Scribd Logo
Upload

Welcome to Scribd!

  • Ticket Management Soc 03 Combined

    Uploaded by

    fawas hamdi
    50 views2 pages
    The document outlines the general workflow of a ticket management module in a SIEM system. When an event or incident is detected, it will either be automatically remediated or a new ticket will be created. The ticket is then assigned to a Level 1 operator to resolve. If not resolved within a period, it can be escalated to Level 2 and then Level 3 operators. If still unresolved, it will be assigned to a third party to resolve before being closed.

    Original Description:

    Original Title

    ticket_management_soc_03_combined

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document outlines the general workflow of a ticket management module in a SIEM system. When an event or incident is detected, it will either be automatically remediated or a new ticket will be created. The ticket is then assigned to a Level 1 operator to resolve. If not resolved within a period, it can be escalated to Level 2 and then Level 3 operators. If still unresolved, it will be assigned to a third party to resolve before being closed.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    50 views2 pages

    Ticket Management Soc 03 Combined

    Uploaded by

    fawas hamdi
    The document outlines the general workflow of a ticket management module in a SIEM system. When an event or incident is detected, it will either be automatically remediated or a new ticket will be created. The ticket is then assigned to a Level 1 operator to resolve. If not resolved within a period, it can be escalated to Level 2 and then Level 3 operators. If still unresolved, it will be assigned to a third party to resolve before being closed.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    Ticket Management Module

    General Flow
    SIEM

    Event/Incident detected
    (with level classification)

    Auto Yes Resolved?


    Remediation?

    no no

    Create new ticket

    Assign available L1
    Notify Operator
    Operator

    escalate to L2
    operator?

    no

    Resolved
    yes
    within a period
    of time?

    yes

    Assign available L2
    Notify Operator
    Operator

    escalate to L3
    operator?

    no

    yes

    yes Resolved
    within a period
    of time?

    no

    Assign available L3
    Notify Operator yes
    Operator

    escalate 3rd
    party?

    no

    yes Resolved
    within a period yes
    of time?

    Resolved
    3rd Party
    Event/Ticket
    Ticket Management Module
    SIEM Ticketing Module L1 Operator L2 Operator L3 Operator 3rd Party

    Event/Incident
    detected
    (with level
    classification)
    Create new ticket

    no

    no
    auto remediation? yes
    Select Available L1
    yes operator
    escalated?

    no

    resolved?
    Assign to available L1 Resolving
    yes
    operator

    no
    Select Available L2
    operator
    resolved within
    a period of time
    yes
    yes

    escalated?
    Assign to available L2
    operator no

    Resolving

    Select Available L3 yes


    operator
    escalated?

    no
    no

    resolved within
    Assign to available L3 a period of time
    operator Resolving
    yes

    no
    Assign to 3rd party

    resolved within
    yesof time
    a period

    Resolved
    events/tickets

    You might also like