some examples of what would be beneficial for you to see that'd be super helpful.

    Would love some pointers to other platforms that do this too if you have it handy. 

    -1
  • Pris

    Pulling the user audit log via API into SIEM does not include `Actor name` field? How can I correlate `Actor_id` with `Actor_name`? Am I missing something here?

    1
  • Randy Magliozzi

    Re: Access to Email logs.  When integrating customer engagement workflows across cloud apps, it's often a requirement to send an end-user email communication (new subscription, service request confirmation, partner deal registrations, etc.).  When using shared tenant platforms like Zendesk, we can't control exactly when an email communication is sent or the outcome (e.g., bounce).  And with so many different email clients (public ones, private ones), we can't be sure it reaches the intended users inbox.  So having access to Email send logs is very helpful when building a new workflow or troubleshooting one.  Platforms like Salesforce (& Service Cloud) provide self-service access to the email send logs.  Magentrix provides admin visibility to any email sent from any portal or community site, and as another example, Highspot also provides logs of Email sending.   I'm sure Zendesk is capturing and logging this information -- it would be great if admins had visibilty -- if only for 7 days (Salesforce Service Cloud is 30 days with 7 day window per request).  Thank you for considering.

    1
  • Michelle Chen

    Hi team,

    I'd also like to see end user data in the audit logs (similar to what we see today for agent users). Our end users are looking for this data for security audit reasons. The data they're looking for is:

    • user
    • source ip
    • login timestamps
    • user upload/download events

    If this data was added on to the audit logs, we would be able to generate these reports for our end users.

    Thanks!

    1
  • Caroline Kello
    Zendesk Product Manager

    Pris - you're right, the audit log API doesn't contain an attribute for the name of the Actor. I think you'll need to cross-reference with the Users API. I think you raise a valid point so I'll add this to our backlog to investigate us adding in the Actor name. 

     

    Randy Magliozzi - thanks for this additional context! Appreciate it. It's not something we've any current plans on addressing but I understand why it'd be beneficial for you. 

     

    Michelle Chen - we're deliberately not adding any end-user events to the audit log at the moment as there are additional guardrails for compliances such as GDPR that we need to understand beforehand. Do you have more details as to why your end users are looking for the data you mentioned? This is for their record of their own activity? 

    -1
  • Michelle Chen

    Caroline, that's right. It would be for their own record. They let us know they need the log data for their internal audit because they're using a third-party web site. They would use the login/logout data for a kind of user behavior analytics. For example, they would monitor how often a user logged into Zendesk and when the user logged in/logged out Zendesk. If activities of a user are abnormal, for instance the user logged into Zendesk at midnight, their audit team contacts the user to check the activities.

     

    They laid out some additional items on what they're looking for:
    Every login and logout events for each of their user. This logging should include:

    Mandatory: User's email address, timestamp when the user login/logout.
    Optional: The source IP address from which the user accessed to Zendesk.

    They understand some cases, a user may not logout explicitly and so in those scenarios, they'd want to see something like:

    [Date/time] [User] - [User email] at [IP] was logged out due to inactivity.

     

    1
  • Kyle Pinkley

    We noticed that the Audit Log does not contain an entry when the external ID is changed manually via the API. Please take this into consideration. 

    1

Please sign in to leave a comment.

Powered by Zendesk