Relevant for: Information security users
This section describes how to manually match change requests to the actual changes made.
In most cases, once a change request has been resolved, the change is automatically matched to the relevant request, and no further action is required.
However, some workflows do not support auto-matching, and FireFlow may not be successful in finding a match for all changes.
We recommend checking weekly or monthly to verify that FireFlow matches the changes and change requests correctly.
For more details, see:
- Auto-matching flow
- View matching results
- Resolve unmatched changes
- View and edit match records
- View and edit change records
Note: To determine a change request's stage, view the change request. The stage is indicated by the Change Request Lifecycle Status Bar. For details, see View change requests.
FireFlow periodically checks for changes in device policy rules and tries to match them to FireFlow change requests.
If FireFlow detects that a device rule was added or modified, it checks the rule's comment to look for a change request ID, and then handles it as follows:
|Change request ID found||
If the comment contains a change request ID, FireFlow does the following:
|No change request ID found||
If the comment does not contain a change request ID, the change appears in the Auto Matching page's Action Required > Changes Without Request sub-list.
This list also includes changes where FireFlow detects that a device rule was deleted.
Rule comment requirements
Change request IDs in the rule's comment must match the Change Request ID format configured in the workflow options.
The default format is as follows:
Before: FireFlow #Change Request Id: \d+After: (nothing)
This format requires that the rule comment for change request #375 include the following text:
Note: If the system is configured to use a 3rd party change management system, the change request ID must match the 3rd party system requirements.