Cherwell Ticketing Connector

Cisco Vulnerability Management’s ticketing integrations allow customers to take advantage of our powerful prioritization and reporting platform to streamline your remediation workflow and ensure that you’re able to close the vulnerabilities that Cisco Vulnerability Management prioritizes for you. With the Cherwell Ticketing Integration, you can send tickets directly from the UI to Cherwell. This guide will help you get up and running.


Adding the Cherwell Ticketing Connector (pre-requisite to Contacting Support for Configuration)

Data flow between Cisco Vulnerability Management and Cherwell requires the configuration of the Cherwell Connector in Cisco Vulnerability Management. Unlike many of the other connectors within Cisco Vulnerability Management, the Cherwell Connector requires setup actions from Cisco Vulnerability Management’s Support team in order to successfully create the Connector. Before Emailing the Support team please complete the following:

Add the Cherwell Ticketing Connector from the connectors tab. If you do not see the Cherwell Connector by default (and you are a Cisco Vulnerability Management Admin) please email support or your Customer Success Team and ask them to enable the Cherwell connector for your Cisco Vulnerability Management Instance.


The image below shows the Cisco Vulnerability Management Cherwell Connector configuration window.


The information required to configure the connector includes:

  • Username (Service Account User recommended)

    • Password for the associated Service Account

  • API Token

  • Cherwell host

    • If your host is static, you may enter an IP address and the port. If not, please enter your host and port information.

  • If your Cherwell deployment is on-premise you will need to leverage the Kenna Virtual Tunnel.

    • Once you have the Virtual Tunnel installed, in the Cherwell set-up window, please check the box for “Use Kenna Virtual Tunnel” if your deployment is on-premise. If you are deployed in the Cloud, please ignore this final bullet and move to the next step.

After entering the Username, API Key and Host information, click Save And Verify to save the connector.

Contacting Support for Configuration

Once you’ve completed the Cherwell Connector Set-up documented above, please

  • Get your Business Object Schema from your Cherwell instance

    • Instruction for this can be found on Cherwell’s help page Here

  • For each field that you want to see exposed in the “Create Ticket” dialogue box, specify:

    • The display name for the field you’d like to see in Cisco Vulnerability Management

    • The Cherwell code name for the Field

    • The dropdown choices (if the field is a dropdown)

Once you have all of the above information please send this to the Cisco Vulnerability Management Security Support team by emailing them at or submitting a request via the Support Portal in the upper right hand corner of this page.

From there, Support will configure your Cherwell connector on the backend with the information provided. Once that is completed, then you will be able to successfully create tickets using the “Create Cherwell Issue” button in the UX.


Creating a Cherwell Ticket

Tickets can be created to either address a vulnerability (or a set of vulnerabilities) or apply a fix directly in Cisco Vulnerability Management.  You can create tickets from both the Vulnerabilities tab and the Fixes tab. You can do so by selecting the checkbox to the left of the desired item, and clicking the Cherwell Issue button, which will appear next to the tabs within the explore view.



Cherwell Tickets can also be created for any Top Fix group using the same button, which will appear after your connector is created. The Cherwell ticket will be created for the Top Fix Group which is currently shown on the screen and each group may contain up to 3 fixes, all of which will included in the Cherwell Issue.


Once you click to create a new ticket, the Cherwell dialog box will pop up and display the custom set of fields with choice values loaded from your specific Cherwell instance (provided by your Business Object Schema). Users can select data for any of the fields. Unlike the JIRA and ServiceNow Connectors most of the Cherwell fields will be pre-populated with the appropriate Cherwell target Project information, Cisco Vulnerability Management vulnerability enumeration, or fix data.



Whether the Cherwell ticket creation is initiated from Vulnerabilities, Fix, or Fix Groups, ticket metadata becomes specifically tied to the associated vulnerabilities.  Visually that is displayed in Cisco Vulnerability Management in multiple ways.  First, any vulnerability with an associated ticket will show an orange “pill” on the Vulnerabilities tab.


The Service Ticket ID will be displayed on the Vulnerability ticketed within Cisco Vulnerability Management. Cherwell External IDs tend to be lengthy strings which do not display well in the platform:


The specific Cherwell Issue number is displayed on the Vulnerability Details page for the vulnerability. To get to the Vulnerability Details page, click on the vulnerability name or the blue carat to see the details on a vulnerability from the Vulnerabilities tab.



Issue details are at the bottom right hand side of the vulnerability detail page. This information includes Status and Assignee. When you click the link to  “View Cherwell Issue”, you will be directed to the Ticket in your Cherwell instance.


Data Flow between Cisco Vulnerability Management and Cherwell Ticketing

Data flow between Cisco Vulnerability Management and Cherwell is somewhat bi-directional.  Tickets in Cherwell are populated with asset, vulnerability, and fix information from Cisco Vulnerability Management.  A nightly data sync will pull in the service ticket number and ticket status from Cherwell but will not update the vulnerability status in Cisco Vulnerability Management. Therefore, status changes of Open/Closed/Deleted made to a ticket in Cherwell as part of the remediation workflow are synced back to the Cisco Vulnerability Management ticket view, however, any vulnerabilities associated with the ticket will not be marked as closed until data is retrieved from the scanning platform confirming the vulnerability is fixed. Once the ticket has been created in Cherwell a notification bar will appear at the top of the page with the Ticket information which is a link to the new ticket in Cherwell.

Cherwell ticket data is fully accessible from with Cisco Vulnerability Management and can be used as filter criteria from the right hand search pane in the explorer view as shown below. This view is only available if there are vulnerabilities in the current view who have a ticket status other than “None”.



Additional Information

The Cisco Vulnerability Management Cherwell Ticketing integration is built to be highly customizable. Please keep this in mind when creating the connector.

Cisco Vulnerability Management will connect to Cherwell to retrieve the list of available choices for each of the listed fields from the Business Object Schema and display them in the form presented to the Cisco Vulnerability Management user. Changes to the choices should be made in the Business Object Schema section of Cherwell and updated with Cisco Vulnerability Management Support. If you do not inform Cisco Vulnerability Management Support of the changes to the Business Object Schema, Cisco Vulnerability Management will not have the most up to date choices to display.

If a Cherwell Ticket exists for a specific Vulnerability or Fix, you will be unable to create a second ticket from Cisco Vulnerability Management for that item.

If a Cherwell ticket exists for a subset of fixes or vulnerabilities you are trying to ticket, you can create that ticket, however it will only include the data from the selection that has not yet been ticketed.

Optional Settings:

  • Service Ticket Type

    • If you wish to change the default ticket type to a different status

Please contact Cisco Vulnerability Management Support should you require any additional assistance with the Cherwell Connector.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request



Please sign in to leave a comment.