Freshworks Freshservice
Integration version: 11.0
Use Cases
Integration with service desk.
Freshservice Configuration
Freshservice Google Security Operations SOAR integration is working based on Freshservice API Keys.
How to get the API Key of the account in Freshservice
- Login to your Freshservice Support Portal
- Click on account profile picture on the top right corner of your portal
- Go to Profile settings Page
- Account API key will be available below the change password section to your right
- Save this API key, you will need it for the Google Security Operations SOAR integration configuration.
Configure Freshworks Freshservice integration in Google Security Operations SOAR
For detailed instructions on how to configure an integration in Google Security Operations SOAR, see Configure integrations.
Integration parameters
Use the following parameters to configure the integration:
| Parameter Display Name | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| API Root | String | https://yourdomain.freshservice.com | Yes | Freshservice instance API Root URL. |
| API Key | Password | N/A | Yes | Freshservice API Key to use in integration. |
| Verify SSL | Checkbox | Checked | No | If enabled, the integration verifies that Root URL is configured with a valid certificate. |
Actions
Ping
Description
Test connectivity to the Freshservice instance with parameters provided at the integration configuration page in the Google Security Operations Marketplace tab.
Run On
This action doesn't run on entities.
Action Results
Script Result
| Script Result Name | Value Options |
|---|---|
| is_success | is_success=False |
| is_success | is_success=True |
Case Wall
| Result Type | Value / Description | Type |
|---|---|---|
| Output message* | The action should not fail nor stop a playbook execution:
The action should fail and stop a playbook execution:if critical error, like wrong credentials or lost connectivity: "Failed to connect to the Freshservice instance! Error is {0}".format(exception.stacktrace) |
General |
List Tickets
Description
List Freshservice tickets based on the specified search criteria. Note that action is not working on Google Security Operations SOAR entities.
Parameters
| Parameter Display Name | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| Ticket Type | DDL | All | No | Specify ticket type to return. |
| Requester | String | N/A | No | Specify the requester email of the tickets to return. |
| Include Stats | Checkbox | Unchecked | No | If enabled, action will return additional stats on the tickets. |
| Search for Last X Hours | Integer | N/A | No | Specify the timeframe to search tickets for. |
| Rows per Page | Integer | 30 | No | Specify how many tickets should be returned per page for Freshservice pagination. |
| Start at Page | Integer | 1 | No | Specify starting from which page tickets should be returned with Freshservice pagination. |
| Max Rows to Return | Integer | 30 | No | Specify how many tickets action should return in total. |
Run On
This action doesn't run on entities.
Action Results
Script Result
| Script Result Name | Value Options |
|---|---|
| is_success | is_success=False |
| is_success | is_success=True |
JSON Result
{
"tickets": [
{
"subject": "Support Needed...",
"group_id": null,
"department_id": null,
"category": null,
"sub_category": null,
"item_category": null,
"requester_id": 17000032840,
"responder_id": null,
"due_by": "2021-07-08T21:00:00Z",
"fr_escalated": false,
"deleted": false,
"spam": false,
"email_config_id": null,
"fwd_emails": [],
"reply_cc_emails": [],
"cc_emails": [],
"is_escalated": false,
"fr_due_by": "2021-07-01T18:00:00Z",
"id": 7,
"priority": 1,
"status": 2,
"source": 2,
"created_at": "2021-06-29T08:56:24Z",
"updated_at": "2021-06-29T10:04:51Z",
"to_emails": null,
"type": "Incident",
"description": "<div>Details about the issue...</div>",
"description_text": "Details about the issue...",
"custom_fields": {},
"requester": {
"email": "dana@example.com",
"id": 17000032840,
"mobile": "dana@example.com",
"name": "Dana",
"phone": null
}
}
]
}
Case Wall
| Result type | Value/Description | Type |
|---|---|---|
| Output message* | The action should not fail nor stop a playbook execution:
The action should fail and stop a playbook execution: if fatal error, like wrong credentials, no connection to server, other: "Error executing action "List Tickets". Reason: {0}''.format(error.Stacktrace) |
General |
| Table | Table Name: Freshservice Tickets Found Table Columns: ID Type Subject Description Requester Email Category Status Priority Source Created Date Updated Date Due Date Escalated Deleted |
General |
Create Ticket
Description
Create a Freshservice ticket.
Parameters
| Parameter Display Name | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| Subject | String | N/A | Yes | Specify subject field for created ticket. |
| Description | String | N/A | Yes | Specify description field for created ticket. |
| Requester Email | String | N/A | Yes | Specify requester email for created ticket. |
| Agent Assign To | String | N/A | No | Specify the agent email to assign the ticket to. |
| Group Assign To | String | N/A | No | Specify the group name to assign the ticket to. |
| Priority | DDL | Medium | Yes | Specify priority to assign to the ticket. |
| Urgency | DDL | Medium | No | Specify urgency to assign to the ticket. |
| Impact | DDL | Medium | No | Specify impact to assign to the ticket. |
| Tags | String | N/A | No | Specify tags to assign to the ticket. Parameter accepts multiple values as a comma separated string. |
| Custom Fields | JSON | N/A | No | Specify a JSON object that contains custom fields to add to the ticket. Acton appends new custom fields to any existing for a ticket. Example format: {"key1":"value1", "key2":"value2"} |
| File Attachments to Add | String (CSV) | N/A | No | Specify the full path for the file to be uploaded with the ticket. Parameter accepts multiple values as a comma separated string. The total size of the attachments must not exceed 15MB. |
Run On
This action doesn't run on entities.
