Automating tickets for compliance issues

Before you begin

• You must have Admin or Editor access (object level) to the application or environment associated with the automation rule you are creating.
• You must establish a connection with your external issue tracking system using credentials that grant Concert write access to the target board or repository.
• Salesforce and ServiceNow do not support HTML templates for ticket creation by default. If using either of these systems, you must take additional steps to enable HTML templates.
  • For Salesforce, create a custom field in Salesforce. Set the field name to Custom description and the data type to Rich Text Area.
  • For ServiceNow, change the field type in ServiceNow to HTML.
• In addition to the automation rule, configure an ingestion job to pull data from your external issue tracking system so Concert can update ticket status. If you do not have an ingestion job configured, you will have to update the status of each ticket manually.

Instructions

1. Click Administration > Integrations.
2. Click Automation rules.
3. Click Create automation rule.
4. Enter a name for the automation rule for internal reference.
5. Enter a description for the automation rule.
6. Under When this condition occurs, select Compliance assessment from the drop down.
7. Select the Environment to associate with this automation rule. Only compliance issues found in this environment will trigger this automation rule.
8. Select the corresponding action to take:
   • Open Jira ticket. If selected, enter the target project where the ticket will be created.
   • Open GitHub issue. If selected, enter the target organization and target repository.
   • Open ServiceNow ticket. If selected, there are no additional options to set in Concert. However, you must change the field type in ServiceNow to HTML.
   • Open Salesforce case. If selected, there are no additional options to set in Concert. However, you must create a custom field in Salesforce, setting the field name to Custom description and the data type to Rich Text Area.
   Note: Alternative actions, such as Send Slack message, are available but do not result in ticket creation. Refer to Automating Slack notifications for details.
9. Under Using this connection, select the connection associated with the external tracking system. The connection must use credentials that grant Concert "write" permissions to the target board or repository. Creating a connection with an external tool or service for details.
10. Next to assign to, enter a username present in the target service to which the issue or ticket will be assigned. Ensure this user has access to the specified repository or board.
11. If you selected GitHub issue creation as the action to take, you can enter one or more GitHub labels to apply to issues generated from on this automation rule. You can choose from existing labels by clicking the refresh icon next to retrieve existing labels in the specified repository.
12. Under With the following threshold values, select a compliance profile containing the control(s) relevant to the selected environment.
13. Under When the result is, select Non-compliant.
14. Click Create to save and activate the automation rule.

The automation rule is triggered whenever an environment is deemed non-compliant with a control listed in the compliance profile. The priority is determined by the number of controls with which an environment is not compliant. If there are multiple compliance issues related to the same control ID detected in an assessment, they are grouped in a single issue or ticket.