Tenable.SC has a basic ticketing system built into their product. But, by default, there’s no way to notify someone that a ticket has been assigned to them. To notify someone that a ticket has been assigned to them, an alert needs to be generated that is based on a query.
The first step is to configure a query. Within Tenable.SC, navigate to Analysis → Queries and Add a query. In the Query Builder section, select “Ticket” for Type and “Ticket List” for Tool.
Next, we add Filters using “Assignee” and “Assigned Timeframe”. For the “Assignee” filter, select the user you want to notify. For the “Assigned Timeframe” filter, select Last Hour.
Click Submit to save the Query.
Now we need to create an Alert. Navigate to Workflow → Alerts and Add an alert. For Schedule, have the alert run every 15 to 30 minutes. For Behavior have it “Perform actions only on first trigger”.
Under Conditions, select “Ticket” for Type, “Ticket Count” >= 1 for Trigger, and then select the Query you just created.
Under Actions, select the notification type you desire. I prefer Email. Whenever that user gets a ticket assigned to them, they will receive an email.
Click Submit to save your action changes, and then Submit to save your Alert.
Creating these manually is a bit of pain, particularly if you have more than a few users who will get tickets assigned to them in Tenable.SC. To address this, I created a PowerShell script that will create the query and the alert for a given user name. It can be found here on GitHub.
https://github.com/afxdub/Add-TscTicketAssigneeEmail
A usage example is below.
Add-TscTicketAssigneeEmail.ps1 -userName jason -accessKey 123456789abcde -secretKey edcba987654321 -baseURL https://tsc.example.com