Search and Close Tickets

Applies to Product: USM Appliance™ LevelBlue OSSIM®

USM Appliance lets you search for a particular ticket and use various search criteria to help you refine your results. The tickets from the search can be reviewed and closed individually, or all together as a batch.

Search for Tickets

To filter the displayed tickets

  1. Go to Analysis > Tickets and select Simple Filters or Advanced Filters.

    Simple Filters is the default search view, while the Advanced search allows for more filters for fine-tuning the results.

  2. Input the filter values and then click Search.

The Priority filter has the following relationship with the priority value in the tickets:

Priority in the Filter Priority in the Ticket
Low 1-4
Medium 5-7
High 8-10

Close or Delete Tickets

To close or delete tickets

  1. Go to Analysis > Tickets, and do a search to filter for the tickets you want to find.
  2. Click the checkbox next to the tickets you want to select for closing or deletion. To select all of the tickets from your search, click the top checkbox in the header.
  3. Click Actions and then click either Close or Delete.

Ticket Labels

Tickets tags can be used as a quick method of identifying and filtering tickets. USM Appliance comes configured with two default tags that can be assigned to tickets: AlienVault_Internal_Pending and AlienVault_Internal_False_Positive. Tickets generated by the vulnerability scans are automatically assigned the Alienvault_Internal_Pending tag to indicate that the vulnerability hasn't been investigated yet.

To create new label types:

  1. Go to AnalysisTickets.
  2. Click the icon and click Manage Labels.
  3. Give the new label a name and description and choose a color for the label.
  4. Click Save.