Zendesk

Configuring a webhook integration with Zendesk allows Insights to automatically send detections and recommendations to Zendesk. The webhook also creates incident tickets automatically in Zendesk, eliminating the need for manual intervention and reducing delays. This helps your organization to improve its overall security posture.

⚠️

Important

Third-party documentation is subject to change. Updates might not be reflected in BeyondTrust documentation. For the most up-to-date information, visit Zendesk's Creating webhooks to interact with third-party systems documentation.

Requirements

• Admin access to Zendesk for service solution
• A Zendesk user account is assigned to a team member with the Agent Support role
• API Token access in the Zendesk API
• An Identity Security Insights account with administrator privileges.
• An account that has access to the applicable tenant in Identity Security Insights.

Configure Zendesk for integration

Create a team member with an Agent Support role

Log in to the Zendesk admin portal, and follow these steps to create a team member:

1. In the left menu, click People.
2. Under Team, click Team Members.
3. Click Create team member.
4. Enter a username. This name is used for creating the webhook in BeyondTrust Identity Security Insights.
5. Assign the Agent role to this user.

Create a custom field in Zendesk

In the Zendesk admin portal, follow these steps to create a custom field:

1. In the left menu, click Objects and rules.
2. Under Tickets, click Fields.
3. Click Add field.
4. Enter a Display name.
5. Select Text for the field type and Custom field for the tag.
6. Click Save.

Add an API token

1. In the left menu, click Apps and Integrations.
2. Under APIs, click Zendesk API.
3. Click the Settings tab, if necessary, and enable Token access, if necessary.
4. Click Add API token.
5. Enter API token description as IdentityInsights, and copy the API token. This token is used for creating the webhook in BeyondTrust Identity Security Insights.

Create a webhook integration for Zendesk

1. In Identity Security Insights, select your tenant.
2. In the upper left menu, click Insights > Integrations.
   The Integrations page displays the available integrations.
3. Click Webhooks or your product.
   The Summary page displays.
4. Click Create Integration.
   The Configure Integration page displays.
5. Enter the following information:
   • Name: A name for the new webhook.
   • Webhook URL: <http://youraccount.zendesk.com/appi/v2/tickets>
   • Authorization Type: Basic
   • Username: The agent username created in Zendesk with /token added immediately after it. For example, [email protected]/token
   • Password: The API access token created in Zendesk for Insights.
   • Webhook Template: Use the below test webhook JSON template to test the connection and send a webhook to Zendesk.
     • Change the id to the custom text field you added in the Zendesk ticket.
     • After a successful test with the static test data, the template can be configured. Create or change the fields and add variables as per your requirements.

   {
   						"ticket":{
   						"comment":{
   						"body":"%%definitionSummary%%"
   						},
   						"priority":"urgent",
   						"type":"incident",
   						"custom_fields":[
   						{
   						"id":"249xxxxxxx",
   						"value":"%%tenantId%%"
   						},
   						{
   						"id":"250xxxxxx",
   						"value":"%%entityType%%"
   						},
   						{
   						"id":"25080xxxxxxx",
   						"value":"%%source%%"
   						},
   						{
   						"id":"250xxxxxx",
   						"value":"%%location%%"
   						},
   						{
   						"id":"250xxxxxx",
   						"value":"%%entityName%%"
   						},
   						{
   						"id":"2508xxxxx",
   						"value":"%%link%%"
   						}
   						]
   						}
   						}
   

Create the Zendesk ticket

Detections, recommendations, and ticket creation are configured to occur automatically for your Zendesk integration.

You can also dynamically send the webhook to create a ticket in Zendesk, by following these steps:

1. In Identity Security Insights, in the header, select your tenant from the dropdown.
2. In the tenant's Home page dashboard, click View Detections.
3. Click the detection to open its details.
   The Detection Details page displays.
4. Click entity name for a listed detection to open its details.
   The Instance Details page displays.
5. Click Take Action > Zendesk.
   The ticket is created in Zendesk.

View the ticket in Zendesk

1. Log in to the admin portal as the Agent user and navigate to your Dashboard.
2. Click the ticket to view its details.

ℹ️

Note

For more information on working with Zendesk tickets, see Working with Tickets on Zendesk's documentation site.