Action Results
Script Result
| Script Result Name | Value Options |
|---|---|
| is_success | is_success=False |
| is_success | is_success=True |
JSON Result
{
"ticket": {
"cc_emails": [],
"fwd_emails": [],
"reply_cc_emails": [],
"fr_escalated": false,
"spam": false,
"email_config_id": null,
"group_id": null,
"priority": 2,
"requester_id": 17000032840,
"responder_id": null,
"source": 2,
"status": 2,
"subject": "Support Needed 4...",
"to_emails": null,
"department_id": null,
"id": 10,
"type": "Incident",
"due_by": "2021-07-02T18:00:00Z",
"fr_due_by": "2021-06-30T20:00:00Z",
"is_escalated": false,
"description": "<div>Details about the issue...</div>",
"description_text": "Details about the issue...",
"category": null,
"sub_category": null,
"item_category": null,
"custom_fields": {
"test": "very_test"
},
"created_at": "2021-06-30T08:01:30Z",
"updated_at": "2021-06-30T08:01:30Z",
"tags": [
"test"
],
"attachments": []
}
}
Case Wall
| Result type | Value/Description | Type |
|---|---|---|
| Output message* | The action should not fail nor stop a playbook execution:
The action should fail and stop a playbook execution: if fatal error, SDK error, like wrong credentials, no connection to server, other: "Error executing action "Create Ticket". Reason: {0}''.format(error.Stacktrace) |
General |
Update Ticket
Description
Update a Freshservice ticket based on provided action input parameters. Note that if new tags for the ticket are provided, due to the Freshservice API limitations action replaces existing tags in the ticket, not appending new ones to existing.
Parameters
| Parameter Display Name | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| Ticket ID | Integer | N/A | Yes | Specify ticket id to update. |
| Status | DDL | Not changed | No | Specify new status for the ticket. |
| Subject | String | N/A | No | Specify subject field to update. |
| Description | String | N/A | No | Specify description field to update. |
| Requester Email | String | N/A | No | Specify requester email to update. |
| Agent Assign To | String | N/A | No | Specify the agent email to update. |
| Group Assign To | String | N/A | No | Specify the group name to update. |
| Priority | DDL | Not Changed | No | Specify priority to update. |
| Urgency | DDL | Not Changed | No | Specify urgency to update. |
| Impact | DDL | Not Changed | No | Specify impact to update. |
| Tags | String | N/A | No | Specify tags to to replace in the ticket. Parameter accepts multiple values as a comma separated string. Note that due to the Freshservice API limitations action replaces existing tags in the ticket, not appending new ones to existing. |
| Custom Fields | JSON | N/A | No | Specify a JSON object that contains custom fields to add to the ticket. Acton appends new custom fields to any existing for a ticket. Example format: {"key1":"value1", "key2":"value2"} |
| File Attachments to Add | String (CSV) | N/A | No | Specify the full path for the file to be uploaded with the ticket. Parameter accepts multiple values as a comma separated string. The total size of the attachments must not exceed 15MB. |
Run On
This action doesn't run on entities.
Action Results
Script Result
| Script Result Name | Value Options |
|---|---|
| is_success | is_success=False |
| is_success | is_success=True |
JSON Result
{
"ticket": {
"cc_emails": [],
"fwd_emails": [],
"reply_cc_emails": [],
"spam": false,
"email_config_id": null,
"fr_escalated": false,
"group_id": 17000034192,
"priority": 1,
"requester_id": 17002188556,
"responder_id": 17002188556,
"source": 2,
"status": 2,
"subject": "Support Needed 9...",
"description": "Details about the issue...",
"description_text": "Details about the issue...",
"category": null,
"sub_category": null,
"item_category": null,
"custom_fields": {
"test": "very_test"
},
"id": 12,
"type": "Incident",
"to_emails": null,
"department_id": 17000016543,
"is_escalated": false,
"tags": [
"test"
],
"due_by": "2021-07-09T17:00:00-04:00",
"fr_due_by": "2021-07-02T14:00:00-04:00",
"created_at": "2021-06-30T08:36:43Z",
"updated_at": "2021-06-30T09:39:12Z",
"attachments": []
}
}
Case Wall
| Result type | Value/Description | Type |
|---|---|---|
| Output message* | The action should not fail nor stop a playbook execution:
The action should fail and stop a playbook execution: if fatal error, SDK error, like wrong credentials, no connection to server, other: "Error executing action "Update Ticket". Reason: {0}''.format(error.Stacktrace) |
General |
List Ticket Conversations
Description
List Freshservice tickets conversations based on the specified search criteria. Note that action is not working on Google Security Operations SOAR entities.
Parameters
| Parameter Display Name | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| Ticket ID | Integer | N/A | Yes | Specify ticket ID to return conversations for. |
| Rows per Page | Integer | 30 | No | Specify how many ticket conversations should be returned per page for Freshservice pagination. |
| Start at Page | Integer | 1 | No | Specify starting from which page ticket conversations should be returned with Freshservice pagination. |
| Max Rows to Return | Integer | 30 | No | Specify how many ticket conversations action should return in total. |
Run On
This action doesn't run on entities.
