Submit a Sensational Support Ticket

Submitting a support ticket can be difficult and confusing at times. To help you submit effective support tickets, this article covers how to prevent requests for more information, which delay the process.

Submitting a Support Ticket

If your question/issue hasn’t been answered in the available resources listed in the Support Resources article, you can:

  • submit a ticket from the Help Desk, or
  • send us an email to Support

Help Center

When using the Help Center, click SUBMIT A REQUEST.

Support-Ticket.png

The Submit a Request form is divided into four sections:

  • Your email address can be populated with your email as well as other email(s) that you wish to be included in all responses on the ticket. For example, your account team, a manager or colleague who needs to be kept in the loop or maybe a distribution email address that needs to be copied on your ticket for coverage.

  • Subject should contain a few words or a sentence that sums up the general topic of the request. The Subject is one of the most important sections of any support ticket. Be as precise and concise as possible. Check out the section of this guide titled Tips for Writing Sensational Support Tickets for more help. As you fill in the Subject field, you will find a new section (Suggested articles) appear. These are article that have similar keywords as listed in your subject field.

  • Description should have all the information the Support Team needs to understand the issue you are experiencing, how to replicate the issue, and any workarounds you may have identified. The following is a list of critical information to include, depending on ticket type. For specific minimum requirements per ticket type, see the below section on Ticket Types and Their Related Minimum Requirements.

    • The URL of your Cisco Vulnerability Management instance, e.g: myco.kennasecurity.com or your organization’s name (Bonus points for both).

    • The Cisco Vulnerability Management product at issue: Vulnerability Management, Application Security, API, Vulnerability Intelligence.

    • The URL or title of the screen where the issue is occurring, i.e. Explore View, or a specific vulnerability url.

    • Issue Statement and detailed description of the problem, how it’s impacting you and your desired use case. Include screenshots whenever possible.

    • The behavior you are expecting or usually encounter given the scenario with screenshots whenever possible.

    • Whether the issue is reproducible on each attempt or intermittent, and if there is a pattern. If so, a step by step detail on how to recreate the issue goes a long way. 

    • Detail any error/messages or dialog boxes presented or send screenshots.

    • Explain any workarounds for the issue encountered.

    • Whether the issue is encountered using a different web browser or a different machine. If so, please provide the browser you are using, and the version information and/or the machine specs. 

    • Whether the issue is exclusive to one user or many. What privilege role does the user/s experiencing the issue have? Are they admin, read only or a specific custom role?

    • If this is a request for an enhancement, please provide details of the use case you are trying to address, the desired outcome/expected result, whether there is any workaround, the business impact and the criticality of the request (high/med/low).

  • Attachments can include any additional information that can support us in addressing your issue, but screenshots are vastly helpful.

Support-Ticket-2.png

We look forward to resolving your issue as quickly as possible now that we are armed with this information-packed request!

Please see below for additional tips that can help our team address your issue promptly.

An Example of a Sensational Support Ticket

Your email address
myboss@mycompany.com; myteam@mycompany.com

Subject
Risk Meter Group not showing expected assets

Description
I have created a Risk Meter Group named “EMEA Windows Servers Group” using the following filter on my organisation’s Cisco Vulnerability Management instance (myco.kennasecurity.com) under the Vulnerability Management module:

os:(Windows) AND tag:winsrv

When reviewing the group here:

https://mycompany.kennasecurity.com/explore?status%5B%5D=active&vulnerability%5Bstatus%5D%5B%5D=open&vulnerability%5Bq%5D=os%3A(*windows)%20AND%20tag%3Awinsrv*

I am seeing only 425 assets with open vulnerabilities. From my scanner information, I am expecting to see more around the 600 mark. There are no error messages and the result is consistent every time I run the query. I have tried using IE on another Windows 10 machine as my own is running Google Chrome but the issue remains. Other admins on the environment also see the same result. This is a serious issue for us as our end of month reporting is affected. I have no way to work around this issue at present.

Note: At this point you should include your attachments such as screenshots or export files which can confirm the problem and facilitate reproduction of your issue.

Submit_Request_Support_Ticket_Example.png

Tips for Writing Sensational Support Tickets

Write your report clearly so that anyone can sit down and reproduce your issue. Avoid using jargon or abbreviations because the person reading the request may not know what you mean. If you have difficulty following your own steps for reproducing an issue, chances are we'll find it difficult too.
If you have a workaround, include step-by-step instructions in your support ticket – this will assist the Support team and possibly other users who might encounter the same issue in the future.

