Zendesk

Integration version: 6.0

Configure Zendesk to work with Google Security Operations SOAR

An administrator generates an API token, and to do so please follow the following steps:

Navigate to the sidebar of your Zendesk interface and click the Admin icon, then select Channels > API.

Click the Settings tab, and enable the Token Access.
Click the + button to the right of Active API Tokens.
Optionally, enter a description under API Token Description.
Copy the token in order to use it later and paste it somewhere secure. The full token will never be displayed again after the window closure.
Click Save to return to the API page.

Configure Zendesk integration in Google Security Operations SOAR

For detailed instructions on how to configure an integration in Google Security Operations SOAR, see Configure integrations.

Actions

Add Comment to Ticket

Description

Add a comment to an existing ticket.

Parameters

Parameter	Type	Default Value	Description
Ticket ID	String	N/A	Ticket number.
Comment Body	String	N/A	N/A
Author Name	String	N/A	N/A
Internal Note	Boolean	N/A	N/A

Use cases

N/A

Run On

This action runs on all entities.

Action Results

Entity Enrichment

N/A

Insights

N/A

Script Result

Script Result Name	Value Options	Example
is_success	True/False	is_success:False

JSON Result

N/A

Apply Macros on Ticket

Description

Apply a macro to a ticket.

Parameters

Parameter	Type	Default Value	Description
Ticket ID	String	N/A	Ticket number.
Macro Title	String	N/A	N/A

Use cases

N/A

Run On

This action runs on all entities.

Action Results

Entity Enrichment

N/A

Insights

N/A

Script Result

Script Result Name	Value Options	Example
is_applied	True/False	is_applied:False

JSON Result

N/A

Create Ticket

Description

Create a ticket with specific properties.

Known Limitations

Emails with unicode characters are not supported by the Zendesk API. It effects "Email CC" parameter. Action will just ignore them

Parameters

Parameter	Type	Default Value	Description
Subject	String	N/A	N/A
Description	String	N/A	N/A
Assigned User	String	N/A	User full name.
Assignment Group	String	N/A	Group name.
Priority	String	N/A	Priority will be one of the following: urgent, high, normal, or low.
Ticket Type	String	N/A	Priority will be one of the following: urgent, high, normal, or low.
Tag	String	N/A	N/A
Internal Note	Checkbox	Un-checked	Specify whether the comment should be public, or internal. Unchecked means it will be public, checked means it will be internal only
Email CCs	CSV	N/A	Specify a comma-separated list of email addresses, which should also receive the notification of the ticket creation. Note: at max 48 email CCs can be added. This is Zendesk limitation.
Validate Email CCs	Boolean	Checked	If enabled, action will try to check that users with emails provided in "Email CCs" parameter exist. If at least one user doesn't exist, action will fail. If this parameter is disabled, action will not perform this check.

Use cases

N/A

Run On

This action runs on all entities.

Action Results

Entity Enrichment

N/A

Insights

N/A

Script Result

Script Result Name	Value Options	Example
ticket_id	N/A	N/A

JSON Result

N/A

Case Wall

Result type	Value/Description	Type
Output message*	If "Validate Email CCs" is enabled and at least one email was not found (fail): Error executing action "{action name}". Reason: users with the following emails were not found: {entity.identifier}. Please check the spelling or disable "Validate Email CCs" parameter. if at least one input is not a valid email address: Error executing action "{action name}". Reason: users with the following emails were not found: {entity.identifier}. Please check the spelling or disable "Validate Email CCs" parameter.	General

Result type

Value/Description

Type

Output message*

If "Validate Email CCs" is enabled and at least one email was not found (fail): Error executing action "{action name}". Reason: users with the following emails were not found: {entity.identifier}. Please check the spelling or disable "Validate Email CCs" parameter.

if at least one input is not a valid email address: Error executing action "{action name}". Reason: users with the following emails were not found: {entity.identifier}. Please check the spelling or disable "Validate Email CCs" parameter.

General

Get Ticket Details

Description

Get ticket details, comments, and attachments by the ticket ID.

Parameters

Parameter	Type	Default Value	Description
Ticket ID	String	N/A	The ID of the ticket.

Use cases

N/A

Run On

This action runs on all entities.

