Ticket management

1. Purpose: 

Ticket management is a feature designed to manage and monitor requests exchanged between internal departments within an organization or between cybersecurity service providers and their clients, enabling effective coordination in handling cybersecurity incidents occurring within the system.

2. Main Functions: 

• • Operational Tickets: Provides a real-time and comprehensive overview of all tickets currently in progress, enabling users — particularly SOC Analysts, Responders, and Team Leads — to effectively monitor, track, and coordinate incident response activities.. 

    • Ticket ID / Incident Name: A unique identifier assigned to each ticket, facilitating easy lookup and reference.

    • Processing Status: Indicates the current stage in the ticket’s lifecycle.

      • Open: Newly created, not yet processed.
      • In Progress: Currently being processed
      • Closed: Successfully processed and resolved.
      • Awaiting Pending: A pending request has been made but is not yet approved.
      • Pending: Pending request has been approved; ticket is temporarily on hold.
      • Awaiting Reassignment: Unassignment request has been submitted and is pending approval.

    • Priority Level: Classifies the importance of the ticket.

    • SLA Progress / Remaining Time: Displays the remaining processing time for each step defined in the Service Level Agreement (SLA)

    • Created Time: Records the timestamp when the ticket was created in the system

    • ....
  • Create New Ticket: Allows users to initiate a new incident, alert, or security handling request within the SOAR system, thereby triggering the appropriate investigation and response workflow
  • Operate Ticket: Enables users to perform investigation, analysis, and response actions on a recorded security incident or alert within the system