How to Guides

Application Specific Guides

ApplicationUse CaseGuide Link
Jira CloudCreate tickets for findingsClick Here
GitHubCreate tickets for findingsClick Here
GitLabCreate tickets for findingsClick Here
Azure DevOpsCreate tickets for findingsClick Here
Microsoft TeamsSend notifications for findingsClick Here
Microsoft OutlookSend notifications for findingsClick Here
Google SheetsImport assetsClick Here

Trigger filters

Trigger filters can be used to limit the scope of a recipe trigger. For example, if you are using the Pentest finding state updated trigger and you only want your recipe to be triggered when the finding whose state was updated is associated to a certain asset or pentest, you can use trigger filters for this.

To see the filters available for a trigger, click on your trigger and then click the optional fields available button.

Show trigger filters

You may then select the filters to add.

Add filters

You can then set the value of the trigger. Some trigger filters accept only a textual input. Some trigger filters accept textual input and have a dropdown box that may be used to select a value.

Set filter value

External Ticket References

An external ticket reference is an association between a ticket in your ticketing system and a Cobalt finding. External ticket references serve two purposes:

  • They power our ability to display tickets for findings in the Cobalt UI
  • They prevent duplicate tickets from being created by integrations

The Cobalt connector provides an action for creating external ticket references and for searching external ticket references. A reference may be searched by:

  • Finding ID
  • Ticketing system
  • Ticket ID (from ticketing system)

For the above-mentioned purposes to be achieved, it is important that your ticket-creation recipes:

  • Search ticket references for a finding before creating a new ticket
  • Do not create a new ticket if a ticket reference for a finding already exists
  • Create ticket references after creating a new ticket

Here’s an example of what these steps look like in a recipe:

Search ticket referenceCreate ticket reference

See our public API documentation for more information about the properties of an external ticket reference.

Manually Disconnect a Pentest Finding from a Ticket

You can manually disconnect a pentest finding from a ticket by following these steps:

  1. Navigate to the pentest finding in the Cobalt UI
  2. In the “External Tickets” section of the sidebar on the right side of the screen, hover over the ticket you want to disconnect so that the disconnect button appears. The disconnect button looks like 2 chain links with a slash through them.
  3. Click the disconnect button
  4. Confirm that you want to disconnect the ticket
Disconnect Ticket Button

Here’s a video showing the full process:

Disconnecting a finding from a ticket will NOT delete the ticket in your ticketing system.

Customizing fields

When you are building recipes for creating tickets in a ticketing system, you may want to customize the fields that you are setting on the tickets. To set extra optional fields for tickets, you can use the optional fields available button within the create ticket action to set extra fields.

Optional fields button

Mapping fields

The integration builder has powerful field mapping functionality. When you select an action within a recipe, you can see the action’s input fields. You can populate these input fields with the output from any other action or trigger within your recipe. When you select an action input, the “Recipe data” drawer will open. Within this drawer, the outputs from the actions and triggers within your recipe will appear as “data pills”. You can simply drag-and-drop the data pills from the drawer into action input fields as desired.

Data pill mapping

Authentication best practices

Integration Builder establishes connections to other apps using the app’s authorization/authentication API. The available methods can vary, but usually use one of the following:

  • OAuth 2.0
  • OAuth 1.0 (and variations)
  • Basic authentication (username and password)
  • API key or secret

As part of this step, you provide Cobalt with the permission to access data from the app. The permissions granted to Cobalt usually correspond with those of the user authorizing the app. As such, when creating connections, we recommend:

  • Creating a dedicated app user for Cobalt ensures that recipes aren’t dependent on the account of a human user. If someone leaves the company, recipes will continue to run. Additionally, it will allow you to tailor the permissions that your Cobalt recipe has to your app, thereby reducing security risk.
  • When developing and testing recipes, we recommend using sandbox (or non-production) credentials for your connections to ensure that live data isn’t affected when switching environments.
  • Please note: When setting up a connection, all users in your Cobalt Org will be able to use that connection and access any data. Be sure to use service accounts and limit permissions.
Last modified December 18, 2024