All Collections
Settings and Account
Ticket Template Customization
Ticket Template Customization

Learn all about customizing tickets' template and content

Updated over a week ago

About

In response to your valued feedback, we're excited to introduce a highly requested enhancement to the Vulcan Cyber Platform - Ticket Template Customization. We understand that vulnerability remediation is established when efficient communication happens. Through the Ticket Template Customization, you can shape the ticket content to match the organization's needs.

How?

Customizing a ticket is made easy by utilizing an array of available parameters and the flexibility of free-text input.

Support and Limitations

Ticket Customization is only applicable to tickets opened using the Unique Vulnerabilities table through the Take Action for one or multiple vulnerabilities, or generated automatically via Playbooks "Separated by Unique Vulnerabilities" and "Aggregate all Vulnerabilities".

Benefits

Use the organizational terminology

We know that each organization operates with its distinct terminology and processes. With the Ticket Template Customization feature, you're now in complete control. No longer restricted to generic content, you can communicate remediation tasks using your preferred language and terminology. Whether aligning content with your organizational structure, adapting to various asset types, or catering to specific team requirements, this feature places customization in your hands.

Flexibility

The Ticket Template Customization offers a modular ticket template, a canvas to customize to your heart's content. This enables you to create a template that resonates with your team, ensuring every remediation action is clear and actionable.

Better remediation communication

By customizing the ticket template to include selective vulnerability information and actionable content directly aligned with the organizational preferences, you can simplify the remediation process for your team and encourage prompt action.

Creating Ticket Templates

You can customize the default Vulcan template or create new ticket templates:

  1. Go to your Vulcan Platform > Settings > Tickets

  2. Click on "Create Ticket Template" to create a new template. You can create as many templates as you want.

    • Vulcan Cyber template customization: Modify the default template or start from scratch for tailored communication.

    • Duplication and modification: Easily duplicate the template for further customization.

    • Template selection for tickets: Choose the ideal template directly when creating tickets and automation.

    • Enhanced communication: Ensure clear, actionable tickets tailored to your organizational language and remediation processes.

    Learn about all the available parameters and their availability across the ticket content blocks.

    Vulcan Default Template

  3. Click Save or Discard Changes.
    For the Vulcan Default template, you can always reset to system defaults by clicking "Reset to system defaults".

Ticket Parameters Description

Parameter

Return Value Description

Return Value Format and Example

Business Groups

The names of the business groups impacted by the vulnerability(ies) in the ticket

BusinessGroupName1, BusinessGroupName2, Business GroupName3.

Count of Assets in Ticket

The number of assets associated with the vulnerabilities in the ticket

7

Count of Unique Vulnerabilities in Ticket

The number of unique vulnerabilities associated with the ticket

7

Count of Vulnerability Instances in Ticket

The number of vulnerability instances associated with the ticket

7

Highest Risk Level

The highest risk level among the vulnerabilities listed in the ticket

Critical

One Asset Name

If the ticket has many assets, it displays the first name on the list.

ivanti-client1

One Vulnerability Name

If the ticket has many vulnerabilities, it displays the first name on the list.

Apache HTTP Server mod_mime Buffer Overread

Sender Name

The username of the person who opened the ticket or created the playbook

chris@organization.com

Smart Subject

Option 1: If the ticket contains one vulnerability and multiple assets, the {{smart subject}} parameter will display the return values of the following parameters:
{{count of assets in ticket}} assets - {{one vulnerability name}}

Option 2: If the ticket contains one asset and multiple vulnerabilities, the {{smart subject}} parameter will display the return values of the following parameters:

{{one asset name}} - {{count unique vulnerabilities}} vulnerabilities

Option 3: If the ticket contains multiple assets and multiple vulnerabilities, the {{smart subject}} parameter will display the return values of the following parameters:

{{count of assets in ticket}} assets - {{count unique vulnerabilities}} vulnerabilities

Option 4: If the ticket contains one vulnerability and one asset, the {{smart subject}} parameter will display the return values of the following parameters:

{{one asset name}} - {{vulnerability name}}

Option 1:

5 assets - SQL injection

Option 2:

Vulcan.io-frontend - 6 vulnerabilties

Option 3:

5 assets - 6 vulnerabilities

Option 4:

Vulcan.io-frontend - SQL injection

Soonest SLA

The date of the soonest SLA associated with the ticket,
in yyyy-mm-dd format

2023-05-23

Ticket Max Score

The highest max score among the vulnerability instances listed in the ticket

Max score
100

Vulnerability Header

Option 1: If the ticket contains one vulnerability, the {{vulnerability_header}} parameter will return the value: vulnerability

Option 2: If the ticket contains two or more vulnerabilities, the {{vulnerability_header}} parameter will return the value: vulnerabilities

Remediation Work Form Link

A remediation work form URL will be generated for the user to view vulnerability instances and their details through the remediation ticket and submit an exception request for part or all instances.

https://tenantname.vulcancyber.com/#/report/remediation-form?ticket=5o675yqc8

SLA Policy Configuration

The details of the SLA policies associated with the vulnerabilities in the ticket

**Global SLA policy** Critical 1 , High 2 , Medium 3, Low 7, Nonne 14

**Policy name1** Critical 3 , High 4 , Medium 10, Low 20, None 14

**Policy name2** Critical 5 , High 4 , Medium 7, Low 24, None 14

**Policy name3** Critical 7 , High 6 , Medium 15, Low 20, None 14

Affected Assets

A list of the assets affected by the vulnerability

Each asset type has its own type of return value.