Action Results
Script Result
| Script Result Name | Value Options |
|---|---|
| is_success | is_success=False |
| is_success | is_success=True |
JSON Result
{
"conversations": [
{
"id": 17014994010,
"user_id": 17000032840,
"to_emails": [],
"body": "<div>This is a test note!</div>",
"body_text": "This is a test note!",
"ticket_id": 12,
"created_at": "2021-07-05T06:58:32Z",
"updated_at": "2021-07-05T06:58:32Z",
"incoming": false,
"private": false,
"support_email": null,
"source": 2,
"from_email": null,
"cc_emails": [],
"bcc_emails": null,
"attachments": []
},
{
"id": 17014993985,
"user_id": 17000032840,
"to_emails": [
"dana@example.com"
],
"body": "<div>We are working on this issue. Will keep you posted.</div>",
"body_text": "We are working on this issue. Will keep you posted.",
"ticket_id": 12,
"created_at": "2021-07-05T06:57:27Z",
"updated_at": "2021-07-05T06:57:27Z",
"incoming": false,
"private": false,
"support_email": "helpdesk@siemplifyservicedesk.freshservice.com",
"source": 0,
"from_email": "helpdesk@siemplifyservicedesk.freshservice.com",
"cc_emails": [],
"bcc_emails": [],
"attachments": []
}
],
"meta": {
"count": 2
}
}
Case Wall
| Result type | Value/Description | Type |
|---|---|---|
| Output message* | The action should not fail nor stop a playbook execution:
The action should fail and stop a playbook execution: if fatal error, like wrong credentials, no connection to server, other: "Error executing action "List Ticket Conversations". Reason: {0}''.format(error.Stacktrace) |
General |
| Table | Table Name: Freshservice Ticket <ticket id> Conversations Table Columns: ID Type Visibility User Email Text From Email To Email CC Email BCC Email |
General |
Add a Ticket Reply
Description
Add a reply to a Freshservice ticket. Note that action is not working on Google Security Operations SOAR entities.
Parameters
| Parameter Display Name | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| Ticket ID | Integer | N/A | Yes | Specify ticket ID to return conversations for. |
| Reply Text | String | N/A | Yes | Specify reply text to add to ticket. |
Run On
This action doesn't run on entities.
Action Results
Script Result
| Script Result Name | Value Options |
|---|---|
| is_success | is_success=False |
| is_success | is_success=True |
JSON Result
"conversation": {
"id": 17014998560,
"user_id": 17000032840,
"from_email": "helpdesk@siemplifyservicedesk.freshservice.com",
"cc_emails": [],
"bcc_emails": [],
"body": "<div>We are working on this issue. Will keep you posted.2</div>",
"body_text": "We are working on this issue. Will keep you posted.2",
"ticket_id": 12,
"to_emails": [
"dana@example.com"
],
"attachments": [],
"created_at": "2021-07-05T09:19:02Z",
"updated_at": "2021-07-05T09:19:02Z"
}
}
Case Wall
| Result type | Value/Description | Type |
|---|---|---|
| Output message* | The action should not fail nor stop a playbook execution:
The action should fail and stop a playbook execution: if fatal error, SDK error, like wrong credentials, no connection to server, other: "Error executing action "Add a Ticket Reply". Reason: {0}''.format(error.Stacktrace) |
General |
Add a Ticket Note
Description
Add a note to a Freshservice ticket. Note that action is not working on Google Security Operations SOAR entities.
Parameters
| Parameter Display Name | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| Ticket ID | Integer | N/A | Yes | Specify ticket ID to return conversations for. |
| Note Type | DDL | Private | No | Specify the type of note action should add to the ticket. |
| Note Text | String | N/A | Yes | Specify note text to add to ticket. |
Run On
This action doesn't run on entities.
Action Results
Script Result
| Script Result Name | Value Options |
|---|---|
| is_success | is_success=False |
| is_success | is_success=True |
JSON Result
{
"conversation": {
"id": 17014999107,
"incoming": false,
"private": false,
"user_id": 17000032840,
"support_email": null,
"body": "<div>This is a test note2!</div>",
"body_text": "This is a test note2!",
"ticket_id": 12,
"to_emails": [],
"attachments": [],
"created_at": "2021-07-05T09:35:28Z",
"updated_at": "2021-07-05T09:35:28Z"
}
}
Case Wall
| Result type | Value/Description | Type |
|---|---|---|
| Output message* | The action should not fail nor stop a playbook execution:
The action should fail and stop a playbook execution: if fatal error, SDK error, like wrong credentials, no connection to server, other: "Error executing action "Add a Ticket Note". Reason: {0}''.format(error.Stacktrace) |
General |
List Agents
Description
List Freshservice agents based on the specified search criteria. Note that action is not working on Google Security Operations SOAR entities.
Parameters
| Parameter Display Name | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| Agent Email | String | N/A | No | Specify the email address to return agent records for. |
| Agent State | DDL | ALL | No | Specify agent states to return. |
| Include not Active Agents | Checkbox | Unchecked | No | If enabled, results will include not active agent records. |
| Rows per Page | Integer | 30 | No | Specify how many agent records should be returned per page for Freshservice pagination. |
| Start at Page | Integer | 1 | No | Specify starting from which page agent records should be returned with Freshservice pagination. |
| Max Rows to Return | Integer | 30 | No | Specify how many agent records action should return in total. |
Run On
This action doesn't run on entities.
