Configuring the Autotask integration
NAVIGATION > Admin > Integrations
SECURITY Datto EDR subscription with administrator-level platform access
SECURITY Permission to create and manage users in Autotask
SECURITY Permission to create and manage security levels in Autotask
The Autotask integration enables you to automatically create tickets at your service desk when Datto EDR generates alerts for monitored endpoints. This article explains how to set up the feature.
If you prefer to receive alerts via webhooks, refer to Creating Datto EDR webhooks.
IMPORTANT Alerts forwarded to Autotask by this integration will be automatically acknowledged once the Autotask ticket status is Complete.
NOTE To assure tickets are created correctly in Autotask, you must have service levels configured in Autotask. Refer to Introduction to service level management and Mapping ticket statuses to SLA events in the Autotask Help system prior to setting up your Autotask integration in Datto EDR.
Procedure
To set up the integration, you'll need to create a dedicated security level and API user in Autotask, and ensure that a compatible ticket type exists to receive alerts from EDR.
Create the security level
-
Log in to Autotask. Then, navigate to > Admin > Account Settings & Users > Resources/Users (HR) > Security > Security Levels.
-
Locate the security level titled API User (system) (API-only).
-
From the context menu to the left of the security level, click Copy.
-
In the Security Level window that opens, enter a distinctive name, such as EDR Ticketing, in the Name field.
-
In the Feature/Section Access category, scroll down to and expand the Other section.
-
Locate and select the Can create Webhooks box.
-
In the Maximum number of Webhooks field, enter 1.
-
Click Save & Close.
Create the API user
-
In Autotask, navigate to > Admin > Account Settings & Users > Resources/Users (HR) > Resources/Users (HR) > Resources/Users.
-
Click the icon next to the New button and select New API User.
-
On the Add API User page, select EDR API User (system) from the Security Level drop-down.
-
In the Email Address field, enter your email address with +atapi appended (for example, jsmith+atapi@yourdomain.com). Doing so will enable you to reset the API user's password if necessary.
-
Ensure that the Active check box is selected and that the Locked check box is cleared.
-
Complete all other required fields in the General section of the page.
- Define a username and password for your API user in the Credentials section. You can manually define these values, or you can use the Generate Key and Generate Secret buttons to do so. Make a note of the credentials, as you will not be able to view the contents of the Password (Secret) field again once you've saved your user.
- In the API Tracking Identifier area, click the Integration Vendor radio button. Then, select Datto EDR from the Integration Vendor drop-down.
- Associate your API user with the Line of Business that corresponds with your service desk. You can add more than one line of business. We also recommend that you select the Resource can view items with no assigned Line of Business check box.
- Review the settings you've defined for your API user. Then, click Save & Close.
Once you've completed the above steps, you'll need to activate the integration in Datto EDR and map your locations and alerts to Autotask accounts and ticket types.
NOTE You must complete all steps in this section of the article for the integration to work.
Connect to Autotask
-
In your EDR instance, navigate to > Admin > Integrations. Then, click Autotask.
-
On the Connect to Autotask tab, complete the following fields.
-
Autotask Username: The Username (Key) value you set for the Autotask API user
-
Autotask Secret: The Password (Secret) value you created for the Autotask API user
-
-
Click Save & Connect. Once the initial handshake completes, you'll see a or icon next to the application's name on the Integrations page.
Map Accounts
When Autotask receives an alert from EDR, it will create a ticket under the account to which the alert corresponds. In this part of the setup process, you'll configure the integration with the EDR locations that represent each of the geographic sites or logical groupings within your managed companies.
-
Navigate to the Accounts tab. In the left page column, you'll see a list of your EDR locations. In the right column, you'll see drop-downs containing each of your managed Autotask accounts.
-
Map each location or logical grouping to a corresponding account.
-
When you finish mapping, click Save.
Ticket Settings
The final part of the integration setup process involves designating the queue and issue type that EDR will use when creating tickets in Autotask. You'll also define which alerts will create tickets and the severity levels EDR should use when doing so.
-
Navigate to the Ticket Settings tab.
-
In the Ticket Settings section of the page, select the default Service Desk queue assignment and issue type for alert tickets originating from EDR.
-
Next, in the Severity Mapping section, designate the Autotask ticket priorities that EDR should use for each of its alert levels.
-
Then, in the When to create a Ticket in Autotask section, select the alert severity levels and sources for which you'd like the integration to generate tickets. For detailed definitions about severity levels and source types, refer to Working with the Alerts page.
-
In the Advanced Field Mapping section, map your EDR alert fields to their corresponding user-defined fields in Autotask.
-
Once you've completed your customizations, click Save.
After you've set up the integration, it's important to test its functionality. Performing the following basic tests will help ensure that you're always receiving critical information in a real-world alert scenario.
Ensure that tickets are created for ransomware, rule, reputation, and antivirus alerts.
-
Ensure that tickets are created for ransomware, rule, reputation, and antivirus alerts.
-
Confirm that each ticket has a title and that the alert details are in the body.
-
Review the ticket fields to validate that the expected integration mappings are represented. These mappings include the default queue, issue type, severity, and source types.
-
Verify that all alerts create a ticket in the appropriate queue and are acknowledged in EDR after the ticket's status changes to Complete.