Test your issue report before submitting it. Do the steps to reproduce your issue result in the same error or issue every time? Did you forget to write down a step? Walking through an issue report before submitting it helps ensure that your report is accurate and complete and contains enough information for us to research the problem effectively.

Spending the necessary time up front to ensure that your support ticket is easy to read, and that all of the pertinent information is included, allows the Support Team and developers to spend more time working to resolve the issue and will help you avoid the frustration of having to backtrack in order to provide missing data.

Follow the recommended format. Include a detailed description, reproduction steps if applicable, expected results, actual results, and any discussion or comments, including your recommendations or workarounds. We’ll be glad to help you find a resolution as quickly as possible.

Ticket Types and Their Related Minimum Requirements

Note: please still follow the guidance above to provide the most detail possible in the description. This is a list of some ticket types and their essential minimum requirements.

Ticket Type

Minimum Information Required

Connector Run Errors

  • Connector ID

  • Type of connector

Agent setup

 

 

Ticketing setup/errors (JIRA, Cherwell, Remedy)

  • Detailed steps on how to reproduce(include exact steps that led up to the error)

  • Permission from the client for support to run tests

API results problems

 

  • Describe the exact result, what was expected and what actually showed up?

  • What is the user role for the API key that was used?

  • Which API endpoint was used? What parameters were used in the request? Review accepted parameters here: https://apidocs.kennasecurity.com/reference

  • Provide screenshots parameters used and errors.

  • If there is an issue with exports and/or objects that return an ID, please provide the ID in the ticket.

Risk Meter query results inconsistencies

  • List the query/queries used.

  • Describe the exact result problem, what was expected and what actually showed up?

Bulk User Role edits

  • Please provide a CSV file of the users, and the roles to be edited

Bulk Risk Meter edits

  • Please provide a CSV file with the following headers, Risk Meter Name, Old Query, New Query

Asset deletion

  • A .csv file with a list of asset_ids

  • This content can be in either rows, or columns, but not both

  • If there are any additional contents in the CSV file be sure to clarify which column/row contains asset ids.

Vulnerability not closing

  • Provide the vulnerability ids and/or the CVE id

  • Look at the scanner vulnerabilities on the vulns in question and see which connector ID it is associated with if possible

Full connector runs

  • Approximate time of when you would like the run to be kicked off

  • Connector ID/Name

Tag purge/wipe requests (wipes all tags from environment)

  • Approximate time of when you would like all tags purged

  • If you want Support to kick off connectors following the purge provide:

    • Connector IDs/Names

Turn on tag reset (wipes tags associated with any active asset reported by a particular connector)

  • Connector name and ID to turn on tag reset

  • Whether you want to leave it on, or turn it off after one reset.

Custom asset locator ordering

  • Whether the customer order is global, or on a particular connector.

  • Connector name and ID if it’s for a connector.

  • List of Locators in the requested order (external_id_locator, ec2_locator, mac_address_locator, netbios_locator, external_ip_address_locator, hostname_locator, url_locator, file_locator, fqdn_locator, application_locator, ip_address_locator)

Disabling the 200 point score bump for External IP Addresses and/or Applications

  • Declare if you want the 200 point scoring bump to be removed from all application assets

  • Declare if you want the score bump removed for specific IPs or if you want specific IPs removed from the list

  • List of IPs or IP Ranges

Deletion or remapping of service tickets within Cisco Vulnerability Management

For Deletion:

  • The ticket identifier, and a .csv of vulnerability IDs if you would like to unmap only certain vulnerabilities

For Remapping:

  • The ticket identifier you’re mapping from

  • The ticket you’re mapping to

  • If applicable, and you’re only moving a subset of vulnerability IDs, please also include a .csv of vulnerability IDs.

IP Whitelisting

  • Specifying the type of request to be made to the whitelist (additions/removals)

  • If you would like your whitelist removed and created with new parameters, please indicate so

  • Please indicate if each IP or range applies to the API, Web or Both

  • We need a list of IPs or ranges of IPs and what criteria the whitelist should apply to

    • If the list is extensive, please provide in a .csv file

    • In our settings we express ranges as a CIDR block

Graph smoothing

  • A series of exact dates to be smoothed

  • The scope of the smoothing to be performed

    • Indicate Risk Meter IDs, or All Risk Meters; All Roles, or a List of Roles, or Everything

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.