OTRS

Service management suite that comprises ticketing, workflow automation, and notification. This integration was integrated and tested with version xx of OTRS copy

Configure OTRS copy on Demisto

  1. Navigate to Settings > Integrations > Servers & Services.
  2. Search for OTRS copy.
  3. Click Add instance to create and configure a new integration instance.
ParameterDescriptionRequired
serverOTRS Server URL (e.g. http://example.com\)True
credentialsOTRS CredentialsTrue
unsecureTrust any certificate (not secure)False
proxyUse system proxy settingsFalse
isFetchFetch incidentsFalse
incidentTypeIncident typeFalse
fetch_queueQueues to fetch tickets from ("Any" fetches from all queues. CSV supported, e.g., Misc,Raw)False
fetch_priorityFetch tickets in priorityFalse
fetch_timeFirst fetch timestamp (<number> <time unit>, e.g., 12 hours, 7 days, 3 months, 1 year)False
  1. Click Test to validate the URLs, token, and connection.

Commands

You can execute these commands from the Demisto CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

otrs-get-ticket


Retrieves details for an OTRS ticket by ticket ID or ticket number. The arguments are both optional, but at least one is required for this integration to run.

Base Command

otrs-get-ticket

Input
Argument NameDescriptionRequired
ticket_idTicket ID of the ticket to get details of. Ticket ID of the ticket to get details of. If not supplied, the ticket_number argument is required.Optional
ticket_numberTicket Number of the ticket to get details of. Ticket Number of the ticket to get details of. If not supplied, the ticket_id argument is required.Optional
Context Output
PathTypeDescription
OTRS.Ticket.IDstringTicket ID
OTRS.Ticket.NumberstringTicket number
OTRS.Ticket.CreateddateTicket creation date
OTRS.Ticket.CustomerUserstringCustomer user related to ticket
OTRS.Ticket.OwnerstringTicket owner
OTRS.Ticket.PrioritystringTicket priority
OTRS.Ticket.QueuestringQueue the ticket is in
OTRS.Ticket.StatestringTicket state
OTRS.Ticket.TitlestringTicket title
OTRS.Ticket.TypestringTicket type
OTRS.Ticket.DynamicFieldstringTicket dynamic fields
OTRS.Ticket.Article.SubjectstringTicket article subject
OTRS.Ticket.Article.BodystringTicket article body
OTRS.Ticket.Article.CreatedTimedateTicket article creation time
OTRS.Ticket.Article.ContentTypestringTicket article content type
OTRS.Ticket.Article.FromstringTicket article sender
OTRS.Ticket.Article.IDstringTicket article ID
OTRS.Ticket.Article.Attachment.NamestringTicket article attachment file name
OTRS.Ticket.Article.Attachment.SizenumberTicket article attachment file size
OTRS.Ticket.Article.Attachment.ContentTypestringTicket article attachment file content type
OTRS.Ticket.LockstringIs the ticket locked or unlocked
File.SizenumberSize of the file attachment
File.SHA1stringSHA-1 of the file attachment
File.SHA256stringSHA-256 of the file attachment
File.NamestringAttachment file name
File.SSDeepstringAttachment file SSDeep
File.EntryIDstringAttachment file entry ID
File.InfostringAttachment file information
File.TypestringAttachment file type
File.MD5stringAttachment file MD5
File.ExtensionstringAttachment file extension
Command Example

!otrs-get-ticket ticket_id="7023"

