OTRS
Service management suite that comprises ticketing, workflow automation, and notification. This integration was integrated and tested with versions 5, 6 and 7 of OTRS.
Prerequisite
You have to enable the webservices in your OTRS instance. It is recommended to use the provided template. This YAML configuration template includes the Route: /TicketList endpoint that is required for PyOTRS but which is not included in the default OTRS webservice setup.
Configure OTRS on Demisto
- Navigate to Settings > Integrations > Servers & Services.
- Search for OTRS.
- Click Add instance to create and configure a new integration instance.
| Parameter | Description | Required |
|---|---|---|
| server | OTRS Server URL (e.g. http://example.com\) | True |
| credentials | OTRS Credentials | True |
| unsecure | Trust any certificate (not secure) | False |
| proxy | Use system proxy settings | False |
| isFetch | Fetch incidents | False |
| incidentType | Incident type | False |
| fetch_queue | Queues to fetch tickets from ("Any" fetches from all queues. CSV supported, e.g., Misc,Raw) | False |
| fetch_priority | Fetch tickets in priority | False |
| fetch_time | First fetch timestamp (<number> <time unit>, e.g., 12 hours, 7 days, 3 months, 1 year) | False |
- Click Test to validate the URLs, token, and connection.
Commands
You can execute these commands from the Demisto CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
otrs-get-ticket
Retrieves details for an OTRS ticket by ticket ID or ticket number. The arguments are both optional, but at least one is required for this integration to run.
Base Command
otrs-get-ticket
Input
| Argument Name | Description | Required |
|---|---|---|
| ticket_id | Ticket ID of the ticket to get details of. Ticket ID of the ticket to get details of. If not supplied, the ticket_number argument is required. | Optional |
| ticket_number | Ticket Number of the ticket to get details of. Ticket Number of the ticket to get details of. If not supplied, the ticket_id argument is required. | Optional |
Context Output
| Path | Type | Description |
|---|---|---|
| OTRS.Ticket.ID | string | Ticket ID |
| OTRS.Ticket.Number | string | Ticket number |
| OTRS.Ticket.Created | date | Ticket creation date |
| OTRS.Ticket.CustomerUser | string | Customer user related to ticket |
| OTRS.Ticket.Owner | string | Ticket owner |
| OTRS.Ticket.Priority | string | Ticket priority |
| OTRS.Ticket.Queue | string | Queue the ticket is in |
| OTRS.Ticket.State | string | Ticket state |
| OTRS.Ticket.Title | string | Ticket title |
| OTRS.Ticket.Type | string | Ticket type |
| OTRS.Ticket.DynamicField | string | Ticket dynamic fields |
| OTRS.Ticket.Article.Subject | string | Ticket article subject |
| OTRS.Ticket.Article.Body | string | Ticket article body |
| OTRS.Ticket.Article.CreatedTime | date | Ticket article creation time |
| OTRS.Ticket.Article.ContentType | string | Ticket article content type |
| OTRS.Ticket.Article.From | string | Ticket article sender |
| OTRS.Ticket.Article.ID | string | Ticket article ID |
| OTRS.Ticket.Article.Attachment.Name | string | Ticket article attachment file name |
| OTRS.Ticket.Article.Attachment.Size | number | Ticket article attachment file size |
| OTRS.Ticket.Article.Attachment.ContentType | string | Ticket article attachment file content type |
| OTRS.Ticket.Lock | string | Is the ticket locked or unlocked |
| File.Size | number | Size of the file attachment |
| File.SHA1 | string | SHA-1 of the file attachment |
| File.SHA256 | string | SHA-256 of the file attachment |
| File.Name | string | Attachment file name |
| File.SSDeep | string | Attachment file SSDeep |
| File.EntryID | string | Attachment file entry ID |
| File.Info | string | Attachment file information |
| File.Type | string | Attachment file type |
| File.MD5 | string | Attachment file MD5 |
| File.Extension | string | Attachment file extension |
Command Example
!otrs-get-ticket ticket_id="7023"
Context Example
