Create a ServiceNow or JIRA Ticket

If you use ticketing or case management services in your environment, such as JIRA or ServiceNow, you can use out of the box workflows to automatically create tickets from your Investigations.

Before You Begin

After you install the Insight Orchestrator, make sure that you configure the appropriate connections for automating workflows.

Create a Ticket with ServiceNow

To configure a workflow that will automatically create a ticket in ServiceNow:

  1. From your InsightIDR homepage, select Investigations from the left menu.
  2. Open the desired investigation. You will see a timeline of events involving the user.
  3. From the Select an Action Category dropdown, select Custom Workflows.
  4. From the Select an Automation Action to Take dropdown, select Create Incident Report in ServiceNow.
  5. Select the ServiceNow connection you want to use and click Continue.
  6. Select the Associated Alert.
  7. Select the Associated Actor.
  8. Select the Associated Asset.
  9. Click Take Action.

The event will appear on the Investigation timeline when the process completes.

Create a Ticket with Jira

To configure a workflow that will automatically create a ticket in Jira:

  1. From your InsightIDR homepage, select Investigations from the left menu.
  2. Open the desired investigation. You will see a timeline of events involving the user.
  3. Click the Take Action button. The Take Action panel appears.
  4. From the Select an Action Category dropdown, select Custom Workflows.
  5. From the Select an Automation Action to Take dropdown, select Create Issue in Jira.

You can only create a Story ticket

You can only automatically create Story tickets in Jira from an InsightIDR workflow. If you have a license to InsightConnect, Rapid7’s SOAR tool, you can automatically create other Jira ticket types from an InsightIDR workflow.

  1. Select the Jira connection you want to use and click Continue.
  2. Select the Associated Alert.
  3. Select the Associated Actor.
  4. Select the Associated Asset.
  5. Click Take Action.

The event will appear on the Investigation timeline when the process completes.