There are a couple of options already available for this:
most ticketing systems (Jira, ZenDesk etc) have the ability to automatically read incoming emails and convert them to tickets. Setting up such an email address in the rule violations should do the trick.
Using the SIEM integration will allow a wide variety of 3rd party tools to be hooked up. For example, Splunk has ~3000 various integrations which should make it very easy to push data to any system you might want to use. For more details on this, please see this link.
Even just an API connection to MS Planner, Trello, Jira and other similar systems that let us get this data into a ticket center will be helpful. Currently using Power Automate to take the alert email and convert it into a ticket - its not the best solution but it works for now.
I was formatting a request that is very similar to what your request is asking for. I will post it here in case it is helpful.
Detail.
Requesting the ability to acknowledge\disposition\resolve the Behavior Alerts in the data base.
We would like the ability to disposition Behavior alerts to record that the alert has been reviewed and action taken if appropriate. Either from the “BI-Behavior Alerts” report, or Behavior-Alerts report.
Example:
A behavior alert “Employee 1 has copied sensitive company documents to a USB storage device”.
A simple disposition set of check boxes and a couple other fields:
Horizontally arranged checkboxes and fields:
Field 1. Title - EMPLOYEE:
Pre-fill in employee field with the currently logged in user.
Field 2. Title – Disposition-status (prefilled with “NOT REVIEWED”) and a drop-down list of the following choices: (Or the ability to create our own list of drop-down items from a “Shared lists”. This would be preferable.)
NOT REVIEWED
False positive
Reviewed No action needed
Escalation (If chosen, field three is required)
Reviewing
Confirmed attempt and blocked
Confirmed attempt and NOT blocked
???
Field 3. Ticket # (Freeform up to 10 alpha numeric Characters)
There are a couple of options already available for this:
most ticketing systems (Jira, ZenDesk etc) have the ability to automatically read incoming emails and convert them to tickets. Setting up such an email address in the rule violations should do the trick.
Using the SIEM integration will allow a wide variety of 3rd party tools to be hooked up. For example, Splunk has ~3000 various integrations which should make it very easy to push data to any system you might want to use. For more details on this, please see this link.
Even just an API connection to MS Planner, Trello, Jira and other similar systems that let us get this data into a ticket center will be helpful.
Currently using Power Automate to take the alert email and convert it into a ticket - its not the best solution but it works for now.
I was formatting a request that is very similar to what your request is asking for. I will post it here in case it is helpful.
Detail.
Requesting the ability to acknowledge\disposition\resolve the Behavior Alerts in the data base.
We would like the ability to disposition Behavior alerts to record that the alert has been reviewed and action taken if appropriate. Either from the “BI-Behavior Alerts” report, or Behavior-Alerts report.
Example:
A behavior alert “Employee 1 has copied sensitive company documents to a USB storage device”.
A simple disposition set of check boxes and a couple other fields:
Horizontally arranged checkboxes and fields:
Field 1. Title - EMPLOYEE:
Pre-fill in employee field with the currently logged in user.
Field 2. Title – Disposition-status (prefilled with “NOT REVIEWED”) and a drop-down list of the following choices: (Or the ability to create our own list of drop-down items from a “Shared lists”. This would be preferable.)
NOT REVIEWED
False positive
Reviewed No action needed
Escalation (If chosen, field three is required)
Reviewing
Confirmed attempt and blocked
Confirmed attempt and NOT blocked
???
Field 3. Ticket # (Freeform up to 10 alpha numeric Characters)
Field 4. ????
Horizontally arranged checkboxes and fields