Skip to content

Creating a Ticket Manually

Manual ticket creation is the standard workflow when you review a finding and decide it needs tracked remediation. BreachSpider pre-populates ticket fields from the finding data, so you only need to specify the assignee, due date, and destination.

Creating from a Finding

  1. Open the finding in your environment's findings list (click the CVE card).
  2. Click Create Ticket.
  3. Fill in the ticket form:

Title (pre-populated): The CVE title from the finding. Edit if you want a more specific title for your team. Example: change "Siemens S7-1500 Buffer Overflow" to "Patch S7-1500 Line 3 Controller - CVE-2025-32433".

Description (pre-populated): Includes the CVE description, SAGE summary, affected asset name, BCS score, CVSS score, patch status, and remediation guidance. Review and edit as needed. Add internal context your team needs (maintenance window requirements, vendor contact, approval needed).

Assignee (required): The email address of the person or team responsible for remediation. This can be a person ([email protected]) or a group address ([email protected]).

Due date (recommended): When the remediation should be completed. Consider your organization's SLAs:

  • KEV findings: Federal guidance recommends 14-21 days for agencies. Private sector should aim for similar urgency.
  • Critical/High BCS findings: within the next maintenance window.
  • Medium BCS findings: within the next patch cycle.

Priority (pre-populated from BCS score): Critical, High, Medium, or Low. Adjust if your operational context warrants a different priority than the automated assignment.

Destination type (required): Choose how the ticket is delivered:

  • Email: Sends a formatted email to the assignee.
  • Jira: Creates an issue in your connected Jira project.
  • ServiceNow: Creates an incident in your connected ServiceNow instance.

Destination details: For email, enter the destination email address. For Jira and ServiceNow, select the configured connection.

  1. Click Create.

The ticket is logged in BreachSpider and sent to the destination.

Creating from the Tickets Tab

You can also create a ticket without starting from a specific finding:

  1. Navigate to your environment.
  2. Click the Tickets tab.
  3. Click New Ticket.
  4. Manually fill in all fields: CVE ID, asset, title, description, assignee, due date, priority, and destination.

Use this workflow when you want to create a ticket for a CVE that is not yet in your findings (perhaps you learned about it from an external advisory) or when you need to create a ticket not directly linked to a specific finding.

Creating via API

curl -X POST \
  -H "Authorization: Bearer bs_live_..." \
  -H "Content-Type: application/json" \
  -d '{
    "cve_id": "CVE-2025-32433",
    "asset_id": 42,
    "title": "Patch Erlang/OTP SSH server - CVSS 10.0",
    "description": "Critical pre-auth RCE. Patch to OTP-27.3.3 immediately.",
    "assignee_email": "[email protected]",
    "due_date": "2026-06-14",
    "priority": "critical",
    "destination_type": "email",
    "destination_email": "[email protected]"
  }' \
  "https://breachspider.com/api/v1/environments/5/tickets"

Response:

{
  "status": "success",
  "data": {
    "id": 101,
    "cve_id": "CVE-2025-32433",
    "asset_id": 42,
    "title": "Patch Erlang/OTP SSH server - CVSS 10.0",
    "assignee_email": "[email protected]",
    "due_date": "2026-06-14",
    "priority": "critical",
    "state": "open",
    "destination_type": "email",
    "created_at": "2026-06-07T12:00:00Z"
  }
}

Email Ticket Format

When the destination is email, the recipient receives a formatted message with:

  • Subject: [BreachSpider Ticket] CRITICAL - Patch Erlang/OTP SSH server - CVE-2025-32433
  • Body: title, CVE ID, BSID, affected asset, environment, BCS and CVSS scores, SAGE summary, patch status, remediation guidance, due date, and a direct link to the finding in BreachSpider.

After Creating

The ticket appears in your environment's Tickets tab with state: Open. The creation is logged in the audit log as TICKET_CREATED with the full ticket details including CVE, asset, assignee, and destination.

The linked finding remains in your active findings list. Remember: creating a ticket does not acknowledge the finding. These are separate actions that serve different purposes in the audit trail.