Creating tickets to address vulnerability issues
With Concert you can automate ticket creation, or create tickets manually to address your vulnerability issues.
Use one of the following methods to create tickets in your organization's third-party issue tracking system for vulnerability issues.
Option 1: Configure an automation rule (Recommended)
Configure automation rules to allow Concert to
create tickets automatically in your organization's ticketing system based on the risk score or CVSS
score associated with the selected application or environment. Refer to Automating ticket creation for prioritized CVEs for instructions.
Note: Automation rules are currently not
supported for non-CVE exposures.
Option 2: Creating tickets manually from the Concert UI
Alternatively, you can create a ticket manually from the Concert UI to address vulnerability issues. If you choose to create tickets manually instead of creating an automation rule, refer to the following instructions:
CVEs
- Go to tab to see the list of prioritized CVEs.
- Select a CVE from the list to view details and impacted applications.
- Click Open ticket + option under Ticket for the
vulnerability issues that needs to be fixed.Note:
- You can select multiple rows to create a single manual ticket for multiple findings. Select the checkboxes under Source to choose multiple findings, then click Open Ticket in the blue ribbon that appears, displaying the number of selected items.
- If a ticket already exists for the selected findings in the same third-party ticketing tool, a new ticket will not be created, and an error message will be displayed. However, if an existing ticket is linked to a different third-party ticketing tool, a new ticket will be created, and only the latest ticket will be displayed in Concert.
- Click one option under Type: GitHub, or Jira, ServiceNow, or Salesforce.
- Select an existing Connection. If there is no existing connection, refer to Connecting with a third-party system for instructions to configure a new connection.
- Provide the requested details corresponding to the selected third-party tool.
- For a GitHub connection, enter the name of the Organization and the name of the Repository. Optionally, you can also select labels from the repository using the Select labels (Optional) field. To fetch existing labels from the repository, click the Refresh button next to the Select labels (Optional) field.
- For a Jira, enter the Project name.
- For a ServiceNow connection, no additional information is required.
- For a Salesforce connection, no additional information is required.
Note: By default, the Salesforce and ServiceNow tracking systems do not support HTML template for ticket creation.- If your selected third-party tracking system is Salesforce, then you need to create a new Custom description field with data type as Rich Text Area to enable the HTML template settings. Refer to the Salesforce documentation.
- If your selected third-party tracking system is ServiceNow, then you need to update the existing description field with type as String and select the file attachment as HTML. Refer to the ServiceNow documentation.
- Optional: Edit the Title and Body fields.
- Optional: Enter the email address of the designated assignee in the Assignees field.
- Click Open.
Once created, the ticket number is displayed under the corresponding vulnerability issues.
Exposures
- Go to tab to see the list of prioritized non-CVE exposures.
- Click Open ticket + option under Ticket for the exposure that needs to be fixed.
- Click one option under Type: GitHub, or Jira, ServiceNow, or Salesforce.
- Select an existing Connection. If there is no existing connection, refer to Connecting with a third-party system for instructions to configure a new connection.
- Provide the requested details corresponding to the selected third-party tool.
- For a GitHub connection, enter the name of the Organization and the name of the Repository. Optionally, you can also select labels from the repository using the Select labels (Optional) field. To fetch existing labels from the repository, click the Refresh button next to the Select labels (Optional) field.
- For a Jira, enter the Project name.
- For a ServiceNow connection, no additional information is required.
- For a Salesforce connection, no additional information is required.
Note: By default, the Salesforce and ServiceNow tracking systems do not support HTML template for ticket creation. If your third-party tracking system is Salesforce or ServiceNow, then you need to do the following changes on your specific third-party tracking system to support the HTML template for ticket creation.- If your selected third-party tracking system is Salesforce, then you need to create a new Custom description field with field name as Custom description and the data type as Rich Text Area to enable the HTML template settings. Refer to the Salesforce documentation.
- If your selected third-party tracking system is ServiceNow, then you need to update the existing description field with type as HTML. Refer to the ServiceNow documentation.
- Optional: Edit the Title and Body fields.
- Optional: Enter the email address of the designated assignee in the Assignees field.
- Click Open.
Once created, the ticket number is displayed under the corresponding exposure issues.