Please update the content of the audit log available for enterprise customers to include details on the creation, modification, deletion, and enable/disable for targets in ZenDesk. Also add my voice to those asking that the audit logs be made available in real-time in machine-readable form, using webhooks for example.
Hey Randy, that's an interesting one! Like a success/failure log when... A comment is submitted on a ticket where the channel is email? When we send you a password reset email? If you could give some examples of what would be beneficial for you to see that'd be super helpful.
Would love some pointers to other platforms that do this too if you have it handy.
Pulling the user audit log via API into SIEM does not include `Actor name` field? How can I correlate `Actor_id` with `Actor_name`? Am I missing something here?
Re: Access to Email logs. When integrating customer engagement workflows across cloud apps, it's often a requirement to send an end-user email communication (new subscription, service request confirmation, partner deal registrations, etc.). When using shared tenant platforms like Zendesk, we can't control exactly when an email communication is sent or the outcome (e.g., bounce). And with so many different email clients (public ones, private ones), we can't be sure it reaches the intended users inbox. So having access to Email send logs is very helpful when building a new workflow or troubleshooting one. Platforms like Salesforce (& Service Cloud) provide self-service access to the email send logs. Magentrix provides admin visibility to any email sent from any portal or community site, and as another example, Highspot also provides logs of Email sending. I'm sure Zendesk is capturing and logging this information -- it would be great if admins had visibilty -- if only for 7 days (Salesforce Service Cloud is 30 days with 7 day window per request). Thank you for considering.
I'd also like to see end user data in the audit logs (similar to what we see today for agent users). Our end users are looking for this data for security audit reasons. The data they're looking for is:
- source ip
- login timestamps
- user upload/download events
If this data was added on to the audit logs, we would be able to generate these reports for our end users.
Pris - you're right, the audit log API doesn't contain an attribute for the name of the Actor. I think you'll need to cross-reference with the Users API. I think you raise a valid point so I'll add this to our backlog to investigate us adding in the Actor name.
Randy Magliozzi - thanks for this additional context! Appreciate it. It's not something we've any current plans on addressing but I understand why it'd be beneficial for you.
Michelle Chen - we're deliberately not adding any end-user events to the audit log at the moment as there are additional guardrails for compliances such as GDPR that we need to understand beforehand. Do you have more details as to why your end users are looking for the data you mentioned? This is for their record of their own activity?
Caroline, that's right. It would be for their own record. They let us know they need the log data for their internal audit because they're using a third-party web site. They would use the login/logout data for a kind of user behavior analytics. For example, they would monitor how often a user logged into Zendesk and when the user logged in/logged out Zendesk. If activities of a user are abnormal, for instance the user logged into Zendesk at midnight, their audit team contacts the user to check the activities.
They laid out some additional items on what they're looking for:
Every login and logout events for each of their user. This logging should include:
Mandatory: User's email address, timestamp when the user login/logout.
Optional: The source IP address from which the user accessed to Zendesk.
They understand some cases, a user may not logout explicitly and so in those scenarios, they'd want to see something like:
[Date/time] [User] - [User email] at [IP] was logged out due to inactivity.
We noticed that the Audit Log does not contain an entry when the external ID is changed manually via the API. Please take this into consideration.
Audit log really needs App changes listed.
What kind of App changes are you interested in? Setting changes that you can make to the app in Admin Center > Apps and integrations, or something else?
I would love to know when apps were:
Settings were changed, such as group or admin access.
Gotcha. In my test account I can see Audit log events for install and uninstall, and then just Updated events for enable/disable and permission changes with no additional details in the Activity column. I'll create a JIRA for our backlog to add more descriptive info in the Activity column for the events we currently capture.
- Ability to see granular changes like ticket form conditions
- Seeing the exact changes straight away, instead of having to parse it manually through the "From" to "To" in the activity section.
Hey Yasser, can you explain a little bit more about what you mean by "seeing the exact changes straight away"?
When exporting the audit log data as a csv, I am finding myself having to go through each individual activity (I am interested in investigating) and laying all the "From" and "To" changes and parsing through the text and often times Field or member IDs to track the actual distinct change that occurred.
It would be very helpful to be able to only see the added or removed condition or action in a given activity.
Thanks for explaining; it'll be interesting to see if any other folks on this thread agree as it's been a consistent piece of feedback that it's the preference to the see the from/to values. The reasoning has been that most often the next step that's taken after finding the right audit event is to revert the change back to its previous state, meaning I'd need to know the before and after value in order to do that.
Please sign in to leave a comment.