Audit Logs

77 Comments

  • Caroline Kello
    Zendesk Product Manager

    Hey Randy, that's an interesting one! Like a success/failure log when... A comment is submitted on a ticket where the channel is email? When we send you a password reset email? If you could give some examples of what would be beneficial for you to see that'd be super helpful.

    Would love some pointers to other platforms that do this too if you have it handy. 

    -1
  • Pris

    Pulling the user audit log via API into SIEM does not include `Actor name` field? How can I correlate `Actor_id` with `Actor_name`? Am I missing something here?

    1
  • Randy Magliozzi

    Re: Access to Email logs.  When integrating customer engagement workflows across cloud apps, it's often a requirement to send an end-user email communication (new subscription, service request confirmation, partner deal registrations, etc.).  When using shared tenant platforms like Zendesk, we can't control exactly when an email communication is sent or the outcome (e.g., bounce).  And with so many different email clients (public ones, private ones), we can't be sure it reaches the intended users inbox.  So having access to Email send logs is very helpful when building a new workflow or troubleshooting one.  Platforms like Salesforce (& Service Cloud) provide self-service access to the email send logs.  Magentrix provides admin visibility to any email sent from any portal or community site, and as another example, Highspot also provides logs of Email sending.   I'm sure Zendesk is capturing and logging this information -- it would be great if admins had visibilty -- if only for 7 days (Salesforce Service Cloud is 30 days with 7 day window per request).  Thank you for considering.

    1
  • Michelle Chen

    Hi team,

    I'd also like to see end user data in the audit logs (similar to what we see today for agent users). Our end users are looking for this data for security audit reasons. The data they're looking for is:

    • user
    • source ip
    • login timestamps
    • user upload/download events

    If this data was added on to the audit logs, we would be able to generate these reports for our end users.

    Thanks!

    1
  • Caroline Kello
    Zendesk Product Manager

    Pris - you're right, the audit log API doesn't contain an attribute for the name of the Actor. I think you'll need to cross-reference with the Users API. I think you raise a valid point so I'll add this to our backlog to investigate us adding in the Actor name. 

     

    Randy Magliozzi - thanks for this additional context! Appreciate it. It's not something we've any current plans on addressing but I understand why it'd be beneficial for you. 

     

    Michelle Chen - we're deliberately not adding any end-user events to the audit log at the moment as there are additional guardrails for compliances such as GDPR that we need to understand beforehand. Do you have more details as to why your end users are looking for the data you mentioned? This is for their record of their own activity? 

    -1
  • Michelle Chen

    Caroline, that's right. It would be for their own record. They let us know they need the log data for their internal audit because they're using a third-party web site. They would use the login/logout data for a kind of user behavior analytics. For example, they would monitor how often a user logged into Zendesk and when the user logged in/logged out Zendesk. If activities of a user are abnormal, for instance the user logged into Zendesk at midnight, their audit team contacts the user to check the activities.

     

    They laid out some additional items on what they're looking for:
    Every login and logout events for each of their user. This logging should include:

    Mandatory: User's email address, timestamp when the user login/logout.
    Optional: The source IP address from which the user accessed to Zendesk.

    They understand some cases, a user may not logout explicitly and so in those scenarios, they'd want to see something like:

    [Date/time] [User] - [User email] at [IP] was logged out due to inactivity.

     

    1
  • Kyle Pinkley

    We noticed that the Audit Log does not contain an entry when the external ID is changed manually via the API. Please take this into consideration. 

    1
  • CJ Johnson

    Audit log really needs App changes listed. 

    0
  • Caroline Kello
    Zendesk Product Manager

    What kind of App changes are you interested in? Setting changes that you can make to the app in  Admin Center > Apps and integrations, or something else?

    0
  • CJ Johnson

    I would love to know when apps were: 
    Activated
    Deactivated
    Added 
    Deleted 
    Settings were changed, such as group or admin access. 

    0
  • Caroline Kello
    Zendesk Product Manager

    Gotcha. In my test account I can see Audit log events for install and uninstall, and then just Updated events for enable/disable and permission changes with no additional details in the Activity column. I'll create a JIRA for our backlog to add more descriptive info in the Activity column for the events we currently capture.

    0
  • Yasser Taraka

    2 requests: 

    - Ability to see granular changes like ticket form conditions

    - Seeing the exact changes straight away, instead of having to parse it manually through the "From" to "To" in the activity section.  

     

    Thanks 

    1
  • Caroline Kello
    Zendesk Product Manager

    Hey Yasser, can you explain a little bit more about what you mean by "seeing the exact changes straight away"?

    0
  • Yasser Taraka

    When exporting the audit log data as a csv, I am finding myself having to go through each individual activity (I am interested in investigating) and laying all the "From" and "To" changes and parsing through the text and often times Field or member IDs to track the actual distinct change that occurred.  

    It would be very helpful to be able to only see the added or removed condition or action in a given activity.  

    0
  • Caroline Kello
    Zendesk Product Manager

    Thanks for explaining; it'll be interesting to see if any other folks on this thread agree as it's been a consistent piece of feedback that it's the preference to the see the from/to values. The reasoning has been that most often the next step that's taken after finding the right audit event is to revert the change back to its previous state, meaning I'd need to know the before and after value in order to do that.

    0
  • Caroline Kello
    Zendesk Product Manager

    Hello everyone!

    We appreciate your feedback on this topic and would love to hear more directly from you live. Please join us on July 27 at 11AM CDT for our PM Roundtable on Permissions and Audit log. It’ll be an open discussion on what is and isn’t working for you on this focus area of Zendesk. So please bring those questions, concerns and feedback because we want to hear from you! The link to register can be found here, we’d love to see you all there.

    Best regards, Caroline

    0
  • Shawna James
    Community Product Feedback Specialist

    Thank you so much for providing feedback on this area! In case you missed it, we wanted to make sure you saw the recording and event follow up from our most recent PM Roundtable on this subject matter. Please find the recording and follow up article from the event. Thank you again for your feedback!

    0

Please sign in to leave a comment.

Powered by Zendesk