Zendesk
The Zendesk Source works by polling your event/alert logs every 60 seconds using the API token authentication method.
To connect your source, generate an API Token from your Zendesk settings tab. Make sure Token Access is enabled and create a new token.
Provide the token, as well as the email address of your Zendesk Support administrator to RunReveal while creating the source.
Click verify source prior to connecting your source in RunReveal, which may take a moment, but if successful will ensure that the source is correctly configured.
Schema
The following columns are exposed for this source. RunReveal applies schema normalization across all sources, ensuring uniform field names and data types for cross-source queries and reusable detection logic.
Table: zendesk_logs (45 columns)
zendesk_logs (45 columns)| Column | Type |
|---|---|
workspaceID | String |
sourceID | String |
sourceType | LowCardinality(String) |
sourceTTL | UInt32 |
receivedAt | DateTime |
id | String |
eventTime | DateTime |
eventName | String |
eventID | String |
srcIP | String |
srcASCountryCode | String |
srcASNumber | UInt32 |
srcASOrganization | String |
srcCity | String |
srcConnectionType | String |
srcISP | String |
srcLatitude | Float64 |
srcLongitude | Float64 |
srcUserType | String |
dstIP | String |
dstASCountryCode | String |
dstASNumber | UInt32 |
dstASOrganization | String |
| Column | Type |
|---|---|
dstCity | String |
dstConnectionType | String |
dstISP | String |
dstLatitude | Float64 |
dstLongitude | Float64 |
dstUserType | String |
actor | Map(String, String) |
tags | Map(String, String) |
resources | Array(String) |
serviceName | String |
readOnly | Bool |
rawLog | String |
url | String |
actionLabel | String |
actorID | String |
zendeskSourceType | String |
zendeskSourceID | String |
zendeskSourceLabel | String |
action | String |
changeDescription | String |
ipAddress | String |
actorName | String |