// THREAT DETECTION AND DATA PRIVACY TERM

Ticketing

Ticketing is the process of creating a formal record, called a ticket, for a security alert or incident. This allows security teams to track the issue, assign it to an analyst, and manage all the steps taken until it is resolved.

Ticketing — illustration from Wikipedia
Image via Wikipedia

TECHNICAL DEFINITION

In cybersecurity incident response, ticketing is the formal process of creating and managing a digital record (a ticket or case) within a system like a SIEM, SOAR, or ITSM platform to document, track, assign, and orchestrate the entire lifecycle of a security incident from detection to resolution, providing a critical audit trail for compliance and post-mortem analysis.

BACKGROUND

Computer security is a subdiscipline within the field of information security. It focuses on protecting computer software, systems, and networks from threats that can lead to unauthorized information disclosure, theft, or damage to hardware, software, or data, as well as to the disruption or misdirection of the services they provide.

READ MORE ON WIKIPEDIA

SYNONYMS & ALIASES

  • case management
  • incident tracking
  • issue tracking
  • trouble ticketing
  • alert management
  • service desk management

USAGE NOTE

Security operations centers (SOCs) rely on ticketing systems to ensure accountability and provide clear, auditable records of every action taken during an incident response.

DEVELOPERS

Organizations developing technology related to Ticketing.

  • ServiceNow

    Develops a cloud-based platform for IT Service Management (ITSM) that includes a Security Operations (SecOps) module. This module uses the core ticketing system to manage and automate security incident response and vulnerability tracking.

  • Atlassian

    Creator of Jira, a widely used project management and issue tracking tool. Security teams heavily utilize Jira Service Management to create and manage tickets for security incidents, vulnerability remediation, and compliance tasks.

  • Palo Alto Networks

    Offers Cortex XSOAR, a Security Orchestration, Automation, and Response (SOAR) platform. A core feature is its case management system, which functions as a highly specialized ticketing system for security incidents, automating their creation, enrichment, and resolution.

  • Splunk

    Provides Splunk SOAR (formerly Phantom), which integrates with its SIEM platform. It uses a case management system to track, investigate, and automate responses to security threats, essentially creating and managing tickets for security analysts.

  • IBM Security

    Develops the QRadar SOAR platform (which incorporates Resilient technology), a dedicated security incident response platform. Its entire workflow is built around a case management system for tracking the lifecycle of security incidents as tickets.

  • Rapid7

    Offers the Insight platform, including InsightIDR (SIEM) and InsightConnect (SOAR). The platform includes case management features that function as a ticketing system for security investigations triggered by alerts.

  • Tenable

    A leading vulnerability management company. Its platforms, like Tenable.io, discover and track vulnerabilities as distinct items. This system functions as a ticketing workflow, assigning vulnerabilities to owners and monitoring their status until remediation.

  • TheHive Project

    Develops TheHive, a scalable, open-source and free Security Incident Response Platform (SIRP). It is designed specifically for security operations centers (SOCs) to create and collaborate on 'cases' or 'alerts', which are the platform's equivalent of security tickets.

RELATED TERMS IN INCIDENT RESPONSE