Linking to Ticketing Systems

You can see the link between your revisions and the tickets in your ticketing system with either:

  • Display ticket ID from an external ticketing system
  • Revision authorization based on SecureChange tickets

This option is only available to users with administrator permissions.

Ticketing

Display Ticket ID

SecureTrack can link to web-based ticket systems such as Tufin SecureChange, BMC Remedy AR System, HP Service Center, CA Service Desk Manager, or home-grown systems. When a ticket ID is included in the rules or objects in security policies monitored by SecureTrack, SecureTrack recognizes it in all policy views, including report results. SecureTrack shows the ticket ID as a hyperlink according to the ticket ID pattern configured in this page. When there is a revision that includes a new ticket ID, SecureTrack also adds a hyperlink for the new ticket ID.

SecureTrack looks for the ticket ID in these fields:

Vendor

Ticket Field

Check Point

comment

Cisco

access rule description

Fortinet

security policy comment

Juniper

JunOS SRX, J-series

JunOS M, MX

Netscreen

 

security policy name

firewall term name

security policy name

Palo Alto

security policy rule name, security policy rule description

To display the ticket ID in a revision, configure:

  • Ticket ID Pattern (regular expression): You can enter case-sensitive regular expressions to match your ticket ID. For a complete reference on the syntax of supported regular expressions, please visit this page:.
  • Convert to Standard Form: Select this to normalize ticket IDs and change them from one format to another. This is achieved by configuring an additional regular expression which will match part of the ticket ID, and creating a modified form of the ticket ID using a "C/C++" printf-like expression.
  • Link Ticket IDs to Ticketing System: Enter a URL pattern that can be used to view a specific ticket's details. Ticket IDs in rule Name and Comment fields will appear as URLs in displayed revisions. This setting is relevant only if the ticketing system has a web interface which can be accessed through a known URL.

    For SecureChange, the URL pattern is:

    https://<IP_or_hostname>/securechangeworkflow/pages/reports/viewTicket.seam?ticket=<Ticket ID>

Click Save after you make changes to these options.

Example 1: Ticket ID with a hyperlink to the Ticketing System

My company's ticket ID format is "CR" followed by several digits. The URL to my Ticketing System for viewing a specific ticket is: https://1.2.3.4/remedy/<ticket ID>

The following configuration should be used in this case:

  • Ticket ID Pattern: CR[0-9]+
  • Convert to Standard Form: leave all values empty
  • Link Ticket IDs to Ticketing System: http://1.2.3.4/remedy/

Example 2: Multiple Ticket ID patterns with a hyperlink to the Ticketing System

My company's ticket ID formats are "CR or CHG followed by several digits". The URL to my Ticketing System for viewing a specific ticket is: https://1.2.3.4/remedy/ticket=<ticket ID digits without leading characters>

The following configuration should be used in this case:

  • Ticket ID Pattern: (CR|CHG)+[0-9]+
  • Convert to Standard Form:
    • Get the part that matches: [0-9]+
    • And print it to: %s
  • Link Ticket IDs to Ticketing System: http://1.2.3.4/remedy/ticket=

Revision Authorization

If you use SecureChange, SecureTrack can also automatically look for authorized SecureChange tickets that match all of the new allowed traffic in a revision to mark the revisions as Authorized. SecureTrack automatically associates a SecureChange ticket with the revision if:

  • The ticket has an access request that at least partially matches the traffic changes in the revision
  • The target of the access request is Any with Topology disabled, or the same as the device from which the revision was received
  • The ticket is open (You can also configure authorization to include tickets that were closed within the last 3, 6, 9 or 12 months.)
  • The ticket is authorized, meaning that it either:
    • Has at least one step with the Approve/Decline field and the final step with this field is Approved
    • Does not have any steps with the Approve/Decline field but the ticket has passed to the last step of the workflow

SecureTrack automatically marks each revision as, either:

  • Authorized without tickets - There are no rule changes in the revision or there is a rule change that does not impact network traffic, such as a change to a rule comment
  • Authorized with tickets - All of the changed traffic matches at least one associated SecureChange ticket
  • Unauthorized with tickets - Tickets are associated with the revision, but not all of the changed traffic matches at least one associated SecureChange ticket
  • Unauthorized without tickets - No tickets are associated with the changed traffic in the revision

How Do I Get Here?

In SecureTrack, go to Settings > Configuration > Ticketing.