Security: add a webhook event or log endpoint for Cloud Recordings and Transcriptions

TLDR

I want to protect my sensitive information via tracking who/what downloaded our recordings and transcriptions.

My Problem:

We produce a number of cloud recordings and transcriptions, they are managed by external content management.
The crux of our problem is we are unsure if there are any unsavory actors performing data exfiltration between the time the recording/transcription was made, hosted, and deleted as we have no data on how many download events were made.

Suggestions

I have 2 suggestions:

  1. Create an endpoint that that provides an audit log (similar to https://marketplace.zoom.us/docs/api-reference/zoom-api/reports/reportsigninsignoutactivities) cloud recordings/ transcriptions and their downloads.
  2. PREFERRED Create a Recording/Transcription downloaded event that gets fired whenever someone successfully pulls data from your CRM. (source: https://marketplace.zoom.us/docs/api-reference/webhook-reference/recording-events/ )(Hint: It would also be cool to get failed actors, but we don’t get that from auth logs right now. Still that would be a cool feature)

Preferred event data returned would be similar to the auth logs or even better dashboards-list-meeting-participants something like this:

{
      "id": "d52f19c548b88490b5d16fcbd38", (Or the Url ... basically the unique id of the dl file)
      "user_id": "32dsfsd4g5gd", (The actor/downloader)
      "user_name": "dojo",
      "device": "WIN",
      "ip_address": "127.0.0.1",
      "location": "New York",
      "network_type": "Wired",
      "microphone": "Plantronics BT600",
      "camera": "FaceTime HD Camera",
      "speaker": "Plantronics BT600",
      "data_center": "SC",
      "connection_type": "P2P",
      "pc_name": "dojo's pc",
      "domain": "Dojo-workspace",
      "mac_addr": " 00:0a:95:9d:68:16",
      "harddisk_id": "sed proident in",
      "version": "4.4.55383.0716"
 } 

Thanks Zoom Great Product!

BCC @tommy @Carson_Chen @Michael_Purnell

3 Likes