OTRS
Service management suite that comprises ticketing, workflow automation, and notification. This integration was integrated and tested with versions 5, 6 and 7 of OTRS.
Prerequisite#
You have to enable the webservices in your OTRS instance. It is recommended to use the provided template. This YAML configuration template includes the Route: /TicketList endpoint that is required for PyOTRS but which is not included in the default OTRS webservice setup.
Configure OTRS on Demisto#
- Navigate to Settings > Integrations > Servers & Services.
- Search for OTRS.
- Click Add instance to create and configure a new integration instance.
| Parameter | Description | Required |
|---|---|---|
| server | OTRS Server URL (e.g. http://example.com\) | True |
| credentials | OTRS Credentials | True |
| unsecure | Trust any certificate (not secure) | False |
| proxy | Use system proxy settings | False |
| isFetch | Fetch incidents | False |
| incidentType | Incident type | False |
| fetch_queue | Queues to fetch tickets from ("Any" fetches from all queues. CSV supported, e.g., Misc,Raw) | False |
| fetch_priority | Fetch tickets in priority | False |
| fetch_time | First fetch timestamp (<number> <time unit>, e.g., 12 hours, 7 days, 3 months, 1 year) | False |
- Click Test to validate the URLs, token, and connection.
Commands#
You can execute these commands from the Demisto CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
otrs-get-ticket#
Retrieves details for an OTRS ticket by ticket ID or ticket number. The arguments are both optional, but at least one is required for this integration to run.
Base Command#
otrs-get-ticket
Input#
| Argument Name | Description | Required |
|---|---|---|
| ticket_id | Ticket ID of the ticket to get details of. Ticket ID of the ticket to get details of. If not supplied, the ticket_number argument is required. | Optional |
| ticket_number | Ticket Number of the ticket to get details of. Ticket Number of the ticket to get details of. If not supplied, the ticket_id argument is required. | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| OTRS.Ticket.ID | string | Ticket ID |
| OTRS.Ticket.Number | string | Ticket number |
| OTRS.Ticket.Created | date | Ticket creation date |
| OTRS.Ticket.CustomerUser | string | Customer user related to ticket |
| OTRS.Ticket.Owner | string | Ticket owner |
| OTRS.Ticket.Priority | string | Ticket priority |
| OTRS.Ticket.Queue | string | Queue the ticket is in |
| OTRS.Ticket.State | string | Ticket state |
| OTRS.Ticket.Title | string | Ticket title |
| OTRS.Ticket.Type | string | Ticket type |
| OTRS.Ticket.DynamicField | string | Ticket dynamic fields |
| OTRS.Ticket.Article.Subject | string | Ticket article subject |
| OTRS.Ticket.Article.Body | string | Ticket article body |
| OTRS.Ticket.Article.CreatedTime | date | Ticket article creation time |
| OTRS.Ticket.Article.ContentType | string | Ticket article content type |
| OTRS.Ticket.Article.From | string | Ticket article sender |
| OTRS.Ticket.Article.ID | string | Ticket article ID |
| OTRS.Ticket.Article.Attachment.Name | string | Ticket article attachment file name |
| OTRS.Ticket.Article.Attachment.Size | number | Ticket article attachment file size |
| OTRS.Ticket.Article.Attachment.ContentType | string | Ticket article attachment file content type |
| OTRS.Ticket.Lock | string | Is the ticket locked or unlocked |
| File.Size | number | Size of the file attachment |
| File.SHA1 | string | SHA-1 of the file attachment |
| File.SHA256 | string | SHA-256 of the file attachment |
| File.Name | string | Attachment file name |
| File.SSDeep | string | Attachment file SSDeep |
| File.EntryID | string | Attachment file entry ID |
| File.Info | string | Attachment file information |
| File.Type | string | Attachment file type |
| File.MD5 | string | Attachment file MD5 |
| File.Extension | string | Attachment file extension |
Command Example#
!otrs-get-ticket ticket_id="7023"
Context Example#
Human Readable Output#
OTRS Ticket 7023#
| ID | Number | Age | Title | State | Lock | Queue | Owner | CustomerID | Priority | Type | Created | DynamicField |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 7023 | 2020042610000031 | 0 h 09 m | UpdatedTitle | open | unlock | Inbox::SIEM | siem | jb | 1 very low | Incident | 2020-04-26 11:05:07 | Firstname: Jens<br>Gender: male |
Articles#
| ID | From | Subject | Body | CreateTime | ContentType |
|---|---|---|---|---|---|
| 11187 | "Jens Bothe" jens.bothe@otrs.com\ | TestArticle | Testing | 2020-04-26 11:05:07 | text/plain; charset=utf8 |
| 11188 | SIEM Webservice | ClosingSubject | ClosingBody | 2020-04-26 11:05:12 | text/plain; charset=utf8 |
otrs-search-ticket#
Search for an OTRS ticket using search filters
Base Command#
otrs-search-ticket
Input#
| Argument Name | Description | Required |
|---|---|---|
| state | Ticket States to filter by in CSV format (e.g., New,Open) | Optional |
| created_before | Filter for a ticket created before this date. Given in format "<number> <time unit>", e.g. 1 day, 30 minutes, 2 weeks, 6 months, 1 year | Optional |
| created_after | Filter for a ticket created after this date. Given in format "<number> <time unit>", e.g. 1 day, 30 minutes, 2 weeks, 6 months, 1 year | Optional |
| title | Ticket Title to filter by | Optional |
