Skip to main content

GLPI Integration KB

Andrew Jonathan

The GLPI Integration in the CODA Footprint platform enables automatic creation and synchronization of GLPI tickets based on Action Plan entries.

Overview

CODA Footprint integrates with Qualys to import devices and vulnerabilities. Based on Associated Tags from the Qualys report, it generates Business Contexts and Technical Contexts, transforms vulnerabilities into Remediations, and then bundles them into Action Plan entries.

Each change in Business Contexts metadata, such as:

  • Perspective Settings

  • IT and Business Owners

  • Custom Risk Level

must be followed by a Contextual Risk Scoring and Remediation Report generation in order to have all the users and scores updated in Action Plan and GLPI. They are automatically triggered by Qualys import.

The reports generation could be manually triggered from Settings → Scheduler.

The GLPI integration’s main purpose is to translate Execution and Closed Action Plan entries into corresponding GLPI tickets.

Prerequisites

Before enabling the GLPI Integration, the following requirements must be met:

  1. User Synchronization

    All GLPI users must also exist in CODA Footprint.
    Identification is based on the email address, so each user in CODA Footprint must use the same email as in GLPI.
    You can add new users in Settings → User Management → Account Users, by clicking on Add new user button.

  2. Group Synchronization

    All GLPI groups must be imported into CODA Footprint.
    Identification is based on the group name, so the names must match between CODA Footprint and GLPI.
    New groups can be created in Settings → User Management → User Groups, by clicking on Add group button.

  3. API Permissions

    The API endpoints used by CODA Footprint to connect to GLPI require the necessary permissions to read and write tickets. You can see the specific permissions in the screenshots below.

GLPI Permissions Screenshots
Pasted Graphic.jpgPasted Graphic 1.jpgPasted Graphic 2.jpgPasted Graphic 3.jpg

Initializing the GLPI Integration

To setup the GLPI Integration:

  1. Go to Settings → Automations → GLPI Integration

  2. Fill in the required fields with your GLPI connection details

  3. Optionally, configure an automatic synchronization frequency

Automations-20251020-092242.png

Once configured, you can:

  • Manually sync data between CODA Footprint and GLPI

  • View sync history

  • Disable or delete the integration

Deleting the integration removes all internal links between Action Plan entries and GLPI tickets. The tickets in GLPI remain unaffected.

Creating Action Plan Entries

There are two ways to create Action Plan entries:

  1. Manual Bundling - Select multiple remediations from Remediation Report (same Business Context) and bundle them into a single Action Plan entry

  2. Per-Business Context Bundling - Automatically bundle all remediations from a specific Business Context into an Action Plan entry named Remediate <Business Context name>

For most use cases, the Per-Business Context bundling option is recommended for a more automated workflow.

Data Transferred to GLPI

Once Qualys imports, Contextual Risk Reports, and Remediation Reports are completed, you’ll see one Action Plan entry per Business Context that:

  • Has at least one open vulnerability.

  • Is included in the Action Plan bundling.

Pasted Graphic 5-20251020-094416.png

Business Owner User / Group and Remediation Owner User / Group are inherited from the Business Context settings. You can review or modify these by accessing the Contexts listing and selecting any Business Context.

Unassigned-20251020-102329.png

The following Action Plan data is transferred to GLPI:

  • Ticket Title: Name of the Action Plan entry.

  • Requester: The API user configured in the GLPI integration.

  • Observers/Watchers: Remediation Owner User and Group.

  • Ticket State:

    • When created, a ticket is set to:

      • New - if no Remediation Owner User/Group is assigned

      • Assigned - if a Remediation Owner/Group is assigned

    • When all vulnerabilities in an Action Plan entry are fixed, the entry is automatically moved to Closed, and the GLPI ticket state is updated accordingly.

  • [ESC] Tag: Automatically applied if at least one vulnerability in the ticket is escalated.

  • Ticket Description: Contains a vulnerability breakdown including discovery date, status, and criticality breakdown.

  • Document: An Excel file listing all vulnerabilities for the Business Context (fields: Description, Severity, Status, First Discovered, Hostname, etc.).

Escalated Tickets and Notifications

A GLPI ticket is marked as escalated when at least one of its vulnerabilities is escalated.
When Action Plan data is synced, all Business Owner Users and Group for escalated tickets receive an email notification.

Determining the Implied Deadline

The Implied Deadline for a vulnerability is calculated by adding a number of days to the discovery date of each vulnerability. The total number of days is determined by the risk level and complexity of the Business Context.

Calculation Steps

  1. Start with the Target Deadline defined by the Custom Risk Level

    1. Editable under Settings → Client Settings → Risk Levels Customization

      Risk Levels Customization-20251020-134700.png

  2. Adjust the complexity factors from Perspective Settings

    1. Configurable under each Business Context → Perspective Settings

    2. Each complexity level maps to a numeric value:

      • Low = 1

      • Medium = 2

      • High = 3

      Perspective Settings-20251020-135017.png

Formula

Implied Deadline = Target Deadline × (System Complexity + Change Complexity)

Example

If the target deadline is 15 days, and the Business Context has System Complexity = Medium (2) and Change Complexity = Medium (2), then: 15 × (2 + 2) = 60 days.

Related articles

Comments

0 comments

Please sign in to leave a comment.