Ticketing System Integration for SSL Certificates

PAM360 integrates with enterprise ticketing systems to automatically create service requests for vulnerable or expiring SSL certificates. The integration ensures that periodic tickets are created in the ticketing system to alert the technicians and take timely action to reduce the security threats posed by expiring or vulnerable SSL certificates. The frequency of service request creation for expiring and vulnerable tickets will be governed by the notification policies set for the same by the user.

  1. How does the Ticketing System Integration for SSL Certificates work?

    1.1 SSL Expiry

    1.2 SSL Vulnerability

  2. Steps to integrate ticketing systems with PAM360

    2.1 ServiceDesk Plus

    2.2 ServiceNow

1. How does the Ticketing System Integration for SSL Certificates Work?

PAM360 allows you to set up periodic notifications, in the form of emails or syslog messages, to check for expiring or vulnerable SSL certificates in the repository.

To enable the ticketing system for SSL certificates, enter the server URL of the machine where the ticketing system is running in PAM360 and ensure that the ticketing system host is accessible by the PAM360 server.
Once ticketing system for SSL certificates is enabled, PAM360 will create tickets in the ticketing environment automatically, whenever the notifications for expiring/vulnerable SSL certificates are triggered during a scheduled or a manual vulnerability check.

Prerequisite

Tickets are created in the ticketing environment based on the notification policy set for SSL certificates that are expiring and/or deemed as vulnerable in PAM360. Click here to learn more about how to set up notifications for the same.

1.1 SSL Expiry

The SSL expiry ticket is created as part of the default expiry notifications sent by PAM360, as well as the scheduled SSL expiry reports. The notifications are triggered whenever a scheduled expiry report or default expiry notification task is run in PAM360.

  1. You can set up a schedule for notifications regarding expiring SSL tickets in Admin >> SSH/SSL >> Notification Settings. To enable SSL certificate expiry notifications, select the 'Notify about SSL certificates expiring within' checkbox. Choose a value for days. You will be notified about only those certificates whose expiry dates fall within the period (number of days) you enter. Customize the frequency of the notifications as per requirement. Once the schedule is set, PAM360 will collate a list of expiring certificates falling under the specified number of days.
  2. For each SSL certificate, PAM360 will check if an expiry ticket is already created in the ticketing environment. If not, a new ticket will be opened. The new ticket will contain details such as the Ticket Number, Status, IP Address, Certificate Serial Number for which the ticket is created locally.
  3. If a ticket already exists, the status of the ticket will be checked. If the status of the ticket is Open, In Progress, or On Hold, PAM360 will not create a new ticket. However, if the status is Resolved, Canceled, or Closed, PAM360 will re-open the ticket until the corresponding SSL certificate in renewed and updated in the PAM360 repository.
  4. Tickets created by PAM360 will be flagged as 'High Priority'.

1.2 SSL Vulnerability

The SSL vulnerability ticket is created as part of the default schedule for vulnerability scan done by PAM360, as well as manual scans. A ticket will be created for each vulnerability, detected during the vulnerability scan.

  1. You can set up a schedule for vulnerability scans in Admin >> SSH/SSL >> SSL VulnerabilityConfigure the recurrence type to set up the scan to run daily or weekly.
  2. First, PAM360 will check if a vulnerability ticket already exists in the ticketing environment using the certificate serial number, Domain Name, and IP Address. If a ticket is already created, the status of the ticket will be retrieved.
  3. If the ticket status is Open, In Progress, or On Hold, PAM360 will simply add the latest scan results to the ticket. If the ticket status is Resolved, Canceled, or Closed, but vulnerabilities are still found in the scan results, then PAM360 will reopen the ticket and add the latest scan results to it. 
  4. If no ticket is corresponding to particular server vulnerability is available in the ticketing environment, PAM360 will create a new ticket.
  5. In the ticketing system, a separate ticket is created for each domain - IP vulnerability combination. For example, consider a certificate with common name example.com and SAN namely test.example.com, used for two different IP addresses as follows:
    • example.com at IP location 192.168.0.23
    • test.example.com at IP location 192.168.205.35

    If vulnerabilities found at both locations, then two tickets will be created for example.com@192.168.0.23 and for test.example.com@192.168.205.35. Even though the certificate used is the same, since the servers locations are different, they will be considered as two different vulnerabilities.