| queue | Ticket Queues to filter by in CSV format (e.g., Raw,Misc) | Optional |
| priority | Ticket Priority to filter by in CSV format (e.g., 4High,5VeryHigh) | Optional |
| type | Ticket type to filter by | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| OTRS.Ticket.ID | string | Ticket ID |
| OTRS.Ticket.Number | string | Ticket number |
| OTRS.Ticket.Created | date | Ticket creation date |
| OTRS.Ticket.CustomerUser | string | Customer user related to ticket |
| OTRS.Ticket.Owner | string | Ticket owner |
| OTRS.Ticket.Priority | string | Ticket priority |
| OTRS.Ticket.Queue | string | Queue the ticket is in |
| OTRS.Ticket.State | string | Ticket state |
| OTRS.Ticket.Title | string | Ticket title |
| OTRS.Ticket.Type | string | Ticket type |
Command Example#
!otrs-search-ticket state="PendingReminder" title="7023"
Context Example#
Human Readable Output#
No results found
otrs-create-ticket#
Create a new ticket in OTRS
Base Command#
otrs-create-ticket
Input#
| Argument Name | Description | Required |
|---|---|---|
| title | Title to assign to the new ticket | Required |
| queue | Queue to place the new ticket in | Required |
| state | State to assign to the new ticket | Required |
| priority | Priority to assign to the new ticket | Required |
| customer_user | Customer user related to the new ticket | Required |
| article_subject | Article Subject to apply to the new ticket | Required |
| article_body | Text to add to the Article Body of the new ticket | Required |
| type | Ticket Type to assign to the new ticket | Optional |
| dynamic_fields | Dynamic fields to apply to the new ticket, in the format: field1=value1,field2=value2. For example: ProcessManagementProcessID=1,ProcessManagementActivityStatus=2 | Optional |
| attachment | File entry ID of the file to add as an attachment to the new ticket in CSV format, e.g., 123@20,124@21 | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| OTRS.Ticket.Article.Subject | string | Ticket article subject |
| OTRS.Ticket.Article.Body | string | Ticket article body |
| OTRS.Ticket.ID | string | Ticket ID |
| OTRS.Ticket.Number | string | Ticket number |
| OTRS.Ticket.Created | date | Ticket creation date |
| OTRS.Ticket.Priority | string | Ticket priority |
| OTRS.Ticket.Queue | string | Queue that the ticket is in |
| OTRS.Ticket.State | string | Ticket state |
| OTRS.Ticket.Title | string | Ticket title |
| OTRS.Ticket.Type | string | Ticket type |
| OTRS.Ticket.CustomerUser | string | Customer user related to ticket |
| OTRS.Ticket.DynamicField | string | Ticket dynamic fields |
Command Example#
!otrs-create-ticket title="TestTicket" queue="Inbox::SIEM" state="New" priority="2Low" customer_user="jb" article_subject="TestArticle" article_body="Testing" type="Unclassified"
Context Example#
Human Readable Output#
Created ticket 7024 successfully
otrs-update-ticket#
Update an OTRS ticket
Base Command#
otrs-update-ticket
Input#
| Argument Name | Description | Required |
|---|---|---|
| ticket_id | Ticket ID of the ticket to update | Required |
| title | Ticket Title of the ticket to update | Optional |
| state | Ticket State of the ticket to update | Optional |
| priority | Priority of the ticket to update | Optional |
| article_subject | Article Subject of the ticket to update | Optional |
| article_body | Article Body of the ticket to update | Optional |
| queue | Queue that the ticket to update is in | Optional |
| type | Ticket Type of the ticket to update | Optional |
| dynamic_fields | Dynamic fields to apply to the updated ticket, in the format: field1=value1,field2=value2. For example: ProcessManagementProcessID=1,ProcessManagementActivityStatus=2 | Optional |
| attachment | File entry ID of the file to add as an attachment to the updated ticket in CSV format, e.g., 123@20,124@21 | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| OTRS.Ticket.Article.Subject | string | Ticket article subject |
| OTRS.Ticket.Article.Body | string | Ticket article body |
| OTRS.Ticket.ID | string | Ticket ID |
| OTRS.Ticket.Created | date | Ticket creation date |
| OTRS.Ticket.Priority | string | Ticket priority |
| OTRS.Ticket.Queue | string | Queue that the ticket is in |
| OTRS.Ticket.State | string | Ticket state |
| OTRS.Ticket.Title | string | Ticket title |
| OTRS.Ticket.Type | string | Ticket type |
Command Example#
!otrs-update-ticket ticket_id="7023" title="UpdatedTitle" state="Open" priority="1VeryLow" type="Incident"
Context Example#
Human Readable Output#
Updated ticket 7023 successfully
otrs-close-ticket#
Close an OTRS ticket
Base Command#
otrs-close-ticket
Input#
| Argument Name | Description | Required |
|---|---|---|
| ticket_id | Ticket ID of the ticket to close | Required |
| article_subject | Article Subject of the ticket to close | Required |
| article_body | Article Body of the ticket to close | Required |
Context Output#
| Path | Type | Description |
|---|---|---|
| OTRS.Ticket.ID | string | Ticket ID |
| OTRS.Ticket.State | string | Ticket state |
| OTRS.Ticket.Article.Subject | string | Ticket article subject |
| OTRS.Ticket.Article.Body | string | Ticket article body |
Command Example#
!otrs-close-ticket ticket_id="7023" article_subject="ClosingSubject" article_body="ClosingBody"
Context Example#
Human Readable Output#
Closed ticket 7023 successfully