Ticketing Integrations

Ce produit n'est pas pris en charge par le site Datadog que vous avez sélectionné. ().
Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.
Disponible pour:

Cloud SIEM | Workload Protection | App and API Protection | Code Security | Cloud Security

You can use Datadog Case Management to manage tickets in third-party tools like Jira and ServiceNow. For details, see Case Management integration with third-party ticketing tools.

This page discusses using Datadog Security with Datadog Case Management for ticketing management.

Case management and security products

Case Management is supported for all security products that use signals or findings:

Open any signal or finding in these products or do a bulk selection of findings in the explorers, and use the Create Ticket button to create a case in Datadog.

Bidirectional ticket syncing

Bidirectional syncing enables you to update tickets automatically when changes occur in Datadog, and update some Datadog information when changes occur in your ticketing tool.

Supported products

Bidirectional syncing is supported for the following Code and Cloud Security finding categories:

  • Libraries (SCA)
  • Static Code (SAST)
  • Runtime Code (IAST)
  • Secret Scanning
  • Infrastructure as Code (IaC)
  • Misconfigurations
  • Identity Risks
  • Host and Container Vulnerabilities
  • App and API Protection
  • Workload Protection

Single source of truth

Bidirectional syncing enables you to sync tickets with Datadog cases. However, Datadog is the single source of truth for issue detection and resolution.

A Datadog finding’s related ticket can be closed manually. However, the Datadog finding remains open if Datadog cannot confirm that the issue is fixed. This restriction helps ensure that a finding is not closed and removed when someone closes a related ticket.

Closing a Datadog case without remediation does not close the finding either.

Remediation of the finding in Datadog or defining an exception by muting the finding are the only ways to close a finding. After the finding is remediated, its related cases and tickets are closed.

Set up bidirectional syncing

    The following steps set up bidirectional syncing with Jira and verify that setup is successful.

    1. Set up the following prerequisites in your Datadog account, or verify that they are set up already. The prerequisites are listed in their setup order.
      1. The Datadog Jira integration.
      2. A webhook for the Jira integration. Configuring a webhook enables cases created in Case Management to automatically create issues in Jira and keep both resources synced.
      3. A new Case Management project. A project is a container object that holds a set of cases.
      4. The Jira integration is configured within the project.
        1. Enable the Sync data between Case Management and Jira option.
        2. In Title, select Two-way sync.
        3. Complete the remaining settings, and then click Save changes.
    2. Verify that bidirectional Case Management integration with Jira is working:
      1. Open any product supporting bidirectional ticket syncing.
      2. Locate the ticketing dropdown option in the explorer or finding page and select Jira. The button opens a Jira Ticket modal.
      3. Verify that the Case Management <-> Jira Integration section exists and bidirectional sync is enabled.
    Modal used to create a Jira ticket for a Security finding, with bidirectional sync enabled.

    You are ready to start creating bidirectional Case Management tickets.

    If you do not see the Case Management <-> Jira Integration section, ensure that you have completed the prerequisites.

    The following steps set up bidirectional syncing with ServiceNow and verify that setup is successful.

    1. Set up the following prerequisites in your Datadog account, or verify that they are set up already. The prerequisites are listed in their setup order.
      1. The Datadog ServiceNow integration.
        1. Go to Settings > Integrations > ServiceNow > Case Management.
        2. Choose Datadog Cases ITSM as the case table for bidirectional sync.
      2. A Case Management project to link to your assignment group. A project is a container object that holds a set of cases linked to your ServiceNow table. If there is no linked project, Datadog creates a project when you create a ticket.
      3. For ITSM bidirectional sync, ensure ServiceNow users who update incidents have at least the itil role. See ServiceNow ITOM/ITSM setup for details.
    2. Verify that bidirectional Case Management integration with ServiceNow is working:
      1. Open any product supporting bidirectional ticket syncing.
      2. Locate the ticketing dropdown option in the explorer or finding page and select ServiceNow. The button opens a ServiceNow Ticket modal.
      3. Verify that the bidirectional sync is enabled for the configured Instance and Assignment Group.

    You are ready to start creating bidirectional Case Management tickets.