Action Results
Script Result
| Script Result Name | Value Options |
|---|---|
| is_success | is_success=False |
| is_success | is_success=True |
JSON Result
{
"agents": [
{
"active": true,
"address": null,
"background_information": null,
"can_see_all_tickets_from_associated_departments": false,
"created_at": "2021-06-29T10:37:36Z",
"custom_fields": {},
"department_ids": [
17000016543
],
"email": "dana@example.com",
"external_id": null,
"first_name": "dmitry",
"has_logged_in": false,
"id": 17002188556,
"job_title": null,
"language": "en",
"last_active_at": null,
"last_login_at": null,
"last_name": "s",
"location_id": null,
"mobile_phone_number": null,
"occasional": true,
"reporting_manager_id": null,
"role_ids": [
17000023339
],
"roles": [
{
"role_id": 17000023339,
"assignment_scope": "entire_helpdesk",
"groups": []
}
],
"scopes": {
"ticket": null,
"problem": null,
"change": null,
"asset": null,
"solution": null,
"contract": null
},
"scoreboard_level_id": 1,
"signature": "<p> </p>\n",
"time_format": "12h",
"time_zone": "American Samoa",
"updated_at": "2021-06-29T10:37:36Z",
"work_phone_number": null,
"group_ids": [
17000034192
],
"member_of": [
17000034192
],
"observer_of": []
},
Case Wall
| Result type | Value/Description | Type |
|---|---|---|
| Output message* | The action should not fail nor stop a playbook execution:
The action should fail and stop a playbook execution: if fatal error, like wrong credentials, no connection to server, other: "Error executing action "List Agents". Reason: {0}''.format(error.Stacktrace) |
General |
Table |
Table Name: Freshservice Agents Found Table Columns: ID First Name Last Name Roles Groups Departments Location Active Occasional Custom Fields Created Date Updated Date Last Active Date Last Login Date |
General |
List Requesters
Description
List requesters registered in Freshservice based on the specified search criteria. Note that action is not working on Google Security Operations SOAR entities.
Parameters
| Parameter Display Name | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| Requester Email | String | N/A | No | Specify the email address to return requester records for. |
| Rows per Page | Integer | 30 | No | Specify how many agent records should be returned per page for Freshservice pagination. |
| Start at Page | Integer | 1 | No | Specify starting from which page agent records should be returned with Freshservice pagination. |
| Max Rows to Return | Integer | 30 | No | Specify how many agent records action should return in total. |
Run On
This action doesn't run on entities.
Action Results
Script Result
| Script Result Name | Value Options |
|---|---|
| is_success | is_success=False |
| is_success | is_success=True |
JSON Result
{
"requesters": [
{
"active": true,
"address": null,
"background_information": null,
"can_see_all_tickets_from_associated_departments": false,
"created_at": "2020-07-06T08:07:30Z",
"custom_fields": {
"test": null
},
"department_ids": [],
"external_id": null,
"first_name": "Dana",
"has_logged_in": false,
"id": 17000038164,
"job_title": null,
"language": "en",
"last_name": "Doe",
"location_id": null,
"mobile_phone_number": null,
"primary_email": "dana@example.com",
"reporting_manager_id": null,
"secondary_emails": [],
"time_format": "12h",
"time_zone": "Eastern Time (US & Canada)",
"updated_at": "2020-07-06T08:07:30Z",
"work_phone_number": null
}
]
}
Case Wall
| Result type | Value/Description | Type |
|---|---|---|
| Output message* | The action should not fail nor stop a playbook execution:
The action should fail and stop a playbook execution: if fatal error, like wrong credentials, no connection to server, other: "Error executing action "List Requesters". Reason: {0}''.format(error.Stacktrace) |
General |
Table |
Table Name: Freshservice Requester Found Table Columns: ID First Name Last Name Departments Location Active Custom Fields Created Date Updated Date |
General |
Create Agent
Description
Create a new Freshservice Agent. Note that action is not working on Google Security Operations SOAR entities.
Parameters
| Parameter Display Name | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| String | N/A | Yes | Specify the email of the agent to create. | |
| First Name | String | N/A | Yes | Specify the first name of the agent to create. |
| Last Name | String | N/A | No | Specify the last name of the agent to create. |
| Is occasional | Checkbox | Unchecked | No | If enabled, agent will be created as an occasional agent, otherwise full-time agent will be created. |
| Can See All Tickets From Associated Departments | Checkbox | Unchecked | No | If enabled, agent will be able to see all tickets from Associated departments. |
| Departments | CSV | N/A | No | Specify department names associated with the agent. Parameter accepts multiple values as a comma separated string. |
| Location | String | N/A | No | Specify location name associated with the agent. |
| Group Memberships | CSV | N/A | No | Specify group names agent should be a member of. |
| Roles | CSV | N/A | Yes | Specify roles to add to agent. Parameter accepts multiple values as a comma separated string. Example: {"role_id":17000023338,"assignment_scope": ""} |
| Job Title | String | N/A | No | Specify agent job title. |
| Custom Fields | JSON | N/A | No | Specify a JSON object that contains custom fields to add to the agent. Acton appends new custom fields to any existing for a ticket. Example format: {"key1":"value1", "key2":"value2"} |
Run On
This action doesn't run on entities.
Action Results
Script Result
| Script Result Name | Value Options |
|---|---|
| is_success | is_success=False |
| is_success | is_success=True |
JSON Result
{
"agent": {
"active": true,
"address": null,
"background_information": null,
"can_see_all_tickets_from_associated_departments": false,
"created_at": "2021-07-06T05:40:41Z",
"custom_fields": {
"test": "testvalue"
},
"department_ids": [],
"email": "rolanda.hooch@hogwarts.edu",
"external_id": null,
"first_name": "Rolanda",
"has_logged_in": false,
"id": 17002198254,
"job_title": "Flying Instructor",
"language": "en",
"last_active_at": null,
"last_login_at": null,
"last_name": "Hooch",
"location_id": null,
"mobile_phone_number": "553632",
"occasional": true,
"reporting_manager_id": null,
"role_ids": [
17000023338
],
"roles": [
{
"role_id": 17000023338,
"assignment_scope": "entire_helpdesk",
"groups": []
}
],
"scopes": {
"ticket": null,
"problem": null,
"change": null,
"asset": null,
"solution": null,
"contract": null
},
"scoreboard_level_id": 1,
"signature": null,
"time_format": "12h",
"time_zone": "Eastern Time (US & Canada)",
"updated_at": "2021-07-06T05:40:41Z",
"work_phone_number": "443532",
"group_ids": [
17000034192
],
"member_of": [
17000034192
],
"observer_of": []
}
}
Case Wall
| Result type | Value/Description | Type |
|---|---|---|
| Output message* | The action should not fail nor stop a playbook execution:
The action should fail and stop a playbook execution: if fatal error, SDK error, like wrong credentials, no connection to server, other: "Error executing action "Create Agent". Reason: {0}''.format(error.Stacktrace) |
General |
Update Agent
Description
Update existing Freshservice Agent. Note that action is not working on Google Security Operations SOAR entities.
