# OpenText Core Endpoint Protection: Create Ticket from File Detection Crate {% hint style="info" %} If you’re new to Crates, read through our introductory Crate documentation [here](https://docs.rewst.help/prebuilt-automations/crates). Find the Crate in our Crate Marketplace. {% endhint %} ## What does the OpenText Core Endpoint Protection: Create Ticket from File Detection Crate do? This Crate contains a workflow that automatically creates a PSA ticket when OpenText detects a malicious file, then runs every 5 minutes until the threat is resolved. The ticket auto-closes if no threats remain after a scheduled scan. If unresolved after 12 hours, the ticket stays open, and the workflow ends. Ticket information includes: * Event type and name * Site details: ID, name, public IP, type * File details: Name, path, size, MD5, SHA256, malware group, determination ## Crate prerequisites The [OpenText Core Endpoint Protection](/documentation/integrations/integration-guides/webroot-integration-setup.md) integration must be successfully set up in Rewst before unpacking this Crate. ## Unpack the OpenText Core Endpoint Protection: Create Ticket from File Detection Crate 1. Navigate to **Marketplace > Crates** in the left side menu of the Rewst platform. 2. Search for `OpenText Core Endpoint Protection: Create Ticket from File Detection`. 3. Click on the Crate tile to begin unpacking.\ \ ![](/files/J8sciLVo6cH94o8LVXK8) 4. Click **Unpack Crate**. 5. Click **Continue**. 6. Enable both triggers by toggling the File Detection and Form Setup trigger **Enabled** toggles on. 7. Click **Unpack**. 8. You'll now need to run the Crate form once at your top parent level organization to establish organization variables for your PSA and finish Crate set up. Navigate to **Automations > Forms**. 9. Search for `[OpenText] Set File Detection Org Vars` .
10. Click **⋮** **> Usages > View Direct URLs.** 11. Copy the URL and open it in a new browser window or tab.\ \ ![](/files/R33ICMKZo0YVt7HlatNw) 12. Choose a **Board ID** from the drop-down selector. 13. Set relevant status choices in the **Ticket Creation Status**, **Ticket Update Status**, and **Ticket Close Status** selectors**.** 14. Optionally, set a **Ticket Type** if required. To exclude specific sites from this workflow, specify them in the **Exclude Sites** drop-down selector. 15. Click **Submit**. 16. Navigate to **Configuration > Organization Variables** to see the list of organization variables generated from your form submission.

An example of set organization variables

{% hint style="info" %} Got an idea for a new Crate? Rewst is constantly adding new Crates to our Crate Marketplace. Submit your idea or upvote existing ideas here in our [Canny feedback collector](https://rewst.canny.io/crates). {% endhint %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.rewst.help/documentation/crates/existing-crate-documentation/opentext-core-endpoint-protection-create-ticket-from-file-detection-crate.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.