AlienVault® USM Appliance™

Create a Ticket

Applies to Product: USM Appliance™ AlienVault OSSIM®

You can open a ticket in the following ways:

  • Automatically — based on a configured policy.
  • Automatically — as a response to a detected vulnerability.
  • Manually — during an alarm investigation.
  • Manually — unrelated to an alarm or an event.
  • Manually — from the administration menu by going to ConfigurationAdministrationMainTickets.

For information about automating the creation of internal and external tickets based on a policy or a detected vulnerability type, see Create an Action.

Open Tickets Automatically

To have USM Appliance open tickets when a new alarm is generated

  1. Go to Configuration > Administration > Main.
  2. Expand Tickets > Open Tickets for new alarms automatically?
  3. Click Yes.

To customize vulnerability scan automatic ticket settings

  1. Go to Configuration > Administration > Main.
  2. Expand Vulnerability Scanner.
  3. Select the ticket threshold for when new tickets are generated in the Vulnerability Ticket Threshold dropdown.

Create a Ticket Manually While Investigating an Alarm

To open a ticket manually

  1. Go to Analysis > Alarms > List View (or Group View)and click on the desired alarm.

  2. Click View Details.
  3. From the Alarms Detail page, click Actions > Create Ticket.
  4. Assign a priority to the ticket and assign it to an administrative user.
  5. Click Save.

    Note: You can also open a remediation ticket from the Security Events (SIEM) Events list,using the same steps.

Create a Ticket Independent from an Alarm

To open a ticket manually from the Tickets page

  1. From Analysis > Tickets, select the type of ticket you want to open and click Create.

    Create new tickets showing Edit Types icon

    Note: You can create a custom ticket type by clicking on the pencil icon in the Type column.

  2. Fill in the fields of the dialog box with relevant information to this ticket, including to whom to assign the ticket.

    Note: Only tickets created from an alarm contain pre-filled fields.

  3. Click Save.