In this article, you'll find out how to use the action plans for your scopes.

SUMMARY

• Create a remediation manager
• List of action tickets
• Details of an action ticket
• Advancing the status of a ticket

The Action plan page lets you view the action tickets for your scope.

The My action plans page lets you view the list of action tickets allocated to you.

What is an action ticket?

When a bulletin concerns a technical scope, we automatically create an action ticket within the scope's action plan. This action ticket serves as a reminder that an action needs to be taken (a patch to be applied, a vulnerability to be investigated, etc.) within the scope concerned.

The action ticket can be assigned to a user who will be responsible for carrying out an action. Its status (new, open, closed, etc.) represents the progress of the action.

- The action ticket is automatically assigned to the owner of the perimeter.
- The ticket is created when the cyber watch is sent by email. 
- It is possible to customise the generation of action tickets (language, type of bulletin, criticality) from the preferences tab for the scope concerned.

Create a remediation manager

In its default configuration, action tickets relating to a scope are assigned to the owner of the scope. However, if your various scopes all have the same owner, the distribution of action tickets can quickly become laborious and time-consuming.

This is why you have the option of appointing a remediation manager to whom all the action tickets will be automatically assigned within his or her scope.

How to designate a remediation Manager?

Step 1: Log on to the Portal

Step 2: Go to your scope page

Step 3: Once on your scope, go to the "details" tab

Step 4: In the "remediation manager" field, select the user who will be responsible for distributing action tickets.

NB: The remediation manager is not required to have write access to the scope

Exception to the remediation manager

Selecting a remediation manager :
- is not retroactive (no impact on previous action tickets)
- does not impact an action ticket created manually from a bulletin in the XMCO database

List of action tickets

The Action plan/My action plans home page displays a list of action tickets in a table.

On the Action plan/My action plans page, you can :

1.  Query specific action tickets via several filters:

• Integrate action plans from: select the scope(s) from which the action tickets you are looking for originate.

 NB: you can only access the perimeters in which you are registered.

• Tracker: this is the format of the action ticket. While the "cyber watch" format is the default for Yuno, you can also find customised ticket formats on request. Would you like to find out more about customised formats? Contact us at yuno@xmco.fr.

Additional filters can be found in the "add a filter" drop-down menu:

• Title: searches for the presence of one or more words in the title of an action ticket
• Description: searches for one or more words in the description of an action ticket
• Reference: searches for a specific bulletin reference
• Status: display only action tickets with a specific status (new, in progress, pending, resolved, not applicable, risk accepted)
• Open: display only action tickets with a status of new, in progress or pending.
• Severity: display only action tickets whose criticality (criticality determined by XMCO when the bulletin was created) is/is not None, Low, Medium, High, Critical.
• Quickwin: only display tickets with the "Quickwin" label. This label indicates that the ticket can be resolved quickly. This label can be ticked at any time on the action ticket edit page.
• Impact: Display only tickets with an estimated impact on the IS: from 0-low to 6-very critical. This rating is defined by our watchdogs according to the characteristics of the bulletin from which the action ticket originates.
• Creation date: display only action tickets created before/after/after a specific date (DD/MM/YYYY format).
  Last update date: only display action tickets that were last updated (status, assigned, comment, etc.) before/after/after a specific date (DD/MM/YYYY format).
• Closed date: display only action tickets that were closed/not applicable/resolved before/after/a specific date (DD/MM/YYYY format).
• Due date :
• Assignee: display only action tickets assigned to a specific user
• Technical components: only display tickets relating to a dedicated technical component (if a technical component has been associated with the scope)
• Filters related to your custom trackers: find the list of fields added as part of your custom tracker(s).

Click on the magnifying glass to start searching for your action tickets and on the curled arrow to reset your search.

NB: If you are unable to launch the search, check that an operator has been selected for each filter.

2. Save a search configuration

By clicking on the bookmark button, you can save your search configuration and reuse it later.

NB: The saved configuration does not take into account the requested scopes. You can therefore use the same configuration on several perimeters without having to duplicate it.

3. Download requested data

Click on the button to retrieve an excel file containing the results of your search download the data.

4. Modify the table columns

By clicking on the nut, you can change the columns displayed in the table.

NB: This setting has no impact on the downloaded file.

The columns include the filters mentioned above, as well as:

• The action ticket reference
• The technologies concerned by the action ticket
• Comments left in the action ticket
• Yuno bulletin reference: CXA    
• CVE references: the CVEs referenced in the action ticket

5. Download an action ticket in PDF format

Click on the PDF button to download the contents of the action ticket to your computer in pdf format.

6. Applying batch operations

By ticking one or more action tickets in the list and then clicking on the pencil (6.), you can apply an operation to several tickets:

• Apply a criticality
• Change the status
• Set a deadline
• Assign tickets to another user    
• Add a comment to all tickets

7. Open the action ticket

By clicking on the ticket title or ID, you can access the details of the action ticket and modify it.

Details of an action ticket

On this page you will find all the information about the ticket :

1. Publication date
2. Criticality
3. Status
4. Assigned
5. Reference of the cyber watch bulletin
6. Impact of the ticket
7. Deadline
8. Observer(s)
9. The technical components concerned by the action ticket    
10. A reminder of the action to be taken

You can also communicate with your team about this ticket by leaving a comment (11.) or attaching a file (12.).

Each action taken on the ticket results in an e-mail notification being sent to the person assigned to the ticket and to the observer(s).

Finally, the "open" toggle lets you quickly close the action ticket.

Advancing the status of a ticket

Clicking on the "edit" button opens the field editing interface:

1. Criticality
2. Status
3. Assigned
4. Deadline
5. Observer
6. Technical components

NB: if you have set a deadline for the ticket, you can tick the reminder option (7.) which will send a notification on the due date to the assignee and observer(s).

Once you have made your changes, simply click on "update".