Configuring an external ticketing system
Use an external ticketing system such as ServiceNow or IBM Resilient to track incidents, problems, and tasks discovered by Guardium.
Before you begin
- Browse to .
- Click the icon to open the External Ticketing System Configuration dialog.
- From the Account tab, use the Account menu to select an existing ticketing system account or click the icon to add an account.
- From the Add account dialog, select, and configure
your ticketing system, as follows,
- For IBM Resilient, URL is the fully qualified domain name.
- For ServiceNow, URL is generally <instanceName>.service-now.com.
- Enter the username and password for your ticketing system, and then click Test
Connection to verify that Guardium can communicate with the ticketing system. Note:
- The ticketing-system account must be able to create and read records that are used with the integration. For example, if Incident records are used, the user must be able to create and read Incident records.
- If prompted, follow the on-screen instructions for adding a security certificate for the
ticketing system: Download the certificate from the ticketing system and import it into Guardium
store certificate keystore trusted consoleCLI command.
- From the Settings tab, select the
Guardium system, and then select the Template to configure. Systems are specific Guardium features that support external ticketing integration. Templates identify the type of ticket that is opened on the ticketing system.
Each template provides options for the selected system. For example, if you select the Vulnerability Assessment Results system, you can select the specific severity for which you want to automatically create tickets.For ServiceNow, you can search for specific text in certain fields, such as a table or assignment group (depending on the Guardium system). To search for a specific item,
- Click the icon to open the Search page for that item.
- In the search box, enter all or part of the text for the item you want to find, and then click Search.
- Select the item that you want from the list, and click Add.
If needed, click the icon to clear the text.
- After you select the Guardium system and Template, use the Guardium fields controls to
create the message template that
Guardium sends to the ticketing system. The information that you supply depends on the external
IBM Resilient tickets
- Name - A name or description of the external ticket type.
- Description - The Guardium fields to include in each ticket.
- Members - The member of the Resilient team to receive this ticket. A
member can be either one person or a group (that is defined in Resilient).Note: In Guardium, you can select only one member. You can add more ticket receivers in Resilient.
- Incident types - Select a Resilient incident type. Note: Guardium automatically creates configurations for all four of the Guardium systems. However, the Incident type field is left blank. Since Incident type is required for Resilient tickets, you need to select an incident type for each Resilient ticket type. You can set the incident type either from the Guardium UI or the Resilient server.
- Click the icon to add a field. For IBM Resilient, you can enter comments to include with a ticket.
- Short description - A short description of the external ticket type.
- Description - The Guardium fields to include in each ticket
- Assignment group - The ServiceNow group to assign this ticket to.
- Click the
icon to configure extra fields. For ServiceNow, you can enter comments to include with a ticket or
other information (depending on the Guardium system and template). Note: ServiceNow supports both comments and work notes. Only comments entered into the ServiceNow Additional comments (customer visible) field display in the Guardium External Tickets report.
- From the Status tab, review ticketing-related log
information. Use the Enable debug checkbox to include debugging-level information in the log.Note: The Enable debug setting is saved when selected or cleared.
- Click Save to save the configuration and exit the External Ticketing System Configuration dialog.
- If needed, configure external tickets for the other available systems that are shown in the External Ticketing System table.
What to do next
|Guardium system||Integration point|
|Alerter||Browse to Add receiver section, set Notification type to
TICKET. Tickets are created when the alert triggers.
. Configure an alert. In the
Attention: Verify that the alerter is active on startup: browse to and select the Active on startup checkbox.
External ticketing integrates with the following types of alert notifications:
|Audit Process||The audit process ticketing system uses the Alert integration point.
Browse to Send results section, select to add a receiver, and then set Receiver Type to Ticket.. Begin creating an audit process. From the
When the audit process runs, it generates the audit process result as a PDF, which is attached to the ticket that is sent to the external ticketing system. The URL to the ticket is stored in the Audit result table for external review.
Note: Audit process results are purged following standard audit process rules. To set the purging rules, select Show advanced options from the Create New Audit Process or Details for: <audit process> page.
|Policy Builder for Data||Policy Builder for Data uses the Alert integration point.
Browse to Rule Action, select ALERT ONCE PER SESSION or ALERT PER MATCH and then select TICKET from the Add New Action window.. Begin creating a security policy. From
|Risk Spotter||Browse to Risky Users table and use the .. Select a user from the|
|Threat Analytics||Browse to. Select a case from the table and use the .|
|Vulnerability Assessment Results||Browse to View Results. For each failed result, click Create ticket to open a ticket.. Create and run an assessment, then click|