Context Example
{
"OTRS": {
"Ticket": {
"Age": "0 h 09 m",
"Article": [
{
"Body": "Testing",
"ContentType": "text/plain; charset=utf8",
"CreateTime": "2020-04-26 11:05:07",
"From": "\"Jens Bothe\" <jens.bothe@otrs.com\>",
"ID": "11187",
"Subject": "TestArticle"
},
{
"Body": "ClosingBody",
"ContentType": "text/plain; charset=utf8",
"CreateTime": "2020-04-26 11:05:12",
"From": "SIEM Webservice",
"ID": "11188",
"Subject": "ClosingSubject"
}
],
"Created": "2020-04-26 11:05:07",
"CustomerID": "jb",
"DynamicField": {
"Firstname": "Jens",
"Gender": "male"
},
"ID": "7023",
"Lock": "unlock",
"Number": "2020042610000031",
"Owner": "siem",
"Priority": "1 very low",
"Queue": "Inbox::SIEM",
"State": "open",
"Title": "UpdatedTitle",
"Type": "Incident"
}
}
}
Human Readable Output

OTRS Ticket 7023

IDNumberAgeTitleStateLockQueueOwnerCustomerIDPriorityTypeCreatedDynamicField
702320200426100000310 h 09 mUpdatedTitleopenunlockInbox::SIEMsiemjb1 very lowIncident2020-04-26 11:05:07Firstname: Jens<br>Gender: male

Articles

IDFromSubjectBodyCreateTimeContentType
11187"Jens Bothe" jens.bothe@otrs.com\TestArticleTesting2020-04-26 11:05:07text/plain; charset=utf8
11188SIEM WebserviceClosingSubjectClosingBody2020-04-26 11:05:12text/plain; charset=utf8

otrs-search-ticket


Search for an OTRS ticket using search filters

Base Command

otrs-search-ticket

Input
Argument NameDescriptionRequired
stateTicket States to filter by in CSV format (e.g., New,Open)Optional
created_beforeFilter for a ticket created before this date. Given in format "<number> <time unit>", e.g. 1 day, 30 minutes, 2 weeks, 6 months, 1 yearOptional
created_afterFilter for a ticket created after this date. Given in format "<number> <time unit>", e.g. 1 day, 30 minutes, 2 weeks, 6 months, 1 yearOptional
titleTicket Title to filter byOptional
queueTicket Queues to filter by in CSV format (e.g., Raw,Misc)Optional
priorityTicket Priority to filter by in CSV format (e.g., 4High,5VeryHigh)Optional
typeTicket type to filter byOptional
Context Output
PathTypeDescription
OTRS.Ticket.IDstringTicket ID
OTRS.Ticket.NumberstringTicket number
OTRS.Ticket.CreateddateTicket creation date
OTRS.Ticket.CustomerUserstringCustomer user related to ticket
OTRS.Ticket.OwnerstringTicket owner
OTRS.Ticket.PrioritystringTicket priority
OTRS.Ticket.QueuestringQueue the ticket is in
OTRS.Ticket.StatestringTicket state
OTRS.Ticket.TitlestringTicket title
OTRS.Ticket.TypestringTicket type
Command Example

!otrs-search-ticket state="PendingReminder" title="7023"

Context Example
{}
Human Readable Output

No results found

otrs-create-ticket


Create a new ticket in OTRS

Base Command

otrs-create-ticket

Input
Argument NameDescriptionRequired
titleTitle to assign to the new ticketRequired
queueQueue to place the new ticket inRequired
stateState to assign to the new ticketRequired
priorityPriority to assign to the new ticketRequired
customer_userCustomer user related to the new ticketRequired
article_subjectArticle Subject to apply to the new ticketRequired
article_bodyText to add to the Article Body of the new ticketRequired
typeTicket Type to assign to the new ticketOptional
dynamic_fieldsDynamic fields to apply to the new ticket, in the format: field1=value1,field2=value2. For example: ProcessManagementProcessID=1,ProcessManagementActivityStatus=2Optional
attachmentFile entry ID of the file to add as an attachment to the new ticket in CSV format, e.g., 123@20,124@21Optional
Context Output
PathTypeDescription
OTRS.Ticket.Article.SubjectstringTicket article subject
OTRS.Ticket.Article.BodystringTicket article body
OTRS.Ticket.IDstringTicket ID
OTRS.Ticket.NumberstringTicket number
OTRS.Ticket.CreateddateTicket creation date
OTRS.Ticket.PrioritystringTicket priority
OTRS.Ticket.QueuestringQueue that the ticket is in
OTRS.Ticket.StatestringTicket state
OTRS.Ticket.TitlestringTicket title
OTRS.Ticket.TypestringTicket type
OTRS.Ticket.CustomerUserstringCustomer user related to ticket
OTRS.Ticket.DynamicFieldstringTicket dynamic fields
Command Example