Parameters
| Parameter Display Name | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| Agent ID | Integer | N/A | Yes | Specify agent id to update. |
| String | N/A | No | Specify the email of the agent to update. | |
| First Name | String | N/A | No | Specify the first name of the agent to update. |
| Last Name | String | N/A | No | Specify the last name of the agent to update. |
| Is occasional | Checkbox | Unchecked | No | If enabled, agent will be updated as an occasional agent, otherwise it will be a full-time agent. |
| Can See All Tickets From Associated Departments | Checkbox | Unchecked | No | If enabled, agent will be able to see all tickets from Associated departments. |
| Departments | CSV | N/A | No | Specify department names associated with the agent. Parameter accepts multiple values as a comma separated string. |
| Location | String | N/A | No | Specify location name associated with the agent. |
| Group Memberships | CSV | N/A | No | Specify group names agent should be a member of. |
| Roles | CSV | N/A | No | Specify roles to add to agent. Parameter accepts multiple values as a comma separated string. Example: {"role_id":17000023338,"assignment_scope": "entire_helpdesk"} |
| Job Title | String | N/A | No | Specify agent job title. |
| Custom Fields | JSON | N/A | No | Specify a JSON object that contains custom fields to add to the agent. Acton appends new custom fields to any existing for a ticket. Example format: {"key1":"value1", "key2":"value2"} |
Run On
This action doesn't run on entities.
Action Results
Script Result
| Script Result Name | Value Options |
|---|---|
| is_success | is_success=False |
| is_success | is_success=True |
JSON Result
{
"agent": {
"active": true,
"address": null,
"background_information": null,
"can_see_all_tickets_from_associated_departments": false,
"created_at": "2021-07-06T05:40:41Z",
"custom_fields": {
"test": "testvalue"
},
"department_ids": [],
"email": "rolanda.hooch@hogwarts.edu",
"external_id": null,
"first_name": "Rolanda",
"has_logged_in": false,
"id": 17002198254,
"job_title": "Flying Instructor",
"language": "en",
"last_active_at": null,
"last_login_at": null,
"last_name": "Hooch",
"location_id": null,
"mobile_phone_number": "553632",
"occasional": true,
"reporting_manager_id": null,
"role_ids": [
17000023338
],
"roles": [
{
"role_id": 17000023338,
"assignment_scope": "entire_helpdesk",
"groups": []
}
],
"scopes": {
"ticket": null,
"problem": null,
"change": null,
"asset": null,
"solution": null,
"contract": null
},
"scoreboard_level_id": 1,
"signature": null,
"time_format": "12h",
"time_zone": "Eastern Time (US & Canada)",
"updated_at": "2021-07-06T05:40:41Z",
"work_phone_number": "443532",
"group_ids": [
17000034192
],
"member_of": [
17000034192
],
"observer_of": []
}
}
Case Wall
| Result type | Value/Description | Type |
|---|---|---|
| Output message* | The action should not fail nor stop a playbook execution:
The action should fail and stop a playbook execution: if fatal error, SDK error, like wrong credentials, no connection to server, other: "Error executing action "Update Agent". Reason: {0}''.format(error.Stacktrace) |
General |
Deactivate Agent
Description
Deactivate Freshservice agent. Note that action is not working on Google Security Operations SOAR entities.
Parameters
| Parameter Display Name | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| Agent ID | Integer | N/A | Yes | Specify agent id to deactivate. |
Run On
This action doesn't run on entities.
Action Results
Script Result
| Script Result Name | Value Options |
|---|---|
| is_success | is_success=False |
| is_success | is_success=True |
JSON Result
{
"agent": {
"active": false,
"address": null,
"background_information": null,
"can_see_all_tickets_from_associated_departments": false,
"created_at": "2021-07-06T05:40:41Z",
"custom_fields": {
"test": "testvalue3"
},
"department_ids": [],
"email": "rolanda.hooch@hogwarts.edu",
"external_id": null,
"first_name": "Rolanda",
"has_logged_in": false,
"id": 17002198254,
"job_title": "Flying Instructor",
"language": "en",
"last_active_at": null,
"last_login_at": null,
"last_name": "Hooch",
"location_id": null,
"mobile_phone_number": "553632",
"occasional": true,
"reporting_manager_id": null,
"role_ids": [
17000023338
],
"roles": [
{
"role_id": 17000023338,
"assignment_scope": "entire_helpdesk",
"groups": []
}
],
"scopes": {
"ticket": null,
"problem": null,
"change": null,
"asset": null,
"solution": null,
"contract": null
},
"scoreboard_level_id": 2,
"signature": "<p> </p>\n",
"time_format": "24h",
"time_zone": "Eastern Time (US & Canada)",
"updated_at": "2021-07-06T06:26:59Z",
"work_phone_number": "443532",
"group_ids": [],
"member_of": [],
"observer_of": []
}
}
Case Wall
| Result type | Value/Description | Type |
|---|---|---|
| Output message* | The action should not fail nor stop a playbook execution:
The action should fail and stop a playbook execution: if fatal error, SDK error, like wrong credentials, no connection to server, other: "Error executing action "Deactivate Agent". Reason: {0}''.format(error.Stacktrace) |
General |
Create Requester
Description
Create a new Freshservice requester. Note that action is not working on Google Security Operations SOAR entities.
