Question

From an MSP/MSSP Connectwise Helpdesk to our iIQ environment.

  • 20 January 2023
  • 1 reply
  • 27 views

Userlevel 1

I originally posted this on Reddit, and it was suggested that I bring this over here to see if we might be able to get some more feedback on the issue.  (Original Reddit Post)

Here is a copy/paste of what I put in that original post.  

 

I realize that I may be asking for something that's just not easily done.

 

We have an MSSP that uses ConnectWise, and we are finding that there are quite a few emails that we wind up getting sent from them. Most of the emails/tickets from them have to do with their analysis on emails reported via the "Cofense Phish Report" button, occasionally some emails related to intervention needed in regards to our EDR client that they manage as well.

Since the emails regarding the Phishing analysis can be handled by more than one of us, plus it would be nice to have some analytics - we were trying to get it so that basically when the email/ticket was sent out via their connectwise, it would go into iIQ.

Initially the two systems of course started emailing each other back and forth causing all sorts of issues. So we got around that (hopefully), by having them actually create a locally authenticated user for iIQ and configured all of the email settings to prevent alerting or anything like that.

After they made that change at least for the previously opened tickets we started getting all sorts of errors, which apparently we were not able to replicate when I contacted iIQ for support on the matter. The error message is in the quote block below

 

Your email with the subject Your open ticket #110099 Ticket System Integration could not be parsed by IncidentIQ. The reason it failed is: RelatedTicketDetail is invalid. Please verify the FROM email address matches the username or email you have registered in IncidentIQ, and that you are sending the email to the correct address.

 

So, I am basically wondering if it's not really worth it, as much as that would be nice, because we are trying to make the system do something it's not really wanting to do??? Or is it just perhaps a minor adjustment to the email to ticket rules to get things working the way we want.

 

 

Over at reddit the suggestion was to use tickets@[districtname].incidentiq.com as the target email address.   

I am attaching an obfuscated screenshot showing the rules that I have already built.   This way I can keep flexibility for building future email to ticket rules if we wanted to.  

 

I provided our MSSP with a custom email which is in the format of $VendorUniqueValue@$DistrictName.incidentiq.com

The second rule uses their companies email domain as a catch all rule.  

I mean we could try and turn it on again, and see what happens but I am just worried that we may still not get the intended results.   Especially fi they attempted to update the connectwise ticket on their end, because that would likely just create a *new* ticket in incidentIQ, not figure out the original communication.   Since I am also realizing that there is only a limited amount of customization to workflows that can be done on their end with Connectwise without making it a significantly undue burden, I don’t know if I can have them send “single and closed alerts to our platform for *only* cofense tickets, and keep everything else outside of iIQ

 

Screenshot of email rules which I have crafted to attempt to make this work

So before I throw in the towel totally, does anyone else have any ideas?  


1 reply

Userlevel 4
Badge +8

@RTSD26_AllynJ Thank you for submitting your question with such specific detail. I just got off a call with our heads of support so let’s hope we address everything above. 

First, you will need to make sure the emails are being forwarded to an Incident IQ email address which is set up with a rule to approve ticket creation from emails. Your first rule looks correct to us.

Unfortunately at this time, your district would be unable to update any ConnectWise tickets to have these updates propagate to IIQ, but if a email is sent from ConnectWise to an email address set up for email to ticket creation, then your district could have these emails create a ticket in Incident IQ.

Next, the second rule you listed, needs an action added “to email” to allow the rule to fire every time an email is sent to the email address specified.

Additionally, we do not integrate with ConnectWise. You are welcome to submit this into our Idea Exchange as an idea: https://community.incidentiq.com/ideas

Finally, We do not have the support ticket you listed above so we are unable to investigate this further. If you would like to connect with support, please submit another ticket. 

I hope this is helpful 😄

Reply