Liongard Ideas Portal

Submit and upvote ideas to make Liongard better. You get 20 votes so vote wisely. 🙂

To learn more about our Ideas Portal, check out our FAQs.
To schedule a feedback session with a member of the Liongard Research Team, click here.

See what we've shipped by clicking here!

Scan hosts in existing actionable alerts and only re-open if host was on the original list

Hello! We believe there would be a use case to only re-open actionable alerts once they are marked closed-completed if there is a host involved ONLY if the new host found is on the original list.

For example, for a stale computers active directory ticket, it generates a comment upon opening of the list of John-1, Sam-2, Sam-PC, Sally-4, and June-6.

The ticket has been open 9 days. On the date that Frank works the ticket, the computer Jane-6 goes stale, and the inspector has not yet ran.

Frank works the ticket, deleting John-1, Sam-2, Sam-PC, Sally-4, and June-6. Upon marking the ticket closed-complete, the agent runs and detects Ryan-6 is now stale, and re-opens the ticket, saying the ticket conditions have not been met, even though Frank has successfully addressed all the hosts listed in the ticket.

What has been explained to me is if the alert has been open in the last 7 days, the agent checks ticket name + client instead of ticket name + client + hosts ticket was for.

Our request is that if the ticket is in closed-complete status, the agent would open a new ticket if the host it is for was not listed on the old ticket.

That way, Frank is responsible for the ticket as it was on the day it was worked, rather than being responsible for it (potentially) perpetually.

  • Guest
  • May 18 2020
  • Reviewed - Under Consideration
Last Reviewed Date 2021-03-19
  • Attach files
  • Seth Heitzmann commented
    12 Aug, 2020 07:42pm

    I agree that this is needed. When Liongard is re-opening a ticket, the original resource is still assigned. We need the ability for any new, unique detections to be in a new state so they can be dispatched accordingly. I would say this should apply to any data within an actionable alert since "host" may not always be applicable.