// THREAT DETECTION AND DATA PRIVACY TERM
Ticketing
Ticketing is the process of creating a formal record, called a ticket, for a security alert or incident. This allows security teams to track the issue, assign it to an analyst, and manage all the steps taken until it is resolved.

TECHNICAL DEFINITION
In cybersecurity incident response, ticketing is the formal process of creating and managing a digital record (a ticket or case) within a system like a SIEM, SOAR, or ITSM platform to document, track, assign, and orchestrate the entire lifecycle of a security incident from detection to resolution, providing a critical audit trail for compliance and post-mortem analysis.
BACKGROUND
Computer security is a subdiscipline within the field of information security. It focuses on protecting computer software, systems, and networks from threats that can lead to unauthorized information disclosure, theft, or damage to hardware, software, or data, as well as to the disruption or misdirection of the services they provide.
READ MORE ON WIKIPEDIASYNONYMS & ALIASES
- case management
- incident tracking
- issue tracking
- trouble ticketing
- alert management
- service desk management
USAGE NOTE
Security operations centers (SOCs) rely on ticketing systems to ensure accountability and provide clear, auditable records of every action taken during an incident response.
DEVELOPERS
Organizations developing technology related to Ticketing.
Develops a cloud-based platform for IT Service Management (ITSM) that includes a Security Operations (SecOps) module. This module uses the core ticketing system to manage and automate security incident response and vulnerability tracking.
Creator of Jira, a widely used project management and issue tracking tool. Security teams heavily utilize Jira Service Management to create and manage tickets for security incidents, vulnerability remediation, and compliance tasks.
Offers Cortex XSOAR, a Security Orchestration, Automation, and Response (SOAR) platform. A core feature is its case management system, which functions as a highly specialized ticketing system for security incidents, automating their creation, enrichment, and resolution.
Provides Splunk SOAR (formerly Phantom), which integrates with its SIEM platform. It uses a case management system to track, investigate, and automate responses to security threats, essentially creating and managing tickets for security analysts.
Develops the QRadar SOAR platform (which incorporates Resilient technology), a dedicated security incident response platform. Its entire workflow is built around a case management system for tracking the lifecycle of security incidents as tickets.
Offers the Insight platform, including InsightIDR (SIEM) and InsightConnect (SOAR). The platform includes case management features that function as a ticketing system for security investigations triggered by alerts.
A leading vulnerability management company. Its platforms, like Tenable.io, discover and track vulnerabilities as distinct items. This system functions as a ticketing workflow, assigning vulnerabilities to owners and monitoring their status until remediation.
Develops TheHive, a scalable, open-source and free Security Incident Response Platform (SIRP). It is designed specifically for security operations centers (SOCs) to create and collaborate on 'cases' or 'alerts', which are the platform's equivalent of security tickets.