Skip to content

Ticketing Overview

BreachSpider tickets are remediation tracking records that bridge the gap between vulnerability discovery and remediation completion. They are not a full-featured ticketing system -- they are a lightweight tracking layer that connects BreachSpider findings to your existing workflow tools.

Why Ticket Within BreachSpider

Even if you use Jira, ServiceNow, or another ticketing platform, creating a BreachSpider ticket linked to the CVE and asset produces a traceable connection between the vulnerability intelligence and the remediation action. This connection is what auditors need to verify:

  1. CVE found -- the finding was generated by the matching engine.
  2. Ticket opened -- a remediation action was initiated.
  3. Ticket closed -- the remediation was completed (or risk formally accepted).

Every step is logged in the audit log with timestamps, actors, and reasons. This chain of custody is the core evidence for NERC CIP-007 patch management compliance and IEC 62443 vulnerability management documentation.

Two Ways to Create Tickets

Manual Ticket Creation

You review a finding and decide it needs a remediation ticket. Click Create Ticket on the finding, fill in the details, and route it to the appropriate destination. See Creating a Ticket Manually.

Automatic Ticket Rules

You define rules that create tickets automatically when trigger conditions are met. When a new KEV entry matches your assets, a ticket is created and routed without manual intervention. See Auto-Ticket Rules.

Both methods produce the same ticket record in BreachSpider and the same audit log entries.

Three Destination Types

Tickets can be routed to three destination types:

Email: Sends a formatted ticket notification to any email address. Available on all paid tiers. The simplest integration -- no setup beyond an email address.

Jira: Creates an issue in your Jira project. Available on Professional tier and above. Requires a Jira integration connection (API token, project key, issue type). See Jira Integration.

ServiceNow: Creates an incident in your ServiceNow instance. Available on Professional tier and above. Requires a ServiceNow integration connection (instance URL, credentials, assignment group). See ServiceNow Integration.

Ticket States

Every ticket has a state that tracks its lifecycle:

State Meaning
Open Remediation is in progress. The ticket was created and is awaiting action.
Closed Remediation is complete or risk has been formally accepted.
Reopened A previously closed ticket that needs attention again.

See Open Close Reopen Workflow for the full lifecycle documentation.

Ticket Fields

Each ticket contains:

  • Title: A summary of the remediation need. Pre-populated from the CVE title when created from a finding.
  • Description: Detailed context including CVE description, SAGE summary, affected asset, and remediation guidance. Pre-populated when created from a finding.
  • CVE ID: The linked vulnerability.
  • Asset ID: The affected asset in your environment.
  • Environment: The environment containing the affected asset.
  • Assignee: The person or team responsible for remediation.
  • Due date: The target date for remediation completion.
  • Priority: Pre-populated from the BCS score. Critical, High, Medium, or Low.
  • Destination type: Email, Jira, or ServiceNow.
  • State: Open, Closed, or Reopened.
  • Created by: The actor who created the ticket (or "auto-rule" for automated tickets).
  • Created at: Timestamp of ticket creation.

Tickets and Findings

Creating a ticket does not automatically acknowledge the linked finding. Closing a ticket does not automatically acknowledge the finding either. These are intentionally separate actions:

  • The ticket tracks the remediation work.
  • The acknowledgment documents your evaluated position on the finding.

After closing a ticket (patch applied), go to the finding and acknowledge it with the appropriate reason. This ensures both the remediation work and the vulnerability assessment are independently documented in the audit trail.

Viewing Tickets

Navigate to your environment and click the Tickets tab to see all tickets for that environment. Tickets are listed with:

  • Title
  • Linked CVE ID
  • Assignee
  • Priority
  • State (Open, Closed, Reopened)
  • Due date
  • Created date

Filter by state to see only open, closed, or reopened tickets.