Creating Tickets In FortiSIEM In-built Ticketing System
AccelOps includes a feature that will let you create and assign tickets for IT infrastructure tasks, and create tickets directly from incidents. You can see all tickets that have been created by going to Incidents > Tickets, and then use the filter controls to view tickets by assignee, organization, priority, and other attributes. You can also configure AccelOps and you Remedy system so that Remedy will take tickets created by incident notification actions.
Configuring Remedy to Accept Tickets from AccelOps Incident Notifications Ticket Related Operations
Configuring Remedy to Accept Tickets from AccelOps Incident Notifications
This topic describes how to configure Remedy to accept tickets as notification actions from AccelOps.
Prerequisites
Procedure
Incident Attributes for Defining Remedy Forms
Prerequisites
Make sure you have configured the Remedy server settings in AccelOps.
Procedure
- In Remedy, create a new form, AccelOps_Incident_Interface, with the incident attributes listed in the table at the end of this topic as the form fields.
- When you have defined the fields in the form, right-click on the field and select the Data Type that corresponds to the incident attribute.
- After setting the form field data type, click in the form field again to set the Label for the field.
- When you are done creating the form, go to Servers > localhost > Web Service in Remedy, and select New Web Service.
- For Base Form, enter AccelOps_Incident_Interface.
- Click the WSDL
- For the WSDL Handler URL, enter http://<midtier_server>/arsys/WSDL/public/<servername>/AccelOps_Incident_I nterface.
- Click the Permissions tab and select
- Click
You can test the configuration by opening a browser window and entering the WSDL handler URL from step 7, substituting the Remedy Server IP address for <midtier_server> and localhost for <servername>. If you see an XML page, your configuration was successful.
Incident Attributes for Defining Remedy Forms
Incident Attribute | Data Type | Description |
biz_service | text | Name of the business services affected by this incident |
cleared_events | text | |
cleared_reason | text | The reason for clearing the incident if it was cleared, |
cleared_time | bigint | The time at which the incident was cleared |
cleared_user | character varying(255) | The user who cleared the incident |
comments | text | Comments |
cust_org_id | bigint | The organization id to which the incident belongs |
first_seen_time | bigint | Time when the incident occurred for the first time |
last_seen_time | bigint | Time when the incident occurred for the last time |
incident_count | integer | Number of times the incident triggered between the first and last seen times |
incident_detail | text | Incident Detail attributes that are not included in incident_src and incident_target |
incident_et | text | Incident Event type |
incident_id | bigint | Incident Id |
incident_src | text | Incident Source |
incident_status | integer | Incident Status |
incident_target | text | Incident Target |
notif_recipients | text | Incident Notification recipients |
notification_action_status | text |
orig_device_ip | text | |
ph_incident_category | character varying(255) | AccelOps defined category to which the incident belongs: Network, Application, Server, Storage, Environmental, Virtualization, Internal, Other |
rule_id | bigint | Rule id |
severity | integer | Incident Severity 0 (lowest) – 10 (highest) |
severity_cat | character varying(255) | LOW (0-4), MEDIUM (5-8), HIGH (9-10) |
ticket_id | character varying(2048) | Id of the ticket created in AccelOps |
ticket_status | integer | Status of ticket created in AccelOps |
ticket_user | character varying(1024) | Name of the user to which the ticket is assigned to in AccelOps |
view_status | integer | |
view_users | text |