Zendesk
Integration version: 8.0
Configure Zendesk to work with Google Security Operations SOAR
An administrator generates an API token, and to do so please follow the following steps:
Navigate to the sidebar of your Zendesk interface and click the Admin icon, then select Channels > API.
- Click the Settings tab, and enable the Token Access.
- Click the + button to the right of Active API Tokens.
- Optionally, enter a description under API Token Description.
- Copy the token in order to use it later and paste it somewhere secure. The full token will never be displayed again after the window closure.
- Click Save to return to the API page.
Configure Zendesk integration in Google Security Operations SOAR
For detailed instructions on how to configure an integration in Google Security Operations SOAR, see Configure integrations.
Actions
Add Comment to Ticket
Description
Add a comment to an existing ticket.
Parameters
| Parameter | Type | Default Value | Description |
|---|---|---|---|
| Ticket ID | String | N/A | Ticket number. |
| Comment Body | String | N/A | N/A |
| Author Name | String | N/A | N/A |
| Internal Note | Boolean | N/A | N/A |
Use cases
N/A
Run On
This action runs on all entities.
Action Results
Entity Enrichment
N/A
Insights
N/A
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| is_success | True/False | is_success:False |
JSON Result
N/A
Apply Macros on Ticket
Description
Apply a macro to a ticket.
Parameters
| Parameter | Type | Default Value | Description |
|---|---|---|---|
| Ticket ID | String | N/A | Ticket number. |
| Macro Title | String | N/A | N/A |
Use cases
N/A
Run On
This action runs on all entities.
Action Results
Entity Enrichment
N/A
Insights
N/A
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| is_applied | True/False | is_applied:False |
JSON Result
N/A
Create Ticket
Description
Create a ticket with specific properties.
Known Limitations
Emails with unicode characters are not supported by the Zendesk API. It effects "Email CC" parameter. Action will just ignore them
Parameters
| Parameter | Type | Default Value | Description |
|---|---|---|---|
| Subject | String | N/A | N/A |
| Description | String | N/A | N/A |
| Assigned User | String | N/A | User full name. |
| Assignment Group | String | N/A | Group name. |
| Priority | String | N/A | Priority will be one of the following: urgent, high, normal, or low. |
| Ticket Type | String | N/A | Priority will be one of the following: urgent, high, normal, or low. |
| Tag | String | N/A | N/A |
| Internal Note | Checkbox | Un-checked | Specify whether the comment should be public, or internal. Unchecked means it will be public, checked means it will be internal only |
| Email CCs | CSV | N/A | Specify a comma-separated list of email addresses, which should also receive the notification of the ticket creation. Note: at max 48 email CCs can be added. This is Zendesk limitation. |
| Validate Email CCs | Boolean | Checked | If enabled, action will try to check that users with emails provided in "Email CCs" parameter exist. If at least one user doesn't exist, action will fail. If this parameter is disabled, action will not perform this check. |
Use cases
N/A
Run On
This action runs on all entities.
Action Results
Entity Enrichment
N/A
Insights
N/A
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| ticket_id | N/A | N/A |
JSON Result
N/A
Case Wall
| Result type | Value/Description | Type |
|---|---|---|
| Output message* | If "Validate Email CCs" is enabled and at least one email was not found (fail): Error executing action "{action name}". Reason: users with the following emails were not found: {entity.identifier}. Please check the spelling or disable "Validate Email CCs" parameter. if at least one input is not a valid email address: Error executing action "{action name}". Reason: users with the following emails were not found: {entity.identifier}. Please check the spelling or disable "Validate Email CCs" parameter. |
General |
Get Ticket Details
Description
Get ticket details, comments, and attachments by the ticket ID.
Parameters
| Parameter | Type | Default Value | Description |
|---|---|---|---|
| Ticket ID | String | N/A | The ID of the ticket. |
Use cases
N/A
Run On
This action runs on all entities.
