Creating tickets to address compliance issues

There are two ways to create tickets to address noncompliant environments: automatically (using automation rules) or manually by opening a ticket to address a specific control with which your environment is noncompliant.

After creating a compliance profile and uploading a recent compliance scan, Concert highlights the specific controls with which an environment is not compliant and provides a compliance level (low, medium, or high) and score based on the percentage of assessed controls with which an environment is compliant out of the total number assessed. To expedite mitigation, you can configure an automation rule to allow Concert to open tickets automatically to address each control with which an environment is not compliant. Alternatively, you can create and assign a ticket manually from the Compliance dimension page.

Option 1: Configure an automation rule (Recommended)

For each environment, configure automation rules to allow Concert to create tickets automatically in your organization's ticketing system for only the noncompliant issues. Refer to Automating ticket creation for compliance issues for instructions.

Option 2: Creating tickets manually from the Concert UI

Alternatively, you can create a ticket manually from the Concert UI to address compliance issues. If you choose to create tickets manually instead of creating an automation rule, refer to the following instructions:

  1. Go to Dimensions > Compliance.
  2. From the sub navigation Assessments, click the required scan report.
  3. Click Open ticket + option under Ticket for the compliance issues which need fixed.
  4. Click any one option under Type: GitHub, or Jira, or ServiceNow, or Salesforce.
  5. Select an existing Connection. If there is no existing connection, refer to Connecting with a third-party system for instructions to configure a new connection.
  6. Provide the requested details corresponding to the selected third-party tool.
    • For a GitHub connection, enter the name of the Organization and name of Repository.
    • For Jira, enter the Project name.
    • For ServiceNow connection, no additional information is required.
    • For a Salesforce connection, no additional information is required.
    Note: By default, the Salesforce and ServiceNow tracking systems do not support HTML template for ticket creation. If your third-party tracking system is Salesforce or ServiceNow, then you need to do the following changes on your specific third-party tracking system to support the HTML template for ticket creation.
    • If your selected third-party tracking system is Salesforce, then you need to create a new custom description field with field name as Custom description and the data type as Rich Text Area to enable the HTML template settings. Refer to the Salesforce documentation.
    • If your selected third-party tracking system is ServiceNow, then you need to update the existing description field with type as HTML. Refer to the ServiceNow documentation.
  7. Optional: Edit the Title and Body fields.
  8. Optional: Enter the email address of the designated assignee in the Assignees field.
  9. Click Open.

Once created, the ticket number is displayed under the corresponding compliance issue.