implementing-ticketing-system-for-incidents

Featured

Implements an integrated incident ticketing system connecting SIEM alerts to ServiceNow, Jira, or TheHive for structured incident tracking, SLA management, escalation workflows, and compliance documentation. Use when SOC teams need formalized incident lifecycle management with automated ticket creation, assignment routing, and resolution tracking.

AI & Automation 15,448 stars 1852 forks Updated 1 weeks ago Apache-2.0

Install

View on GitHub

Quality Score: 97/100

Stars 20%
100
Recency 20%
90
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# Implementing Ticketing System for Incidents ## When to Use Use this skill when: - SOC teams need to formalize incident tracking beyond SIEM notable event management - Compliance requirements mandate documented incident lifecycle with timestamps and audit trails - Multi-team coordination requires ticket-based workflows with assignment and escalation - SLA tracking needs automated measurement of response and resolution times - Post-incident reviews require structured data for trend analysis and reporting **Do not use** for individual alert triage — ticketing is for confirmed incidents requiring multi-step investigation and remediation, not every SIEM alert. ## Prerequisites - Ticketing platform: ServiceNow ITSM, Jira Service Management, or TheHive - SIEM integration capability (REST API, webhook, or SOAR connector) - Incident classification taxonomy (categories, severity levels, escalation paths) - On-call rotation schedule for analyst assignment - SLA definitions aligned to incident severity ## Workflow ### Step 1: Define Incident Classification Taxonomy Establish standardized incident categories and severity: ```yaml incident_taxonomy: categories: - malware_infection - phishing_campaign - unauthorized_access - data_exfiltration - denial_of_service - ransomware - insider_threat - vulnerability_exploitation - account_compromise - policy_violation severity_levels: critical: definition: "Active data breach, ransomw...

Details

Author
mukul975
Repository
mukul975/Anthropic-Cybersecurity-Skills
Created
3 months ago
Last Updated
1 weeks ago
Language
Python
License
Apache-2.0

Integrates with

Jira · Productivity REST API · API

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Listed

ticket-triage

Triage and prioritize a support ticket or customer issue. Use when a new ticket comes in and needs categorization, assigning P1-P4 priority, deciding which team should handle it, or checking whether it's a duplicate or known issue before routing.

2 Updated today
nota-america
AI & Automation Featured

triaging-security-incident

Performs initial triage of security incidents to determine severity, scope, and required response actions using the NIST SP 800-61r3 and SANS PICERL frameworks. Classifies incidents by type, assigns priority based on business impact, and routes to appropriate response teams. Activates for requests involving incident triage, security alert classification, severity assessment, incident prioritization, or initial incident analysis.

15,448 Updated 1 weeks ago
mukul975
AI & Automation Featured

building-incident-response-dashboard

Builds real-time incident response dashboards in Splunk, Elastic, or Grafana to provide SOC analysts and leadership with situational awareness during active incidents, tracking affected systems, containment status, IOC spread, and response timeline. Use when IR teams need unified visibility during incident coordination and post-incident reporting.

15,448 Updated 1 weeks ago
mukul975