Cherwell Ticketing Connector

Cisco Vulnerability Management’s ticketing integrations allow you to take advantage of our powerful prioritization and reporting platform to streamline your remediation workflow and ensure that you’re able to close the vulnerabilities that Cisco Vulnerability Management prioritizes. With the Cherwell Ticketing Integration, you can send tickets directly from the UI to Cherwell.


Configuring the Cherwell Ticketing Connector

Unlike many other connectors in Cisco Vulnerability Management, the Cherwell Connector requires setup actions from Cisco Vulnerability Management’s Support team to successfully create the Connector. Before contacting the Support team, you must set up the Cherwell Ticketing Connector in Cisco Vulnerability Management.

1. In the Cisco Vulnerability Management UI, click Connectors.
2. Click Add Connector.
3. In the Ticketing section, click Cherwell.


4. On the Cherwell screen, enter the following information:


  • Name: Enter a name for the connector, or leave it as Cherwell.
  • Enter the Username and Password for the account you want to use. recommends using a service account.
  • API Key: Enter the API Key for the account
  • Host: If your host is static, enter an IP address and the port number. If your host is dynamic, enter your host and port number.
  • If your Cherwell deployment is on-premises, you must use the Virtual Tunnel. If you are one of those customers, select the Use Virtual Tunnel checkbox which will display below the API Key field for customers with a Virtual Tunnel already set up for their instance.

5. Click Save And Verify.

Contacting Cisco Support for Configuration Help

After you’ve completed the Cherwell Connector setup in Cisco Vulnerability Management, you must contact Cisco Support for help with the final steps of configuring your Cherwell Connector.

1. Get your Business Object Schema from your Cherwell instance. For more information, see Cherwell’s help page here.
2. For each field that you want to see exposed in the Cisco Vulnerability Management “Create Ticket” dialog box, specify the following:

  • The display name for the field you’d like to see in Cisco Vulnerability Management.
  • The Cherwell code name for the Field.
  • The drop-down list choices (if the field is a drop-down list).

3. Send an email message with this information to Cisco Support or submit a request through the Support Portal in the upper right-hand corner of the page.

Cisco Support will configure your Cherwell connector using the information provided. Once that is complete, you will be able to successfully create tickets using the “Create Cherwell Issue” button in the UI.

Creating a Cherwell Ticket

You can create a ticket to either address a vulnerability (or a set of vulnerabilities) or apply a fix directly in Cisco Vulnerability Management. You can create tickets from both the Vulnerabilities tab and the Fixes tab.

1. In the Cisco Vulnerability Management UI, click VM > Explore.
2. Click the Vulnerabilities tab or the Fixes tab.
3. Select a vulnerability or a fix in the list.
4. Click the Cherwell Issue button.




Creating a Cherwell Ticket for a Top Fix Group

You can create a Cherwell ticket for any Top Fix group after your connector is created. Each group can contain up to three fixes, all of which will included in the Cherwell ticket when it is opened.
1. In the UI, click VM > Dashboard.
2. Click the Top Fixes button for the group that you want to open a ticket for.
3. Click the Cherwell Issue button.


4. On the Create Cherwell Ticket page, the custom set of fields with choice values loaded from your specific Cherwell instance (provided by your Business Object Schema) display. You can select data for any of the fields. Most of the Cherwell fields will be pre-populated with the appropriate Cherwell target Project information, Cisco Vulnerability Management vulnerability enumeration, or fix data.



Viewing Cherwell ticket information

Whether the


ticket creation is initiated from Vulnerabilities, Fixes, or Fix Groups, ticket metadata becomes specifically tied to the associated vulnerabilities. Visually that is displayed in Cisco Vulnerability Management in multiple ways. First, any vulnerability with an associated ticket will display in orange on the Vulnerabilities tab.


The Service Ticket ID will be displayed on the Vulnerability ticketed in Cisco Vulnerability Management. Cherwell External IDs tend to be lengthy strings which do not display well.


The specific Cherwell Issue number is displayed on the Vulnerability Details page for the vulnerability. To access  the Vulnerability Details page, click on the vulnerability name or the blue arrow.



Issue details are at the bottom right-hand side of the Vulnerability Details page. This information includes Status and Assignee. When you click the link to  “View Cherwell Issue”, you will be directed to the ticket in your Cherwell instance.


Data Flow between Cisco Vulnerability Management and Cherwell Ticketing

The data flow between Cisco Vulnerability Management and Cherwell is somewhat bi-directional.  Tickets in Cherwell are populated with asset, vulnerability, and fix information from Cisco Vulnerability Management.  A nightly data synchronization pulls in the service ticket number and ticket status from Cherwell but will not update the vulnerability status in Cisco Vulnerability Management. Therefore, status changes of Open/Closed/Deleted made to a ticket in Cherwell as part of the remediation workflow are synchronized back to the Cisco Vulnerability Management ticket view, however, any vulnerabilities associated with the ticket will not be marked as closed until data is retrieved from the scanning platform confirming the vulnerability is fixed. Once the ticket has been created in Cherwell, a notification bar will appear at the top of the page with the ticket information which is a link to the new ticket in Cherwell.

Cherwell ticket data is fully accessible from Cisco Vulnerability Management and can be used as filter criteria from the right-hand search pane in the Explore page as shown below. This view is available only if there are vulnerabilities in the current view who have a ticket status other than “None”.



Additional Information

The Cisco Vulnerability Management Cherwell Ticketing integration is designed to be highly customizable. 

Cisco Vulnerability Management will connect to Cherwell to retrieve the list of available choices for each of the listed fields from the Business Object Schema and display them in the form presented to the Cisco Vulnerability Management user. Changes to the choices should be made in the Business Object Schema section of Cherwell and updated with the help of Cisco Support. If you do not inform Cisco Support of the changes to the Business Object Schema, Cisco Vulnerability Management will not have the most up to date choices to display.

If a Cherwell Ticket exists for a specific vulnerability or fix, you cannot create a second ticket from Cisco Vulnerability Management for that item.

If a Cherwell ticket exists for a subset of fixes or vulnerabilities that you are trying to ticket, you can create that ticket, however it will only include the data from the selection that has not yet been ticketed.

Optional Settings

  • Service Ticket Type: If you want to change the default ticket type to a different status

Additional Assistance

Contact Cisco Support if you require any additional assistance with the Cherwell Connector.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request



Please sign in to leave a comment.