Linking to Ticketing Systems

Overview

TOS Aurora can associate a change request ticket with a rule. This facilitates keeping track of what changes were made, by whom, and whether those changes were authorized.

A ticket is a change request, or other rule-related activity, that is tracked in a ticketing system such as SecureChange, BMC Remedy AR System, HP Service Center, or CA Service Desk Manager.

You can see the link between your revisions and the tickets in your ticketing system with either:

Revision Authorization Based on SecureChange Tickets

Every time SecureTrack pulls a revision from one of its monitored devices, it will seek to determine if the change is authorized. SecureTrack authorizes revisions based on whether the change was requested by a SecureChange ticket. This check is an automatic stage in SecureTrack’s revision retrieval process.

SecureTrack automatically associates a SecureChange ticket with the revision if:

  • The ticket has an access request that at least partially matches the traffic changes in the revision.
  • The target of the access request is Any with Topology disabled, or the same as the device from which the revision was received.
  • The ticket is open. (You can also configure authorization to include tickets that were closed within the last 3, 6, 9 or 12 months.)
  • The ticket is approved. Either:
    • It has at least one step with the Approve/Decline field and the final step with this field is Approved.
    • It does not have any steps with the Approve/Decline field but the ticket has passed to the last step of the workflow.

You can see which revisions have been authorized in SecureTrack: Browser>Changes.

SecureTrack automatically marks each revision as:

  • Authorized without tickets: There are no rule changes in the revision or there is a rule change that does not impact network traffic, such as a change to a rule comment.
  • Authorized with tickets: All the changed traffic matches at least one associated SecureChange ticket.
  • Unauthorized with tickets: Tickets are associated with the revision, but not all the changed traffic matches at least one associated SecureChange ticket.
  • Unauthorized without tickets : No tickets are associated with the changed traffic in the revision.

Display ID From an External Ticketing System

If you are using an external ticketing system, you can map individual tickets to the revisions that they authorized. Mapping allows you to track who authorized a change that was made to a device. This is especially helpful when you are preparing for an audit. When a ticket ID is included in the rules or objects in security policies monitored by SecureTrack, SecureTrack recognizes it in all policy views, including report results. SecureTrack shows the ticket ID as a hyperlink according to the ticket ID pattern configured in this page. When there is a revision that includes a new ticket ID, SecureTrack also adds a hyperlink for the new ticket ID.

Mapping works by linking each device rule with the ticket that authorized it. You can view the list of device rules in the Rule Viewer. For each rule, you can click the ticket icon to see the linked ticket.

SecureTrack looks for the ticket ID in these fields:

Vendor

Ticket Field

Check Point

comment

Cisco

access rule description

Fortinet

security policy comment

Juniper

JunOS SRX, J-series

JunOS M, MX

Netscreen

 

security policy name

firewall term name

security policy name

Palo Alto

security policy rule name, security policy rule description

Display Ticket ID in a Revision

How Do I Get Here?

SecureTrack > Admin > Ticketing.