Document Version: 2.1

Date: 2020-01-31


Copyright

© 2021 Outpost24® All rights reserved. This document may only be redistributed unedited and unaltered. This document may be cited and referenced only if clearly crediting Outpost24® and this document as the source. Any other reproduction and redistribution in print or electronically is strictly prohibited without explicit permission.

Trademark

Outpost24® and OUTSCAN™ are trademarks of Outpost24® in Sweden and other countries.



Purprose

This document provides users with a comprehensive overview of the Tickets for OUTSCAN and HIAB. This document has been elaborated under the assumption the reader has access to the OUTSCAN/HIAB Account and Graphical User Interface. 

Introduction

This document gives you a step-by-step configuration setup guide for configuring the OUTSCAN/HIAB solution according to best practice. It takes into account the size of the organizations and provide information about why different options are taken over other in order to provide justification why the different paths where chosen.

Tickets

Best practice regarding tickets is to have them become automatically assigned from within the tool and thus saving manual workload. If you already have a ticket system that is used within your organization then integrating with that would be a good option since then you can track, compare, and manage tickets there and not forcing users to learn additional software for their job duties.

If the risk levels already are defined, then changing them within the OUTSCAN/HIAB solution is best practice instead of having a mapping or two competing risk levels that may cause confusions in critical situations later.

In order to change the levels (both name and priority), click on the settings button in the upper right corner next to the question mark ( ? help) on the Tickets page. Then the following dialog is displayed where you can define your risk levels.

image2019-12-20_11-4-25.png

If tickets are handled externally, then check the setting to automatically close tickets once the vulnerability referred to it is resolved. This prevents tickets from staying open after the issue has been resolved.

Ticket automation

Regarding automatically assigning tickets to a user, this is done in the Event Notification system. There are several events that all start with the name Finding and those can be used to automatically assign a ticket to a pre-defined user. Below you see an example of new risk automatically being assigned to Jane Doe for targets where she is registered to receive high risks for.

image2019-12-20_11-8-43.png


The Tickets Interface

The Tickets module is used to manage different assignments with individual users that have access to the ticketing module. Access to the Tickets module can be managed under the Roles tab in the Manage Users module.
To access Tickets, open the Main Menu located in the lower left corner.

Tickets Grid Window

Tickets02

The Tickets grid includes different columns. To enable or disable a column click the arrow next to the name of any column. In the displayed drop-down menu there is a field called Columns which lists the available columns. Most of these columns allow filtering, this provides the option to display a subsection of all available data. To enable filtering, access the same drop-down menu as for columns and click Filters.

 Tickets03


The available columns for the Tickets grids are:

Option

Description

Assignee

Whom the ticket has been assigned to.

Due Date

Due date of the ticket.

Finding

The name of finding for which this ticket was created for.
This will be empty if the ticket concerns with multiple findings or origin is Custom type.

Host name

Name of the host affected. (Empty for custom type.)

Priority

Displays the priority of the ticket where P5 is the highest.

  • P1
  • P2
  • P3
  • P4
  • P5

Report Date

The date of the report which the ticket was created from. (Empty for custom type.)

Script ID

Script ID of the finding which the ticket will trigger for. (Empty for custom type.)

Status

Status of the ticket.

  • New
  • Assigned
  • Resolved
  • Reopened
  • Verified
  • Rejected

Summary

Summary of the ticket.

Target

The target which the finding/report was reported/created for.

Task ID

ID of the ticket.

Ticket Origin

Where the ticket originated from:

  • WAS
  • PCI
  • Report
  • Custom

Type

The type of the ticket:

  • Finding: when a ticket is related to a single finding.
  • Report: when a ticket is related to the whole report of the target.
  • Custom: if the ticket was manually created by the user.

Verified

Displays the status of the finding which this ticket is created for:

  • Not verified
  • No longer present
  • Still present


Manage Tickets

Assigning new tickets is performed from either Reporting Tools, PCI Reports, or from Tickets.
To create and assign a new ticket from the Tickets grid window press New in the upper left corner. This displays the Maintaining Ticket window where you can edit the Summary, Priority, Status, Due Date, Assignee, and add comment for the ticket.

Tickets04

Right clicking a ticket in the Tickets grid provides different actions to choose between:

Option

Description

Add Comment

Add comment for the specific ticket

New

Create a new ticket

Delete

Delete the specific ticket

Edit

Edit the specific ticket


Marking multiple entries by holding CTRL and left click makes it possible to either use Delete to delete multiple tickets or Add Comment to add comments to multiple tickets. These two options are available in the top menu bar of the grid.
Exporting a report from the Tickets grid is done by clicking Export in the lower left corner of the window. The available formats are PDF and Excel. This report includes information about all tickets in the Tickets grid.

Tickets Settings

Clicking the Settings icon in the upper right corner of the window toolbar provides access to the tickets settings:

Tickets05

The priority list can be used to select fewer ticket levels than the original 5.
When a Label is defined on a priority level, it is displayed instead of the default P1-5 name in the drop-down throughout the system.
Default due days is a configuration option that automatically sets the due date based on the setting here and the selected priority upon creation of the original ticket.

Options

Description

Priority P1-P5

Able to mark it as active or not, set a value for default due days and rename it.

Note

 P5 is checked as default and cannot be unchecked.

Automatically close verified tickets

It enables the system to close tickets when it has been verified.

Include vulnerability details in email

Include the details of the vulnerability found in the email for the ticket.
This is the default setting for Include vulnerability details in email checkbox, where you create tickets for the finding.
The check box Include vulnerability details in email in Create Ticket window in Reporting Tools, PCI, WAS will be loaded with the default value defined here.

Send Ticket Notifications

Enable this option to allow the system to send email notifications when a ticket is created, changes status, and is closed.

Send Ticket Overdue Notifications

Send a notification to the assignee once a ticket is overdue.

Remove all tickets

Removes all tickets that are visible in the Tickets grid.