Skip to main content

Track and Fix Findings with Cases and Your Ticket System

The work of improving your security posture can be daunting. Mondoo finds security issues in your infrastructure and prioritizes them so you know what problems to fix first. But how do you track the fixes and ensure that the work is completed? How do you communicate the most important tasks to your team?

Cases allow you to turn security findings into tasks to complete. They integrate with your ticket system (issue tracking software), such as Zendesk, GitHub, or Atlassian Jira, to fit into your existing workflow.

When you see a security finding that requires fixing, you create a case for that finding. In the new case, Mondoo automatically includes the details of the finding, information on the asset(s) containing the finding, and instructions for fixing it. When you save the case, Mondoo can do any of these actions:

  • Directly create an Azure DevOps issue

  • Directly create a GitHub issue

  • Directly create a GitLab issue

  • Directly create a Jira issue

  • Directly create a Zendesk ticket

  • Send an email message to your ticket system (or any destination)

Directly integrate cases with your ticket system

If you directly configure cases with your ticket system, Mondoo creates a corresponding issue or ticket for every new case. Then you can plan, schedule, and track remediation work within your team's existing project workflow.

Get started with a direct integration:

Integrate cases with your ticket system using email

If you configure cases to send email to your ticket system, each time you create a new case, Mondoo sends an email message to the recipient you choose. Typically, this is the email address set up as a listener (or similar service) for your ticket, project management, or issue tracking software. Some examples are the Zendesk email channel, ServiceNow inbound email, and the Jira incoming mail handler.

Get started with an email integration.

Track and fix findings

In the Mondoo Console, if a security finding or an asset has a case associated with it, you can view the case from the finding or the asset. You can also see a list of all cases in a space.

You can view and close cases in the Mondoo Console. When you set up cases in a Mondoo space, you choose whether closing a case in the space closes the corresponding issue or ticket.

The email messages or Jira issues that Mondoo creates based on cases include all the details necessary for infrastructure owners to remediate findings. This gives all team members the information they need to address security issues, even if they don't have access to Mondoo.

Tracking and fixing findings with cases and your ticket system involve:

Automatically create cases when drift is detected

If an asset has become more exposed to attack since the last time Mondoo scanned it, that's drift. Mondoo can create a case when it detects drift. It can even group together multiple instances of the same drift on different assets. To learn more, read Automatically create cases on drift.