Parameters
| Parameter Display Name | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| String | N/A | Yes | Specify the email of the requester to create. | |
| First Name | String | N/A | Yes | Specify the first name of the requester to create. |
| Last Name | String | N/A | No | Specify the last name of the requester to create. |
| Can See All Tickets From Associated Departments | Checkbox | Unchecked | No | If enabled, requester will be able to see all tickets from Associated departments. |
| Departments | CSV | N/A | No | Specify department names associated with the requester . Parameter accepts multiple values as a comma separated string. |
| Location | String | N/A | No | Specify location name associated with the requester . |
| Job Title | String | N/A | No | Specify requester job title. |
| Custom Fields | JSON | N/A | No | Specify a JSON object that contains custom fields to add to the requester. Acton appends new custom fields to any existing for a ticket. Example format: {"key1":"value1", "key2":"value2"} |
Run On
This action doesn't run on entities.
Action Results
Script Result
| Script Result Name | Value Options |
|---|---|
| is_success | is_success=False |
| is_success | is_success=True |
JSON Result
{
"requester": {
"active": true,
"address": null,
"background_information": null,
"can_see_all_tickets_from_associated_departments": false,
"created_at": "2021-07-06T08:12:47Z",
"custom_fields": {
"test": "testvalue"
},
"department_ids": [],
"external_id": null,
"first_name": "Rolanda",
"has_logged_in": false,
"id": 17002198308,
"job_title": "Flying Instructor",
"language": "en",
"last_name": "Hooch",
"location_id": null,
"mobile_phone_number": null,
"primary_email": "rolanda.hooch2@hogwarts.edu",
"reporting_manager_id": null,
"secondary_emails": [],
"time_format": "12h",
"time_zone": "Eastern Time (US & Canada)",
"updated_at": "2021-07-06T08:12:47Z",
"work_phone_number": null
}
}
Case Wall
| Result type | Value/Description | Type |
|---|---|---|
| Output message* | The action should not fail nor stop a playbook execution:
The action should fail and stop a playbook execution: if fatal error, SDK error, like wrong credentials, no connection to server, other: "Error executing action "Create Requester". Reason: {0}''.format(error.Stacktrace) |
General |
Update Requester
Description
Update existing Freshservice Requester. Note that action is not working on Google Security Operations SOAR entities.
Parameters
| Parameter Display Name | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| Requester ID | Integer | N/A | Yes | Specify requester id to update. |
| String | N/A | No | Specify the email of the requester to update. | |
| First Name | String | N/A | No | Specify the first name of the requester to update. |
| Last Name | String | N/A | No | Specify the last name of the requester to update. |
| Can See All Tickets From Associated Departments | Checkbox | Unchecked | No | If enabled, requester will be able to see all tickets from Associated departments. |
| Departments | CSV | N/A | No | Specify department names associated with the requester. Parameter accepts multiple values as a comma separated string. |
| Location | String | N/A | No | Specify location name associated with the requester. |
| Job Title | String | N/A | No | Specify requester job title. |
| Custom Fields | JSON | N/A | No | Specify a JSON object that contains custom fields to add to the requester. Acton appends new custom fields to any existing for a ticket. Example format: {"key1":"value1", "key2":"value2"} |
Run On
This action doesn't run on entities.
Action Results
Script Result
| Script Result Name | Value Options |
|---|---|
| is_success | is_success=False |
| is_success | is_success=True |
JSON Result
{
"agent": {
"active": true,
"address": null,
"background_information": null,
"can_see_all_tickets_from_associated_departments": false,
"created_at": "2021-07-06T05:40:41Z",
"custom_fields": {
"test": "testvalue"
},
"department_ids": [],
"email": "rolanda.hooch@hogwarts.edu",
"external_id": null,
"first_name": "Rolanda",
"has_logged_in": false,
"id": 17002198254,
"job_title": "Flying Instructor",
"language": "en",
"last_active_at": null,
"last_login_at": null,
"last_name": "Hooch",
"location_id": null,
"mobile_phone_number": "553632",
"occasional": true,
"reporting_manager_id": null,
"role_ids": [
17000023338
],
"roles": [
{
"role_id": 17000023338,
"assignment_scope": "entire_helpdesk",
"groups": []
}
],
"scopes": {
"ticket": null,
"problem": null,
"change": null,
"asset": null,
"solution": null,
"contract": null
},
"scoreboard_level_id": 1,
"signature": null,
"time_format": "12h",
"time_zone": "Eastern Time (US & Canada)",
"updated_at": "2021-07-06T05:40:41Z",
"work_phone_number": "443532",
"group_ids": [
17000034192
],
"member_of": [
17000034192
],
"observer_of": []
}
}
Case Wall
| Result type | Value/Description | Type |
|---|---|---|
| Output message* | The action should not fail nor stop a playbook execution:
The action should fail and stop a playbook execution: if fatal error, SDK error, like wrong credentials, no connection to server, other: "Error executing action "Update Requester". Reason: {0}''.format(error.Stacktrace) |
General |
Deactivate Requester
Description
Deactivate Freshservice requester. Note that action is not working on Google Security Operations SOAR entities.
Parameters
| Parameter Display Name | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| Requester ID | Integer | N/A | Yes | Specify requester id to deactivate. |
Run On
This action doesn't run on entities.