Action Results
Entity Enrichment
N/A
Insights
N/A
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| ticket_details | N/A | N/A |
JSON Result
{
"Details":
{
"ticket":
{
"follower_ids": [],
"via":
{
"source":
{"to": {},
"from": {},
"rel": "None"},
"channel": "web"
},
"updated_at": "2019-02-03T10:08:00Z",
"submitter_id": 360638872459,
"assignee_id": 360638872459,
"brand_id": 360000159559,
"id": 2,
"custom_fields": [],
"satisfaction_rating": "None",
"sharing_agreement_ids": [],
"allow_attachments": "True",
"collaborator_ids": [],
"priority": "high",
"subject": "Test",
"type": "incident",
"status": "open",
"description": "Test Test Test",
"tags": ["test"],
"forum_topic_id": "None",
"organization_id": 360018882419,
"due_at": "None",
"is_public": "True",
"requester_id": 360638872459,
"followup_ids": [],
"recipient": "None",
"problem_id": "None",
"url": "https://siemplifyhelp.zendesk.com/api/v2/tickets/2.json", "fields": [],
"created_at": "2019-02-03T10:08:00Z",
"raw_subject": "Test",
"email_cc_ids": [],
"allow_channelback": "False",
"has_incidents": "False",
"group_id": 360000361099,
"external_id": "None"
}
},
"Comments":
[{
"body": "Test Test Test",
"plain_body": "Test Test Test",
"via":
{
"source":
{"to": {},
"from": {},
"rel": "None"},
"channel": "web"
},
"attachments":
[{
"thumbnails": [],
"url": "https://siemplifyhelp.zendesk.com/api/v2/attachments/360701661660.json",
"file_name": "Siemplify 10 2018-12-11 (1).lic",
"content_url": "https://siemplifyhelp.zendesk.com/attachments/token/GeO6Xbc5I009xGRKLwWd7u7Qv/?name=Siemplify+10+2018-12-11+%281%29.lic",
"height": "None",
"width": "None",
"mapped_content_url": "https://siemplifyhelp.zendesk.com/attachments/token/GeO6Xbc5I009xGRKLwWd7u7Qv/?name=Siemplify+10+2018-12-11+%281%29.lic",
"content_type": "application/unknown",
"inline": "False",
"id": 360701661660,
"size": 1272
}],
"audit_id": 393260420939,
"created_at": "2019-02-03T10:08:00Z",
"id": 393260420979,
"author_id": 360638872459,
"html_body": "<div> Test Test Test < br >< /div>",
"type": "Comment",
"public": "True",
"metadata":
{
"system":
{
"latitude": 32.066599999999994,
"client": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36",
"ip_address": "1.1.1.1",
"location": "Tel Aviv, 05, Israel",
"longitude": 34.764999999999986
},
"custom": {}
}
}],
"Attachments": [{"test.txt": ""}]
}
Ping
Description
Test Connectivity.
Parameters
N/A
Use cases
N/A
Run On
This action runs on all entities.
Action Results
Entity Enrichment
N/A
Insights
N/A
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| is_connected | True/False | is_connected:False |
JSON Result
N/A
Search Tickets
Description
Search for tickets by a keyword.
Parameters
| Parameters | Type | Default Value | Description |
|---|---|---|---|
| Search Query | String | N/A | Query content (example: type:ticket status:pending). |
Use cases
N/A
Run On
This action runs on all entities.
Action Results
Entity Enrichment
N/A
Insights
N/A
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| results_count | N/A | N/A |
JSON Result
N/A
Update Ticket
Description
Update existing ticket details
Parameters
| Parameter | Type | Default Value | Description |
|---|---|---|---|
| Ticket ID | String | N/A | Ticket number. |
| Subject | String | N/A | The subject of the ticket. |
| Assigned User | String | N/A | User full name. |
| Assignment Group | String | N/A | Group name. |
| Priority | String | N/A | Priority will be one of the following: urgent, high, normal, or low. |
| Ticket Type | String | N/A | The ticket type will be one of the following: problem, incident, question or task. |
| Tag | String | N/A | Tag to add to the ticket. |
| Status | String | N/A | The status will be one of the following: new, open, pending, hold, solved, or closed. |
| Additional Comment | String | N/A | If you want to add a comment to the ticket, specify the text you would like to add as a comment here. |
| Internal Note | Checkbox | Un-checked | Specify whether the comment should be public, or internal. Unchecked means it will be public, checked means it will be internal only |
Use cases
N/A
Run On
This action runs on all entities.
Action Results
Entity Enrichment
N/A
Insights
N/A
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| is_updated | True/False | is_updated:False |
JSON Result
N/A