Request Tracker is enterprise grade ticketing system. Many organisations use Request Tracker for Incident Response (RTIR) to track, respond to and deal with reported security events.
In the following article we would like to introduce Request Tracker integration with Energy SOAR. This integration was tested with RT 5.0.2 and RTIR 5.0.1.
Using this integration you can take different actions. For example:
- Search for tickets with queries,
- Get ticket details,
- Update tickets.
To configure RT on Energy SOAR just add instance details such as URL and user token.
Then add RT node to your workflow. In the following use case we get incidents, read ticket details and update the incident. You can extend the workflow by adding additional analysis nodes to update incidents with reputation information from Threat Intelligence regarding objects related to the incident.
To get a ticket details provide Ticket ID:
The last node updates incident details. You can even update your custom fields:
