Automating ticket creation for compliance issues

Create an automation rule to address compliance issues in your environments. If Concert detects an environment is not compliant with an assessed control, it triggers the defined action, such as creating a ticket in your connected external issue tracking system.

Before you begin

  • You must have Admin or Editor access to the environment associated with the automation rule.
  • You must establish a connection with your external issue tracking system before configuring an automation rule.
  • By default, Salesforce and ServiceNow do not support HTML templates for ticket creation. To automate ticket creation in either of these platforms, you must take the following steps to enable HTML templates:
    • If using Salesforce, create a custom field in Salesforce. Set the field name to Custom description and the data type to Rich Text Area.
    • If using ServiceNow, change the field type in ServiceNow to HTML.
  • Create a Slack application in your workspace and get a Slack bot token.
  • In addition to configuring an automation rule, configure a data ingestion job to pull in data from your issue tracking system so Concert can update ticket statuses.

Procedure

  1. Go to Administration > Integrations.
  2. Click Automation rules.
  3. Click Create automation rule.
  4. Enter a name for the automation rule for reference.
  5. Optional: Enter a description for the automation rule.
  6. Under When this condition occurs, select Compliance assessment.
  7. Select the environment to which this automation rule applies. Only compliance issues related to this environment will be addressed by this automation rule.
  8. Select the corresponding action to take:
    • Open a Jira ticket
    • Open a GitHub issue
    • Open a ServiceNow ticket
    • Open a Salesforce case
    • Send Slack message.
    Note: At this time, the ability to trigger a Concert workflows based on a compliance issue is not supported.
  9. Enter the relevant details corresponding to the issue tracking system where the ticket will be created.
    • For GitHub, enter the name of the Organization and the name of the Repository. Optional: Select labels from the repository under With labels field. To fetch existing labels from the repository, click the refresh button next to Select labels (Optional) field.
    • For Jira, enter the Project name.
    • For ServiceNow or ,Salesforce no additional information is required.
    • If you want to get notified through Slack message, enter the Channel Id.
      Note: Slack can only give notifications. You need to select the ticketing systems for ticket creation.
  10. Under Using this connection, select the relevant credentials . Refer to Establishing a connection with a third-party system for instructions.
  11. Optional: Next to Assign to, enter a username present in the target service for the user to whom the issue or ticket gets assigned.
  12. Note: When you assign the ticket to the user, verify the username is available in the ticketing system and the user have proper permissions to access the third-party ticketing system.
    Under With the following threshold values, select a Compliance profile and set the result as Non-compliant under When the result is.
  13. Click Create.

Results

For each configured automation rule, Concert automatically creates a ticket in the third-party ticketing system for each prioritized Compliance profile or groups of Compliance. Priority is calculated based on the non-compliant profile list impacting the environment. The ticket is assigned to the user based on the provided username, if set. Multiple Compliance issues are grouped into a single ticket if they are associated with the same Control ID for that assessment.
Note: If your access to the corresponding application or environment access is revoked, you will be able to see any automation rules that you created, but you will not be able to edit them.