If the associated assets are up to 10, the ticket content displays the asset names. If more, only 5-6 names are included in the ticket body. The rest of the assets list is in the ticket CSV attachment.

Affected Hosts

- ivanti-client1 10.100.100.5

- <Asset name 2>

- <Asset name 3>

- <Asset name 4>

- <Asset name 5>

+ 56 assets, information attached to excel

Affected Code projects (Repository/Code project)

-Repository/minisites/kidsweek13/includes/global.php

- Repository/onlinetests/college/includes/global.php

- Repository/images/gamesandmobile/clueoftheday/index.php

- Repository/includes/global.php

- Repository/onlinetests/affiliates/alreadyregistered.php

+ 1234 code projects, information attached to Excel

Websites

- https://exampleurl.com

- <URL 2>

- <URL 3>

- <URL 4>

- <URL 5>

+ 420 website URLs, information attached to Excel

Affected images

- 1971875867850.dkr.ecr.us-east-2.amazonaws.com/beyond/audit-dal@sha256:460c56e069a5

- <image 2>

- <image 3>

- <image 4>

- <image 5>

+ 378 images, information attached to Excel

Affected Cloud Resources

- arn:aws:s3:::accountatest

- <cloud resource 2>

- <cloud resource 3>

- <cloud resource 4>

- <cloud resource 5>

+ 393 cloud resources, information attached to Excel

Affected Vendor

The name of the vendor affected by the vulnerability

Mozilla

Attack Vectors

A list of the attack vectors threat tags associated with the vulnerability

If there is no attack vector, the following will be displayed: No attack vector found

Attack vector

  • Remote

  • Unauthenticated

CVEs

A list of CVEs associated with the vulnerability, including hyperlinks to the CVE details published on the National Vulnerability Database website

CVEs

- CVE-2019-11708

- CVE2

- CVE3

- CVE4

- CVE5

Vulnerability CVSS Score

The CVSS score of the vulnerability

CVSS score
9

CWEs

A list of CWEs associated with the vulnerability

CWEs

- CWE-20

- CWE-22

Vulnerability Description

A description of the vulnerability

Vulnerability description
Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitrary code on the user's computer. This vulnerability affects Firefox ESR < 60.7.2, Firefox < 67.0.4, and Thunderbird < 60.7.2.

Exploitability List

A list of exploitability threat tags (Intelligence Threat Tags) associated with the vulnerability

- Exploitable

- Malware

- Weaponized

High Impact Assets Tag

A list of high-impact asset tags associated with the assets in the ticket

16 High impact tags

- Production

- External Facing

- tag3

- tag4

- tag5

+ 11 tags

Vulnerability Max Risk Level

The highest risk level among the vulnerability instances of the unique vulnerability

Maximum risk level
Critical

Vulnerability Max Score

The highest risk score among the vulnerability instances of the unique vulnerability

Maximum score
98

Vulnerability Name

The name of the vulnerability

SQL Injection

Remedies

A description of the available remedies available for the vulnerability.

Note: All the relevant remedies are attached in a CSV file to the ticket.

If multiple vulnerabilities are in the same ticket, only the number of remedies is mentioned:

Remedies

6 remedies available in Vulcan

If only one vulnerability in the ticket, up to 10 remedies can be included in the body of the ticket:

The Remedies
---------------------

1. Fortify Recommendations for Insecure Deployment: Unpatched Application

Vendor: Unknown

Description:
Since currently there is no known information about this vulnerability, the recommendation is to remove this file if it is not needed for the production server.

Reference: CVE: None

CheckName: HTTP-ALL-WEBLOG

2. X Recommendations for <Vulnerability>: <remedy description>

3. ....

Vulnerability Tags

A list of the tags associated with the vulnerability.

Vulnerability tags

tag1, tag2, tag3, tag4, tagn

Vulcan Link

A URL to vulnerability details on the Vulcan Platform.

**See in Vulcan** <https://tenantname.vulcancyber.com/#/app/vulnerabilities?vuln=1727634>

Ticket Parameters Availability

There are various parameters available in the ticket customization template. Some parameters can be used in specific blocks in the ticket template, while others can be used in several blocks. The table below summarizes the entire list of parameters and where they can be used in the ticket template.

Parameter

Ticket summary/ email subject

Description Header

Vulnerability repeatable block

Description Footer

Business Groups

Count of Assets in Ticket

Count of Unique Vulnerabilities in Ticket

Count of Vulnerability Instances in Ticket

Highest Risk Level

One Asset Name

One Vulnerability Name

Sender Name

Smart Subject

Soonest SLA

Ticket Max Score

Vulnerability Header

Remediation Work Form Link

SLA Policy Configuration

Affected Assets

Affected Vendor

Attack Vectors

CVEs

Vulnerability CVSS Score

CWEs

Vulnerability Description

Exploitability List

High Impact Assets Tag

Vulnerability Max Risk Level

Vulnerability Max Score

Vulnerability Name

Remedies

Vulnerability Tags

Vulcan Link

Related Articles
Vulcan ConnectX (Vulcan Report) Connector
PrismaCloud Compute (CWPP) Connector
Wiz Connector
CrowdStrike Connector
Threat Intelligence Sources and Logic
Did this answer your question?