Create a Ticket

Applies to Product:

USM Appliance™

AlienVault OSSIM^®

You can open a ticket in the following ways:

Open Tickets Automatically

To have USM Appliance open tickets when a new alarm is generated

Go to Configuration > Administration > Main.
Expand Tickets.
Change Open Tickets for new alarms automatically to Yes.
In Automatic ticket generation default in-charge user/entity, select the user to whom the ticket will be assigned.
If you want to receive emails when a ticket is updated, change Send email notification to Yes. USM Appliance sends a notification five minutes after each update to the ticket.
In Open tickets reminder, you can configure USM Appliance to send a reminder if a ticket has been opened but not updated for a number of days. The default is 15 days.

Note: No email is sent at the opening of the ticket.

To customize vulnerability scan automatic ticket settings

Go to Configuration > Administration > Main.
Expand Vulnerability Scanner.
Select the ticket threshold for when new tickets are generated in the Vulnerability Ticket Threshold drop-down.

To open a ticket manually

Go to Analysis > Alarms > List View (or Group View) and click on the desired alarm.
Click View Details.
From the Alarms Detail page, click Actions > Create Ticket.
Assign a priority to the ticket and assign it to an administrative user.
Click Save.

Note: You can also open a remediation ticket from the Security Events (SIEM) Events list,using the same steps.

To open a ticket manually from the Tickets page

From Analysis > Tickets, select the type of ticket you want to open and click Create.

Note: You can create a custom ticket type by clicking on the pencil icon in the Type column.
Fill in the fields of the dialog box with relevant information to this ticket, including to whom to assign the ticket.

Note: Only tickets created from an alarm contain pre-filled fields.
Click Save.