{ "OTRS": { "Ticket": { "Age": "0 h 09 m", "Article": [ { "Body": "Testing", "ContentType": "text/plain; charset=utf8", "CreateTime": "2020-04-26 11:05:07", "From": "\"Jens Bothe\" <jens.bothe@otrs.com\>", "ID": "11187", "Subject": "TestArticle" }, { "Body": "ClosingBody", "ContentType": "text/plain; charset=utf8", "CreateTime": "2020-04-26 11:05:12", "From": "SIEM Webservice", "ID": "11188", "Subject": "ClosingSubject" } ], "Created": "2020-04-26 11:05:07", "CustomerID": "jb", "DynamicField": { "Firstname": "Jens", "Gender": "male" }, "ID": "7023", "Lock": "unlock", "Number": "2020042610000031", "Owner": "siem", "Priority": "1 very low", "Queue": "Inbox::SIEM", "State": "open", "Title": "UpdatedTitle", "Type": "Incident" } }}Human Readable Output
OTRS Ticket 7023
| ID | Number | Age | Title | State | Lock | Queue | Owner | CustomerID | Priority | Type | Created | DynamicField |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 7023 | 2020042610000031 | 0 h 09 m | UpdatedTitle | open | unlock | Inbox::SIEM | siem | jb | 1 very low | Incident | 2020-04-26 11:05:07 | Firstname: Jens<br>Gender: male |
Articles
| ID | From | Subject | Body | CreateTime | ContentType |
|---|---|---|---|---|---|
| 11187 | "Jens Bothe" jens.bothe@otrs.com\ | TestArticle | Testing | 2020-04-26 11:05:07 | text/plain; charset=utf8 |
| 11188 | SIEM Webservice | ClosingSubject | ClosingBody | 2020-04-26 11:05:12 | text/plain; charset=utf8 |
otrs-search-ticket
Search for an OTRS ticket using search filters
Base Command
otrs-search-ticket
Input
| Argument Name | Description | Required |
|---|---|---|
| state | Ticket States to filter by in CSV format (e.g., New,Open) | Optional |
| created_before | Filter for a ticket created before this date. Given in format "<number> <time unit>", e.g. 1 day, 30 minutes, 2 weeks, 6 months, 1 year | Optional |
| created_after | Filter for a ticket created after this date. Given in format "<number> <time unit>", e.g. 1 day, 30 minutes, 2 weeks, 6 months, 1 year | Optional |
| title | Ticket Title to filter by | Optional |
| queue | Ticket Queues to filter by in CSV format (e.g., Raw,Misc) | Optional |
| priority | Ticket Priority to filter by in CSV format (e.g., 4High,5VeryHigh) | Optional |
| type | Ticket type to filter by | Optional |
Context Output
| Path | Type | Description |
|---|---|---|
| OTRS.Ticket.ID | string | Ticket ID |
| OTRS.Ticket.Number | string | Ticket number |
| OTRS.Ticket.Created | date | Ticket creation date |
| OTRS.Ticket.CustomerUser | string | Customer user related to ticket |
| OTRS.Ticket.Owner | string | Ticket owner |
| OTRS.Ticket.Priority | string | Ticket priority |
| OTRS.Ticket.Queue | string | Queue the ticket is in |
| OTRS.Ticket.State | string | Ticket state |
| OTRS.Ticket.Title | string | Ticket title |
| OTRS.Ticket.Type | string | Ticket type |
Command Example
!otrs-search-ticket state="PendingReminder" title="7023"
Context Example
{}Human Readable Output
No results found
otrs-create-ticket
Create a new ticket in OTRS
Base Command
otrs-create-ticket
Input
| Argument Name | Description | Required |
|---|---|---|
| title | Title to assign to the new ticket | Required |
| queue | Queue to place the new ticket in | Required |
| state | State to assign to the new ticket | Required |
| priority | Priority to assign to the new ticket | Required |
| customer_user | Customer user related to the new ticket | Required |
| article_subject | Article Subject to apply to the new ticket | Required |
| article_body | Text to add to the Article Body of the new ticket | Required |
| type | Ticket Type to assign to the new ticket | Optional |
| dynamic_fields | Dynamic fields to apply to the new ticket, in the format: field1=value1,field2=value2. For example: ProcessManagementProcessID=1,ProcessManagementActivityStatus=2 | Optional |
| attachment | File entry ID of the file to add as an attachment to the new ticket in CSV format, e.g., 123@20,124@21 | Optional |
Context Output