Action Results

Entity Enrichment

N/A

Insights

N/A

Script Result

Script Result Name	Value Options	Example
ticket_details	N/A	N/A

JSON Result

{
   "Details":
      {
        "ticket":
           {
             "follower_ids": [],
             "via":
               {
                     "source":
                           {"to": {},
                            "from": {},
                            "rel": "None"},
                    "channel": "web"
                },
              "updated_at": "2019-02-03T10:08:00Z",
              "submitter_id": 360638872459,
              "assignee_id": 360638872459,
              "brand_id": 360000159559,
              "id": 2,
              "custom_fields": [],
              "satisfaction_rating": "None",
              "sharing_agreement_ids": [],
              "allow_attachments": "True",
              "collaborator_ids": [],
              "priority": "high",
              "subject": "Test",
              "type": "incident",
              "status": "open",
              "description": "Test Test Test",
              "tags": ["test"],
              "forum_topic_id": "None",
              "organization_id": 360018882419,
              "due_at": "None",
              "is_public": "True",
              "requester_id": 360638872459,
              "followup_ids": [],
              "recipient": "None",
              "problem_id": "None",
              "url": "https://siemplifyhelp.zendesk.com/api/v2/tickets/2.json", "fields": [],
              "created_at": "2019-02-03T10:08:00Z",
              "raw_subject": "Test",
              "email_cc_ids": [],
              "allow_channelback": "False",
              "has_incidents": "False",
              "group_id": 360000361099,
              "external_id": "None"
           }
       },
    "Comments":
       [{
          "body": "Test Test Test",
          "plain_body": "Test Test Test",
          "via":
           {
              "source":
                      {"to": {},
                       "from": {},
                       "rel": "None"},
              "channel": "web"
            },
          "attachments":
           [{
              "thumbnails": [],
              "url": "https://siemplifyhelp.zendesk.com/api/v2/attachments/360701661660.json",
              "file_name": "Siemplify 10 2018-12-11 (1).lic",
              "content_url": "https://siemplifyhelp.zendesk.com/attachments/token/GeO6Xbc5I009xGRKLwWd7u7Qv/?name=Siemplify+10+2018-12-11+%281%29.lic",
               "height": "None",
               "width": "None",
               "mapped_content_url": "https://siemplifyhelp.zendesk.com/attachments/token/GeO6Xbc5I009xGRKLwWd7u7Qv/?name=Siemplify+10+2018-12-11+%281%29.lic",
               "content_type": "application/unknown",
               "inline": "False",
               "id": 360701661660,
               "size": 1272
            }],
          "audit_id": 393260420939,
          "created_at": "2019-02-03T10:08:00Z",
          "id": 393260420979,
          "author_id": 360638872459,
          "html_body": "<div> Test Test Test < br >< /div>",
          "type": "Comment",
          "public": "True",
          "metadata":
            {
               "system":
                  {
                     "latitude": 32.066599999999994,
                     "client": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36",
                      "ip_address": "1.1.1.1",
                      "location": "Tel Aviv, 05, Israel",
                      "longitude": 34.764999999999986
                   },
               "custom": {}
             }
         }],
     "Attachments": [{"test.txt": ""}]
 }

Ping

Description

Test Connectivity.

Parameters

N/A

Use cases

N/A

Run On

This action runs on all entities.

Action Results

Entity Enrichment

N/A

Insights

N/A

Script Result

Script Result Name	Value Options	Example
is_connected	True/False	is_connected:False

JSON Result

N/A

Search Tickets

Description

Search for tickets by a keyword.

Parameters

Parameters	Type	Default Value	Description
Search Query	String	N/A	Query content (example: type:ticket status:pending).

Use cases

N/A

Run On

This action runs on all entities.

Action Results

Entity Enrichment

N/A

Insights

N/A

Script Result

Script Result Name	Value Options	Example
results_count	N/A	N/A

JSON Result

N/A

Update Ticket

Description

Update existing ticket details

Parameters

Parameter	Type	Default Value	Description
Ticket ID	String	N/A	Ticket number.
Subject	String	N/A	The subject of the ticket.
Assigned User	String	N/A	User full name.
Assignment Group	String	N/A	Group name.
Priority	String	N/A	Priority will be one of the following: urgent, high, normal, or low.
Ticket Type	String	N/A	The ticket type will be one of the following: problem, incident, question or task.
Tag	String	N/A	Tag to add to the ticket.
Status	String	N/A	The status will be one of the following: new, open, pending, hold, solved, or closed.
Additional Comment	String	N/A	If you want to add a comment to the ticket, specify the text you would like to add as a comment here.
Internal Note	Checkbox	Un-checked	Specify whether the comment should be public, or internal. Unchecked means it will be public, checked means it will be internal only

Use cases

N/A

Run On

This action runs on all entities.

Action Results

Entity Enrichment

N/A

Insights

N/A

Script Result

Script Result Name	Value Options	Example
is_updated	True/False	is_updated:False

JSON Result

N/A