    If you do not see the Case Management <-> ServiceNow Integration section, ensure that you have completed the prerequisites.

    Create bidirectional tickets

    The following steps create a bidirectional ticket for a Security finding.

    1. Open any product supporting bidirectional ticket syncing.
    2. Locate the Ticketing icon dropdown option for a finding in the explorer or under Next Steps in the finding page.
    3. You can also select up to 50 findings at a time to create multiple tickets or one ticket for multiple findings.
    4. Select the third-party tool from the dropdown.
    5. Create a ticket for any third-party tool supported (see sections below).
    1. Open the Jira Ticket modal. You can use a new or existing ticket. Let’s look at creating a new Jira ticket.
    2. Complete the following settings:
      1. Jira account: select the Jira account where you want the ticket created.
      2. Jira Project: select the Jira project to use.
      3. Jira work type: select the Jira work type to create.
      4. Assignee and Priority: optionally select the assigned user and priority.
    3. To add more fields to the Jira ticket Datadog creates, use Add Optional Field to add the fields.
    4. View Data Sync Settings to review and update the Case Management Project linked and the bidirectional sync settings per field.
    5. Click Create.

    Notes:

    • Bidirectional sync with Jira is available for certain Jira ticket attributes, such as status, assignee, and comments, but not all Jira fields are available.

    1. Open the ServiceNow Ticket modal. You can use a new or existing ticket. Let’s look at creating a new ServiceNow ticket.
    2. Complete the following settings:
      1. Instance: select the ServiceNow instance where you want the ticket created.
      2. Assignment group: select the ServiceNow group to assign the ticket to.
    3. If you are creating a ticket for multiple findings, choose a creation mode:
      • Single Ticket: creates a single aggregated ticket linked to all selected findings.
      • Multiple Tickets: creates an individual ticket for each selected finding.
    4. View Data Sync Settings to review and update the Case Management Project linked and the bidirectional sync settings per field.
    5. Click Create.

    Notes:

    • Bidirectional sync is supported for ITSM mode only. ITOM events do not support bidirectional sync.

    • Attaching to an existing ticket is supported for ITSM mode only.

    • Only ServiceNow incident URLs are supported. Problem and change request URLs are not accepted.

    Manage bidirectional Case Management tickets

      Existing bidirectional Jira tickets are listed in the finding’s Ticketing or Next Steps sections.

      Here’s an example from a Static Code (SAST) finding:

      finding with existing Jira ticket: in the Next Steps section, under Ticket Created, a pill with the Jira logo and text 'CJT-16'

      Hover over the Jira ticket to see its details.

      Mouseover state for pill in previous image. Modal with Jira ticket details.

      Details such as assignee and status are provided along with a timeline of the Jira issue and Datadog case changes.

      Closed Jira tickets are green.

      In Datadog Associated Case, the related Datadog case is provided. Click the case name to open it in [Case Management][1].

      Existing bidirectional ServiceNow tickets are listed in the finding’s Ticketing or Next Steps sections.

      Hover over the ServiceNow ticket to see its details, including status, priority, and a timeline of changes synced between ServiceNow and Datadog.

      In Datadog Associated Case, the related Datadog case is provided. Click the case name to open it in [Case Management][1].

      Automatic detachment and ticket opening/closing

      Archiving a case does not delete related tickets, but deleting a case project detaches all tickets from related Security findings.

      Detaching a ticket from a Security finding does not delete it.

      If there are no open findings left attached to a ticket (because they are all detached or resolved or muted), it is automatically closed. Similarly, if at least one open finding is attached to a closed ticket (because it was attached or detected again or unmuted), it is automatically reopened.

      Bidirectional Case Management facets

      There are several case management facets under Triage, including:

      • Case Key
      • Jira Key
      • Case Status
      • Has ticket attached

      You can query attributes and create dashboards using these facets.

      Ticketing integration API

      The link between Datadog Cases and existing Security findings can be managed with the public API.

      Dedicated endpoints allow users to create Datadog case for existing security findings, attach security findings to an existing Datadog case, and detach security findings from their case.

      Users can also create Jira issues for security findings and attach security findings to a Jira issue.