Action Results
Script Result
| Script Result Name | Value Options |
|---|---|
| is_success | is_success=False |
| is_success | is_success=True |
Case Wall
| Result type | Value/Description | Type |
|---|---|---|
| Output message* | The action should not fail nor stop a playbook execution:
The action should fail and stop a playbook execution: if fatal error, SDK error, like wrong credentials, no connection to server, other: "Error executing action "Deactivate Requester". Reason: {0}''.format(error.Stacktrace) |
General |
List Ticket Time Entries
Description
List Freshservice tickets time entries based on the specified search criteria. Note that action is not working on Google Security Operations SOAR entities.
Parameters
| Parameter Display Name | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| Ticket ID | Integer | N/A | Yes | Specify ticket ID to return time entries for. |
| Agent Email | String | N/A | Yes | Specify agent email to list ticket time entries for. |
| Rows per Page | Integer | 30 | No | Specify how many ticket time entries should be returned per page for Freshservice pagination. |
| Start at Page | Integer | 1 | No | Specify starting from which page ticket time entries should be returned with Freshservice pagination. |
| Max Rows to Return | Integer | 30 | No | Specify how many ticket time entries action should return in total. |
Run On
This action doesn't run on entities.
Action Results
Script Result
| Script Result Name | Value Options |
|---|---|
| is_success | is_success=False |
| is_success | is_success=True |
JSON Result
{
"time_entries": [
{
"id": 17000399635,
"created_at": "2021-07-08T06:26:47Z",
"updated_at": "2021-07-08T06:26:47Z",
"start_time": "2021-07-08T06:26:47Z",
"timer_running": false,
"billable": true,
"time_spent": "01:00",
"executed_at": "2021-07-08T06:26:47Z",
"task_id": null,
"note": "test_entry2",
"agent_id": 17002188556,
"custom_fields": {}
}
]
}
Case Wall
| Result type | Value/Description | Type |
|---|---|---|
| Output message* | The action should not fail nor stop a playbook execution:
The action should fail and stop a playbook execution: if fatal error, like wrong credentials, no connection to server, other: "Error executing action "List Ticket Time Entries". Reason: {0}''.format(error.Stacktrace) |
General |
| Table | Table Name: Freshservice Ticket <ticket id> Time Entries Table Columns: Time Entry ID Agent Email Note Billable Time Spent Task ID Custom Fields Timer Running Created Time Updated Time Start Time Executed Time |
General |
Add Ticket Time Entry
Description
Add a time entry to a Freshservice ticket. Note that action is not working on Google Security Operations SOAR entities.
Parameters
| Parameter Display Name | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| Ticket ID | Integer | N/A | Yes | Specify ticket ID to add a time entry for. |
| Agent Email | String | N/A | Yes | Specify agent email for whom to add a ticket time entry. |
| Note | String | N/A | No | Specify a note to add to the ticket time entry. |
| Time Spent | String | N/A | Yes | Specify time spent for ticket time entry. Format: {hh:mm} |
| Billable | Checkbox | False | No | If enabled, ticket time entry will be marked as billable. |
| Custom Fields | JSON | N/A | No | Specify a JSON object that contains custom fields to add to the ticket time entry. Acton appends new custom fields to any existing for a ticket. Example format: {"key1":"value1", "key2":"value2"} |
Run On
This action doesn't run on entities.
Action Results
Script Result
| Script Result Name | Value Options |
|---|---|
| is_success | is_success=False |
| is_success | is_success=True |
JSON Result
{
"time_entry": {
"id": 17000405061,
"created_at": "2021-07-10T18:22:18Z",
"updated_at": "2021-07-10T18:22:18Z",
"start_time": "2021-07-10T18:22:18Z",
"timer_running": false,
"billable": true,
"time_spent": "01:00",
"executed_at": "2021-07-10T18:22:18Z",
"task_id": null,
"note": "test_entry3",
"agent_id": 17002188556,
"custom_fields": {
"test": "very_test"
}
}
}
Case Wall
| Result type | Value/Description | Type |
|---|---|---|
| Output message* | The action should not fail nor stop a playbook execution:
The action should fail and stop a playbook execution: if fatal error, SDK error, like wrong credentials, no connection to server, other: "Error executing action "Add Ticket Time Entry". Reason: {0}''.format(error.Stacktrace) |
General |
Update Ticket Time Entry
Description
Update a time entry for a Freshservice ticket. Note that action is not working on Google Security Operations SOAR entities
Parameters
| Parameter Display Name | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| Ticket ID | Integer | N/A | Yes | Specify ticket ID to update a time entry for. |
| Time Entry ID | Integer | N/A | Yes | Specify time entry ID to update. |
| Agent Email | String | N/A | No | Specify agent email for whom to change a ticket time entry. |
| Note | String | N/A | No | Specify a note for the ticket time entry. |
| Time Spent | String | N/A | No | Specify time spent for ticket time entry. Format: {hh:mm} |
| Billable | Checkbox | False (unchecked) | No | If enabled, ticket time entry will be marked as billable. |
| Custom Fields | JSON | N/A | No | Specify a JSON object that contains custom fields to add to the ticket time entry. Acton appends new custom fields to any existing for a ticket. Example format: {"key1":"value1", "key2":"value2"} |
Run On
This action doesn't run on entities.
