FortiSIEM Creating Tickets In FortiSIEM In-built Ticketing System

Creating Tickets In FortiSIEM In-built Ticketing System

AccelOps includes a feature that will let you create and assign tickets for IT infrastructure tasks, and create tickets directly from incidents. You can see all tickets that have been created by going to Incidents > Tickets, and then use the filter controls to view tickets by assignee, organization, priority, and other attributes. You can also configure AccelOps and you Remedy system so that Remedy will take tickets created by incident notification actions.

Configuring Remedy to Accept Tickets from AccelOps Incident Notifications Ticket Related Operations

Configuring Remedy to Accept Tickets from AccelOps Incident Notifications

This topic describes how to configure Remedy to accept tickets as notification actions from AccelOps.

Prerequisites

Procedure

Incident Attributes for Defining Remedy Forms

Prerequisites

Make sure you have configured the Remedy server settings in AccelOps.

Procedure

  • In Remedy, create a new form, AccelOps_Incident_Interface, with the incident attributes listed in the table at the end of this topic as the form fields.
  1. When you have defined the fields in the form, right-click on the field and select the Data Type that corresponds to the incident attribute.
  2. After setting the form field data type, click in the form field again to set the Label for the field.
  3. When you are done creating the form, go to Servers > localhost > Web Service in Remedy, and select New Web Service.
  4. For Base Form, enter AccelOps_Incident_Interface.
  5. Click the WSDL
  6. For the WSDL Handler URL, enter http://<midtier_server>/arsys/WSDL/public/<servername>/AccelOps_Incident_I nterface.
  7. Click the Permissions tab and select
  8. Click

You can test the configuration by opening a browser window and entering the WSDL handler URL from step 7, substituting the Remedy Server IP address for <midtier_server> and localhost for <servername>. If you see an XML page, your configuration was successful.

Incident Attributes for Defining Remedy Forms

Incident Attribute Data Type Description
biz_service text Name of the business services affected by this incident
cleared_events text
cleared_reason text The reason for clearing the incident if it was cleared,
cleared_time bigint The time at which the incident was cleared
cleared_user character varying(255) The user who cleared the incident
comments text Comments
cust_org_id bigint The organization id to which the incident belongs
first_seen_time bigint Time when the incident occurred for the first time
last_seen_time bigint Time when the incident occurred for the last time
incident_count integer Number of times the incident triggered between the first and last seen times
incident_detail text Incident Detail attributes that are not included in incident_src and incident_target
incident_et text Incident Event type
incident_id bigint Incident Id
incident_src text Incident Source
incident_status integer Incident Status
incident_target text Incident Target
notif_recipients text Incident Notification recipients
notification_action_status text

 

orig_device_ip text
ph_incident_category character varying(255) AccelOps defined category to which the incident belongs: Network, Application, Server, Storage, Environmental, Virtualization, Internal, Other
rule_id bigint Rule id
severity integer Incident Severity 0 (lowest) – 10 (highest)
severity_cat character varying(255) LOW (0-4),  MEDIUM (5-8), HIGH (9-10)
ticket_id character varying(2048) Id of the ticket created in AccelOps
ticket_status integer Status of ticket created in AccelOps
ticket_user character varying(1024) Name of the user to which the ticket is assigned to in AccelOps
view_status integer
view_users text

 

 

This entry was posted in Administration Guides, FortiSIEM on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.