Docy

Manage Ticket Orchestrator Business Rules

Manage Ticket Orchestrator Business Rules

Only Admins can manage business rules.

View Ticket Orchestrator Business Rules

Admins can view business rules in list view or grid view, and can toggle between grid and list views using the button besides the Refresh button.

image1.png
image2.png

You can expand each folder to see the business rules in that folder. User can also delete the whole folder of business rules which will delete all the business rules in that folder.

image3.png

Create Ticket Orchestrator Business Rules

Admins can configure Ticket Orchestrator (TO) queries towards Netskope tenant(s) as business rules, allowing the user to specify which alerts to be used by TO to trigger ticket creation.

  1. Go to Ticket Orchestrator > Business Rules.
  2. Click on Create new rule and enter a rule name.
  3. Select or enter a query in the alert filter. At least one filter must be selected.

    Tip

    Filters can be copied from the alert table and applied to a business rule.

    image4.png
  4. Enter the folder name that you want to add it to, or you can select the existing folders. At max you can have 3 levels of hierarchy.
  5. Click Save.
    image5.png

Perform Actions on Ticket Orchestrator Business Rules

Admins can manage all the business rules from a single place on the platform at the “Business Rules” page. You can mute one or multiple business rules, edit the query for business rules, or delete the business rules from this page.

image6.png

Mute a Ticket Orchestrator Business Rule

Muting can be used to temporarily ignore any new alerts that would normally generate a ticket workflow.

image7.png

Delete a Ticket Orchestrator Business Rule

To delete a business rule, select the Trash icon on the rule and confirm the action.

image9.png

Add or Delete Muting Rules to Ticket Orchestrator Business Rules

This function is used to filter known and acknowledged activities so that new tickets are NOT created using a match criterion. For example, the admin could mute on a particular user so that new tickets for the Dropbox test would not be opened when that user was attached to the alert.

Add or Edit Deduplicate Rules to Ticket Orchestrator Business Rules

You can add deduplication rules or mute deduplication rules to the business rules to deduplicate all the matching alerts into a single ticket on the target platform. Create a rule using a query for a specific match or use fields for a more generic approach to matching on anything associated with that field. For all the matching alerts, only a single ticket will be created and updated.

Duplicated rules can also be edited.

image34.jpeg

Copy Filters from the Alert Table and Apply to a Ticket Orchestrator Business Rule

Both Admins and Users can copy a filter for a business rule. TO maintains the database of Alerts captured from configured plugins. Users can list the available Alerts, view the metadata and filter the Alerts.

  1. Go to Alerts. The Alerts page shows all alerts matching any configured filter in the plugin configuration. The list is paginated with a default alert display count of 10. The records are sorted in descending order of alert timestamp from most to least recent occurrence.
  2. An Admin can create a negative filter by selecting Not in the upper left hand corner. For more than one filter criteria, move the mouse to the upper right of the filter box to see and select the Add rule option.
    image36.jpeg
  3. Next, select the appropriate comparison operator And / Or by moving the mouse over the And button in the upper left, creating a multi-variable match as shown in the screenshot below. Individual rules can be deleted by clicking on the red trash icon to the right of the rule.
  4. For alternative multi-data criteria, select Add group. Rules will be processed from top to bottom.
  5. Click Clear to remove the custom filter; the UI will fall back to the default filter and Alerts matching the default filter will be listed as the screen refreshes.
  6. After selecting the desired filter, click Apply Filter. Alerts matching the filtering criteria will be listed.
  7. Users can copy the filter string so it can be used as a filter query in the plugin configuration.
  8. Also users can enter the filter query manually and can load the filters according to the query.
  9. Expand row functionality in table by clicking on the down carrot to see more detail about individual alerts.

Create Ticket Orchestrator Business Rules from Filtered Alerts

Admins can create business rules from the Alerts page when the filter is applied. A business rule based on the filtered query will be created when the File Plus icon is clicked.

Share this Doc
In this topic ...