Action Results
Script Result
| Script Result Name | Value Options |
|---|---|
| is_success | is_success=False |
| is_success | is_success=True |
JSON Result
{
"time_entry": {
"id": 17000405061,
"created_at": "2021-07-10T18:22:18Z",
"updated_at": "2021-07-10T18:30:54Z",
"start_time": "2021-07-10T18:22:18Z",
"timer_running": false,
"billable": false,
"time_spent": "03:30",
"executed_at": "2021-07-10T18:22:18Z",
"task_id": null,
"note": "test_entry_updated",
"agent_id": 17002188556,
"custom_fields": {
"test": "very_test2"
}
}
}
Case Wall
| Result type | Value/Description | Type |
|---|---|---|
| Output message* | The action should not fail nor stop a playbook execution:
The action should fail and stop a playbook execution: if fatal error, SDK error, like wrong credentials, no connection to server, other: "Error executing action "Update Ticket Time Entry". Reason: {0}''.format(error.Stacktrace) |
General |
Delete Ticket Time Entry
Description
Delete a time entry for a Freshservice ticket. Note that action is not working on Google Security Operations SOAR entities.
Parameters
| Parameter Display Name | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| Ticket ID | Integer | N/A | Yes | Specify ticket ID to delete a time entry for. |
| Time Entry ID | Integer | N/A | Yes | Specify time entry ID to delete. |
Run On
This action doesn't run on entities.
Action Results
Script Result
| Script Result Name | Value Options |
|---|---|
| is_success | is_success=False |
| is_success | is_success=True |
Case Wall
| Result type | Value/Description | Type |
|---|---|---|
| Output message* | The action should not fail nor stop a playbook execution:
The action should fail and stop a playbook execution: if fatal error, SDK error, like wrong credentials, no connection to server, other: "Error executing action "Delete Ticket Time Entry". Reason: {0}''.format(error.Stacktrace) |
General |
Connector
Freshservice Tickets Connector
Description
Connector can be used to fetch Freshservice tickets to create Google Security Operations SOAR alerts from. Connector whitelist can be used to ingest only specific types of tickets - Incidents or Service Requests.
Configure Freshservice Tickets Connector in Google Security Operations SOAR
For detailed instructions on how to configure a connector in Google Security Operations SOAR, see Configuring the connector.
Connector parameters
Use the following parameters to configure the connector:
| Parameter Display Name | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| Product Field Name | String | Freshworks Freshservice | Yes | |
| Event Field Name | String | "type" | Yes | |
| Environment Field Name | String | "" | No | No |
| Environment Regex Pattern | String | .* | No | No |
| API Root | String | https://yourdomain.freshservice.com |
Yes | Freshservice instance API Root URL. |
| API Key | Password | N/A | Yes | Freshservice API Key to use in integration. |
| Verify SSL | Checkbox | Checked | No | If enabled, integration will try to verify that Root URL is configured with a valid certificate. |
| Offset time in hours | Integer | 24 | Yes | Fetch tickets from X hours backwards. |
| Max Tickets Per Cycle | Integer | 30 | Yes | How many tickets should be processed during one connector run. |
| Minimum Priority to Fetch | String | Medium | No | Minimum priority of the ticket to be ingested to Google Security Operations SOAR, for example, Low or Medium. Possible values: Low, Medium, High, Urgent |
| Tickets Status to Fetch | CSV | Open, Closed | No | Ticket statuses to be ingested to Google Security Operations SOAR. Parameter accepts multiple values as a comma separated string. Possible values: Open, Pending, Resolved, Closed |
| Use whitelist as a blacklist | Checkbox | Unchecked | Yes | If enabled, whitelist will be used as a blacklist. |
Connector Rules
Proxy Support
The connector supports proxy.
Jobs
Freshservice Sync Tickets Closure Job
Description
Close tickets in Freshservice if corresponding Google Security Operations SOAR alerts were closed.
Parameters
| Parameter Display Name | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| API Root | String | https://yourdomain.freshservice.com | Yes | Freshservice instance API Root URL. |
| API Key | Password | N/A | Yes | Freshservice API Key to use in integration. |
| Verify SSL | Checkbox | Checked | No | If enabled, integration will try to verify that Root URL is configured with a valid certificate. |
| Offset time in hours | Integer | 24 | Yes | Sync tickets closure from X hours backwards. |
| Default Ticket Description | String | Ticket is closed by the Siemplify Freshservice Sync Tickets Closure Job. | Yes | Specify the description that should be added to the ticket if ticket doesn't have the description, so the ticket can be closed in Freshservice, as the description field is mandatory for Freshservice. |
Freshservice Sync Tickets Conversations Job
Description
Sync conversations (considered both replies and notes) between Google Security Operations SOAR alert's case and corresponding Freshservice ticket. Sync mechanism works in both ways, Google Security Operations SOAR → Freshservice and Freshservice → Google Security Operations SOAR.
Parameters
| Parameter Display Name | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| API Root | String | https://yourdomain.freshservice.com | Yes | Freshservice instance API Root URL. |
| API Key | Password | N/A | Yes | Freshservice API Key to use in integration. |
| Verify SSL | Checkbox | Checked | No | If enabled, integration will try to verify that Root URL is configured with a valid certificate. |
| Offset time in hours | Integer | 24 | Yes | Sync tickets conversations from X hours backwards |
| Siemplify Comment Prefix | String | SIEMPLIFY: | Yes | Prefix that will be added by the sync job to comments created for Freshservice tickets. |
| Freshservice Comment Prefix | String | Freshservice Comment Sync Job: | Yes | Prefix that will be added by the sync job to the Google Security Operations SOAR alert's case comments. |
| Conversation Types To Sync | CSV | Replies, Notes | Yes | Specify Freshservice conversation types job should sync. Parameter accepts multiple values as a comma-separated string. |
| Fetch Private Notes? | Checkbox | Checkbox Unchecked (false) | No | If enabled, will fetch both public and private notes for related Freshservice tickets. |
| Sync Comment from Siemplify as X | String | Private Note | Yes | Specify which conversation type job should use to add a comment from Google Security Operations SOAR. Possible values: Private Note, Public Note, Reply. |