| Path | Type | Description |
|---|---|---|
| OTRS.Ticket.Article.Subject | string | Ticket article subject |
| OTRS.Ticket.Article.Body | string | Ticket article body |
| OTRS.Ticket.ID | string | Ticket ID |
| OTRS.Ticket.Number | string | Ticket number |
| OTRS.Ticket.Created | date | Ticket creation date |
| OTRS.Ticket.Priority | string | Ticket priority |
| OTRS.Ticket.Queue | string | Queue that the ticket is in |
| OTRS.Ticket.State | string | Ticket state |
| OTRS.Ticket.Title | string | Ticket title |
| OTRS.Ticket.Type | string | Ticket type |
| OTRS.Ticket.CustomerUser | string | Customer user related to ticket |
| OTRS.Ticket.DynamicField | string | Ticket dynamic fields |
Command Example
!otrs-create-ticket title="TestTicket" queue="Inbox::SIEM" state="New" priority="2Low" customer_user="jb" article_subject="TestArticle" article_body="Testing" type="Unclassified"
Context Example
{ "OTRS": { "Ticket": { "Article": { "Body": "Testing", "Subject": "TestArticle" }, "CustomerUser": "jb", "DynamicField": [], "ID": "7024", "Number": "2020042610000049", "Priority": "2 low", "Queue": "Inbox::SIEM", "State": "new", "Title": "TestTicket", "Type": "Unclassified" } }}Human Readable Output
Created ticket 7024 successfully
otrs-update-ticket
Update an OTRS ticket
Base Command
otrs-update-ticket
Input
| Argument Name | Description | Required |
|---|---|---|
| ticket_id | Ticket ID of the ticket to update | Required |
| title | Ticket Title of the ticket to update | Optional |
| state | Ticket State of the ticket to update | Optional |
| priority | Priority of the ticket to update | Optional |
| article_subject | Article Subject of the ticket to update | Optional |
| article_body | Article Body of the ticket to update | Optional |
| queue | Queue that the ticket to update is in | Optional |
| type | Ticket Type of the ticket to update | Optional |
| dynamic_fields | Dynamic fields to apply to the updated ticket, in the format: field1=value1,field2=value2. For example: ProcessManagementProcessID=1,ProcessManagementActivityStatus=2 | Optional |
| attachment | File entry ID of the file to add as an attachment to the updated ticket in CSV format, e.g., 123@20,124@21 | Optional |
Context Output
| Path | Type | Description |
|---|---|---|
| OTRS.Ticket.Article.Subject | string | Ticket article subject |
| OTRS.Ticket.Article.Body | string | Ticket article body |
| OTRS.Ticket.ID | string | Ticket ID |
| OTRS.Ticket.Created | date | Ticket creation date |
| OTRS.Ticket.Priority | string | Ticket priority |
| OTRS.Ticket.Queue | string | Queue that the ticket is in |
| OTRS.Ticket.State | string | Ticket state |
| OTRS.Ticket.Title | string | Ticket title |
| OTRS.Ticket.Type | string | Ticket type |
Command Example
!otrs-update-ticket ticket_id="7023" title="UpdatedTitle" state="Open" priority="1VeryLow" type="Incident"
Context Example
{ "OTRS": { "Ticket": { "ID": "7023", "Priority": "1 very low", "State": "open", "Title": "UpdatedTitle", "Type": "Incident" } }}Human Readable Output
Updated ticket 7023 successfully
otrs-close-ticket
Close an OTRS ticket
Base Command
otrs-close-ticket
Input
| Argument Name | Description | Required |
|---|---|---|
| ticket_id | Ticket ID of the ticket to close | Required |
| article_subject | Article Subject of the ticket to close | Required |
| article_body | Article Body of the ticket to close | Required |
Context Output
| Path | Type | Description |
|---|---|---|
| OTRS.Ticket.ID | string | Ticket ID |
| OTRS.Ticket.State | string | Ticket state |
| OTRS.Ticket.Article.Subject | string | Ticket article subject |
| OTRS.Ticket.Article.Body | string | Ticket article body |
Command Example
!otrs-close-ticket ticket_id="7023" article_subject="ClosingSubject" article_body="ClosingBody"
Context Example
{ "OTRS": { "Ticket": { "Article": { "Body": "ClosingBody", "Subject": "ClosingSubject" }, "ID": "7023", "State": "closed successful" } }}Human Readable Output
Closed ticket 7023 successfully