Ticketing Tool Integration
With Log360 UEBA, you can efficiently manage security incidents by raising tickets for alerts that are generated.
Configure Ticketing Tool
Under the Alerts tab, click on the icon and choose Ticketing Tool Integration to configure an external help desk - ServiceNow, Jira Service Desk, Zendesk, Kayako, or ManageEngine AlarmsOne. Then, follow the following steps based on the ticketing tool used.
For ServiceNow:
To configure Log360 UEBA with ServiceNow
- Enter the ServiceNow Sub Domain name.
- Enter the login name and password of a valid account in the ticketing tool.
- Enter a short description and a description for the alert. You can select them from a predefined list available under Macros or type your own descriptions.
- Click the Test and Save button to establish communication and complete configuration.
For Jira Service Desk:
To configure Log360 UEBA with Jira Service Desk, you would first need to get a few details from your Jira ticketing tool.
- After logging into your Jira Service Desk account, click the settings icon on the top right corner and select Projects.
- In the project list, note down the Key corresponding to the project in which you want your tickets to be raised.
- Navigate to the Issues tab and reenter your username and password when prompted.
- Note down the type of issues that the particular project can hold. The issues raised from Log360 UEBA should have the same type for a ticket to be successfully raised in Jira Service Desk.
- Close Jira Service Desk and open Log360 UEBA to complete the configuration process.
To configure Log360 UEBA with Jira Service Desk:
- Enter the Jira Service Desk server name or IP address.
- Enter the port number.
- Choose the protocol for communication - HTTP/HTTPS. If you choose HTTPS, please ensure you have imported the ticketing tool's SSL certificate in to Log360 UEBA's JRE Certificate store before configuring Jira Service Desk.
- Enter the login name and password of the account having admin privileges.
- Enter the project ID. This is the Key of the particular project noted from the ticketing tool.
- Enter the type of issue. This needs to be the same as the issue type that the project has been configured to hold.
- Enter a summary and description for the alert. You can select it from a predefined list available under Macros.
- Click the Test and Save button to establish communication and complete configuration.
For Jira Service Desk (Cloud)
To configure Log360 UEBA with Jira Service Desk (Cloud)
- Enter the Jira Sub Domain name.
- Enter the valid Email ID.
- Enter the API key. You can also follow the guide available there to generate the API key.
- Enter the associated Project ID.
- Enter the type of issue
- Enter the Username
- Enter a Summary (short message for the alert) and a Description about the alert. You can use the Macros for a predefined list of summaries and descriptions.
- Click the Test and Save button to establish communication and complete configuration.
For Zendesk (using OneAuth authentication)
To configure Log360 UEBA with Zendesk, you would first need to get a few details from your Zendesk ticketing tool.
- In Admin Center, click on Apps and integrations in the sidebar, then select APIs > Zendesk APIs.
- Click the OAuth Clients tab on the Zendesk API page, and then click Add OAuth client on the right side of the OAuth client list.
- Enter the client name, description, and name of the company. Select a logo.
- The value that appears corresponding to Unique Identifier needs to be saved in a separate document. This would be needed while configuring Zendesk in Log360 UEBA.
- Once you click Save, a secret code will appear above the Save button. Click Copy and save it in a separate document. This would also be needed while configuring Zendesk in Log360 UEBA.
- Click Close and open Log360 UEBA to complete the configuration process.
From the Ticketing Tool drop-down list, select Zendesk.
- Enter the Zendesk subdomain name.
- Enter the Login Name and Password of a valid account in the ticketing tool.
- Enter the Client ID in the corresponding field. This is value of the Unique Identifier noted from the ticketing tool.
- Enter the Client Secret ID in the corresponding field. This is the value of the secret code obtained from the ticketing tool.
- Enter a subject and a message for the alert. You can select them from a predefined list available under Macros or type your own.
- Click the Test and Save button to establish communication and complete configuration.
For Zendesk (using Basic API authentication)
To configure Log360 UEBA with Zendesk:
- Enter the Zendesk subdomain name.
- Choose the Basic API authentication method.
- Enter a valid Email ID.
- Enter the valid API key. You can use the link available to generate an API key.
- Enter a subject and message to describe the alert. You can use the Macros to access a predefined list of alert subjects and messages.
- Click the Test and Save button to establish communication and complete configuration.
For ManageEngine AlarmsOne:
To configure Log360 UEBA with ManageEngine AlarmsOne:
- Open Log360 UEBA's Ticketing Tool Integration page and select ManageEngine AlarmsOne in the Ticketing Tool field.
- Now, enter the Webhook URL. You can generate the webhook URL using the link next to the field.
- Enter a subject and a message for the alert. You can select them from a predefined list available under Macros or type your own.
- Click the Test and Save button to establish communication and complete configuration.
For Kayako:
To configure Log360 UEBA with Kayako:
- Enter the Kayako subdomain name.
- Enter a valid Email ID and password in the ticketing tool.
- Enter a subject and message for the alert. You can select the subject and messages from a predefined list available under Macros.
- Click the Test and Save button to establish communication and complete configuration.
Alerts Tab
After successfully configuring the ticketing tool of choice, the Alert profiles configuration page should look something like this. You can select alert profiles in the ticketing tool configuration, and a ticket will automatically be raised in the configured ticketing tool when the corresponding alert is triggered in Log360 UEBA. Once you've completed selecting the alert profiles, click Update. You can also view the Connection Status and the associated server of the configured Ticketing tool.
How to import SSL Certificate into Log360 UEBA.
You will have to import the SSL certificate of the ticketing tool into Log360 UEBA's JRE certificate store when you opt for a HTTPS connection.
To import the certificate into Log360 UEBA's certificate store, follow the steps below:
- Place your ticketing tool server's certificate in your browser's certificate store by allowing trust when your browser throws up an error saying that the certificate is not trusted.
Skip this step if your ticketing tool webpage is accessible.
- Export the certificate of your ticketing tool as a DER/CER/PEM file from your browser.
- Chrome: On the ticketing tool webpage, click on warning icon in the address bar → Certificate → Details tab → Copy to File... → Select DER → Save file
- Internet Explorer: On the ticketing tool webpage, click on shield icon in the address bar → View certificates → Details tab → Copy to File... → Select DER → Save file
- Firefox: On the ticketing tool webpage, click on padlock icon in the address bar → Right Arrow → More Information → Security → View certificate → Download file
- Use the keytool utility to import the certificate into Log360 UEBA's JRE certificate store.
Use the command:
keytool -import -alias <ticketing-tool-server-name> -keystore <Log360 UEBA installation directory>/lib/security/cacerts -file <path-to-certificate-file>
Enter the keystore password. Note that the default password is changeit