Alert¶
Quick Summary
A notification and triage ticket for security and operational alerts generated by integrated tools and automated processes. Alerts are the entry point; they may be resolved after triage or escalated into an incident ticket when warranted.
The Alert ticket type is used for security and operational alerts generated by integrated tools and automated processes. Unlike issue tickets, which represent tracked findings requiring remediation, alert tickets serve as a notification and triage mechanism. They capture that something has occurred or been actioned and provide a record for review.
Examples¶
- Security alerts - endpoint detection and response tools flagging suspicious activity (e.g., Huntress detecting a suspicious process)
- Automated compliance actions - workflows triggering an alert when an action is taken on behalf of the organization (e.g., an automated solution deactivating a stale user account as required under CMMC or similar frameworks)
In the case of automated actions, the alert ticket documents that the automation fired and provides visibility to the team without requiring manual intervention to initiate the action.
Triage & Escalation¶
Alert tickets may follow one of two paths after triage:
| Outcome | When |
|---|---|
| Resolved | The alert is expected, benign, or requires no further action |
| Escalated to Incident | Further investigation reveals a genuine security event |
This relationship between alert and incident ticket types supports a clear triage workflow: alerts are the entry point, and incidents are the tracked response when warranted.