!otrs-create-ticket title="TestTicket" queue="Inbox::SIEM" state="New" priority="2Low" customer_user="jb" article_subject="TestArticle" article_body="Testing" type="Unclassified"

Context Example
{
"OTRS": {
"Ticket": {
"Article": {
"Body": "Testing",
"Subject": "TestArticle"
},
"CustomerUser": "jb",
"DynamicField": [],
"ID": "7024",
"Number": "2020042610000049",
"Priority": "2 low",
"Queue": "Inbox::SIEM",
"State": "new",
"Title": "TestTicket",
"Type": "Unclassified"
}
}
}
Human Readable Output

Created ticket 7024 successfully

otrs-update-ticket


Update an OTRS ticket

Base Command

otrs-update-ticket

Input
Argument NameDescriptionRequired
ticket_idTicket ID of the ticket to updateRequired
titleTicket Title of the ticket to updateOptional
stateTicket State of the ticket to updateOptional
priorityPriority of the ticket to updateOptional
article_subjectArticle Subject of the ticket to updateOptional
article_bodyArticle Body of the ticket to updateOptional
queueQueue that the ticket to update is inOptional
typeTicket Type of the ticket to updateOptional
dynamic_fieldsDynamic fields to apply to the updated ticket, in the format: field1=value1,field2=value2. For example: ProcessManagementProcessID=1,ProcessManagementActivityStatus=2Optional
attachmentFile entry ID of the file to add as an attachment to the updated ticket in CSV format, e.g., 123@20,124@21Optional
Context Output
PathTypeDescription
OTRS.Ticket.Article.SubjectstringTicket article subject
OTRS.Ticket.Article.BodystringTicket article body
OTRS.Ticket.IDstringTicket ID
OTRS.Ticket.CreateddateTicket creation date
OTRS.Ticket.PrioritystringTicket priority
OTRS.Ticket.QueuestringQueue that the ticket is in
OTRS.Ticket.StatestringTicket state
OTRS.Ticket.TitlestringTicket title
OTRS.Ticket.TypestringTicket type
Command Example

!otrs-update-ticket ticket_id="7023" title="UpdatedTitle" state="Open" priority="1VeryLow" type="Incident"

Context Example
{
"OTRS": {
"Ticket": {
"ID": "7023",
"Priority": "1 very low",
"State": "open",
"Title": "UpdatedTitle",
"Type": "Incident"
}
}
}
Human Readable Output

Updated ticket 7023 successfully

otrs-close-ticket


Close an OTRS ticket

Base Command

otrs-close-ticket

Input
Argument NameDescriptionRequired
ticket_idTicket ID of the ticket to closeRequired
article_subjectArticle Subject of the ticket to closeRequired
article_bodyArticle Body of the ticket to closeRequired
Context Output
PathTypeDescription
OTRS.Ticket.IDstringTicket ID
OTRS.Ticket.StatestringTicket state
OTRS.Ticket.Article.SubjectstringTicket article subject
OTRS.Ticket.Article.BodystringTicket article body
Command Example

!otrs-close-ticket ticket_id="7023" article_subject="ClosingSubject" article_body="ClosingBody"

Context Example
{
"OTRS": {
"Ticket": {
"Article": {
"Body": "ClosingBody",
"Subject": "ClosingSubject"
},
"ID": "7023",
"State": "closed successful"
}
}
}
Human Readable Output

Closed ticket 7023 successfully