You can use the ticketing system to manage the remediation work flow and delegate remediation tasks. Each ticket is associated with an asset and contains information about one or more vulnerabilities discovered during the scanning process.
Click the Tickets icon to view all active tickets. The console displays the Tickets page.
Click a link for a ticket name to view or update the ticket. See the following section for details about editing tickets. From the Tickets page, you also can click the link for an asset's address to view information about that asset, and open a new ticket.
The process of creating a new ticket for an asset starts on the Security Console page that lists details about that asset. You can get to that page by selecting a view option on the Assets page and following the sequence of console pages that ends with asset. See Locating and working with assets.
When you want to create a ticket for a vulnerability, click the Open a ticket button, which appears at the bottom of the Vulnerability Listings pane on the detail page for each asset. See Locating assets by sites. The console displays the General page of the Ticket Configuration panel.
On the Ticket Configuration–General page, type name for the new ticket. These names are not unique. They appear in ticket notifications, reports, and the list of tickets on the Tickets page.
The status of the ticket appears in the Ticket State field. You cannot modify this field in the panel. The state changes as the ticket issue is addressed.
Note: If you need to assign the ticket to a user who does not appear on the drop down list, you must first add that user to the associated asset group.
Assign a priority to the ticket, ranging from Critical to Low, depending on factors such as the vulnerability level. The priority of a ticket is often associated with external ticketing systems.
Assign the ticket to a user who will be responsible for overseeing the remediation work flow. To do so, select a user name from the drop down list labeled Assigned To. Only accounts that have access to the affected asset appear in the list.
You can close the ticket to stop any further remediation action on the related issue. To do so, click the Close Ticket button on this page. The console displays a box with a drop down list of reasons for closing the ticket. Options include Problem fixed, Problem not reproducible, and Problem not considered an issue (policy reasons). Add any other relevant information in the dialog box and click the Save button.
Go to the Ticket Configuration—Vulnerabilities page.
Click the Select Vulnerabilities... button. The console displays a box that lists all reported vulnerabilities for the asset. You can click the link for any vulnerability to view details about it, including remediation guidance.
Select the check boxes for all the vulnerabilities you wish to include in the ticket, and click the Save button. The selected vulnerabilities appear on the Vulnerabilities page.
You can update coworkers on the status of a remediation project, or note impediments, questions, or other issues, by annotating the ticket history. As Nexpose users and administrators add comments related to the work flow, you can track the remediation progress.
The console displays a box, where you can type a comment.
The console displays all comments on the History page.