Ticket Creation Rules

This product is not supported for your selected Datadog site. ().
Available for:

Cloud Security | Code Security | App and API Protection

Configure ticket creation rules to automatically create tickets in Jira or Case Management when new findings are discovered. This approach tracks security issues in your existing engineering workflows without manual triage, helping teams respond quickly to new threats at scale. For more information about ticketing integrations with security findings, see Ticketing Integrations.

Create a ticket creation rule

  1. In Datadog, go to Security > Settings > Findings Automation. Click Add a New Rule, then select Create Ticket. The Create a New Rule page opens.
  2. Under Rule name, enter a descriptive name for the rule; for example, “Critical vulnerabilities for engineering team”.
  3. Add your rule criteria into the following fields:
    • Any of these types: The types of findings that the rule should check for. Available types include:
      • Runtime Code Vulnerability
      • Static Code Vulnerability
      • Library Vulnerability
      • Secret
      • Infrastructure as Code
      • Container Image Vulnerability
      • Host Vulnerability
      • Misconfiguration
      • Attack Path
      • Identity Risk
      • API Security
    • Any of these tags or attributes: The resource tags or attributes that must match for the rule to apply.
  4. To add severity criteria to the rule, click Add Severity.
  5. Select the ticketing system and configure the ticket destination:
    • Jira
      • Jira Account: Select the Atlassian instance to use.
      • Space: Select the Jira project. Verify that this space is added to the Jira Webhook.
      • Ticket Type: Select the type of Jira issue to create, for example, Task.
      • Assignee (optional): Specify a user to assign automatically created tickets to.
      • To add more fields to the Jira ticket Datadog creates, use Add Optional Field.
      • Expand Data Sync Settings to review or update the linked Case Management project and bidirectional sync configuration.
    • Case Management
      • Case Management Project: Select an existing Case Management project, or create one.
      • Assignee (optional): Specify a user to assign automatically created cases to.
  6. Under Rate limit, enter the maximum number of tickets this rule can create per UTC day.
  7. To test the rule before saving, click Test Rule, select a matching finding, and click Run Test. After the test completes, you can view the created ticket or detach the test ticket from the finding.
  8. Click Save. The rule applies to new findings only. It can take up to a few minutes after a finding is detected to create the corresponding ticket.

Note: Ticket creation rules only create tickets for new findings. Datadog does not create retroactive tickets for existing findings when you create a rule.

Identify automatically created tickets

Case Management ticket popup showing a case created by an Automation Rule, indicated with a lightning bolt icon, and a link to view all findings with tickets that were created from the same rule

Tickets created by a rule are marked with a lightning bolt indicator in the findings side panel and explorer views. Hovering over the indicator shows the automation rule responsible for the ticket and provides a link to the rule.

Rule matching order

When Datadog identifies a finding, it evaluates the finding against your sequence of ticket creation rules. Starting with the first rule, if there’s a match, Datadog creates a ticket using that rule’s configuration and stops evaluating further. If no match occurs, Datadog moves to the next rule. This process continues until a match is found or all rules are checked without a match.

Daily ticket limit

Each rule has a configurable daily ticket limit that resets at midnight UTC. When the limit is reached, Datadog creates one final ticket in the same project explaining that the rule hit its daily limit, then stops creating tickets for the remainder of that day. Findings that exceed the limit are not retroactively ticketed when the limit resets, but you can create tickets for them manually.

Broken rules

If a project configuration error prevents ticket creation—for example, if the connected Jira project is no longer valid—Datadog automatically disables the rule and marks it as broken.

Automation Pipelines list showing a ticket creation rule with a warning tooltip that says 'Rule auto-disabled due to a ticketing integration error'

To resume automatic ticket creation, fix the project configuration and re-enable the rule.

Disabled or deleted rules

When you disable or delete a ticket creation rule, tickets that were previously created by the rule remain attached to their findings. They are not detached or deleted.

Further reading

Additional helpful documentation, links, and articles:

Automation PipelinesDOCUMENTATION more more Ticketing IntegrationsDOCUMENTATION more more Case ManagementDOCUMENTATION more more