Hello everyone my question is, what a newly established Security Operations Center (SOC) team would use when opening a ticket in Jira based on a received alarm for below examples:
Login failure
Hardware dish issue
Suspicious login attempt
User account with admin rights locked out
User is logged in from outside the country
This would be in Jira service management tool would you pick this activity as an incident or as a problem
Welcome to Atlassian Community!
ITIL defines a problem as "a cause or potential cause of one or more incidents". Incidents are the affect of a problem.
So the examples you listed would all be incidents and then you would create a problem in order to investigate why these incidents happened.
Check out this resource for more information.
Thank you for the response, this sound about right for our team.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.