  6. Tickets created by PAM360 will be flagged as High Priority.
  7. Note: The vulnerability tickets will only contain details of weak ciphers found during the scan i.e., the ticket will not list the health of other ciphers available in that particular server if they are not found to be vulnerable.

2. Steps to Integrate Ticketing Systems with PAM360

Listed below are the ticketing systems currently supported by PAM360:

  1. ServiceDesk Plus (on-premise)
  2. ServiceNow

2.1 ServiceDesk Plus

  1. Navigate to Admin>> SSH/SSL >> Tickets and choose Enable.
  2. Under Help Desks, click ServiceDesk Plus.
  3. Enter the ServiceDesk Plus Technician Key (API Token) and Server URL where the ServiceDesk Plus host is running.
  4. Select the Template Name.
    [or]
    Click Fetch Templates to bring in all the available templates from ServiceDesk Plus. Now, select a template that contains default fields while ensuring that it does not have any mandatory custom fields, failing which will fail ticket creation.
  5. Under Create Tickets, select Create ticket for SSL certificate expiry or Create ticket for SSL vulnerabilities or both, based on your requirement. Click Save.

2.1.1 Format for SSL Expiry tickets in ServiceDesk Plus

Subject: SSL Certificate <common name> expiry

Description:

The SSL Certificate <common name> expiring soon, please take care
Common Name: <common name>
Expiry Date: Feb 25, 2020
Scanned by: PAM360 running at https://<PAM server-url>:<port>

2.1.2 Format for SSL Vulnerability tickets in ServiceDesk Plus

Subject: Vulnerabilities for <domain name>

Description:

<Domain Name> (this could be the SAN)
<Common Name> (certificate common name)
<IP Address>
Weak ciphers in use, which should be removed 
<Names of the ciphers found to be weak>

If any vulnerabilities such as OCSP, CRL, HeartBleed, or Poodle are found, then the corresponding Signature Algorithm and expiry date information will also be added here.

Scan Time:

Scanned by: PAM360 running at https://<PAM server-url>:<port>

2.2 ServiceNow

  1. Navigate to Admin>> SSH/SSL >> Tickets and choose Enable.
  2. Under Help Desks, click ServiceNow.
  3. Enter the ServiceNow User NamePasswordServer URL where the ServiceNow host is running.
  4. Click to Fetch Columns from ServiceNow. The fetched columns will be displayed under additional fields. Now, select the fetched columns from additional fields and associate it with an existing column in PAM360. This allows users to add additional information to the tickets created in ServiceNow.
  5. Under Create Tickets, select Create ticket for SSL certificate expiry or Create ticket for SSL vulnerabilities or both, based on your requirement. Click Save.

2.2.1 Format for SSL Vulnerability tickets in ServiceNow

Short Description: SSL Certificate <common name> expiry

Additional Comments:

The SSL Certificate <common name> expiring soon, please take care
Common Name: <common name>
Expiry Date: Feb 25,2020
Scanned by: PAM360 running at https://<PAM server-url>:<port>

2.2.2 Format for SSL Vulnerability tickets in ServiceNow

Short Description: Vulnerabilities for <domain name>

Additional Comments:

<Domain Name>(this could be the SAN)
<Common Name> (certificate common name)
<IP Address>
Weak ciphers in use, which should be removed 
<Names of the ciphers found to be weak>

If any vulnerabilities such as OCSP, CRL, HeartBleed, or Poodle are found, then the corresponding Signature Algorithm and expiry date information will also be added here.

Scan Time:

Scanned by: PAM360 running at https://<PAM server-url>:<port>

Top