Firstly, we did research for integrating SIEM with the Ticketing System. There is no documentation from Vendors. So, we made a case study on how to integrate them. We created an offense rule in order to generate events when a new offense is created and an event rule when the above events are generated to fire the python script, before mapping the offense ID from these events. Finally, we use the REST API of Vendors and pay attention to many tricky points of script and process development.

The integration tested individually from GUI, console and trigger of the Rule.

The customer was satisfied with the solution we provided and the correct functionality of the script, which indeed introduced a faster response in the Incident Response Process, enabling the analysts to focus on the actual work.