Alerts from email protection systems and MSSPs must be entered into an IT service management system and assigned to the security team. Which of the following should an organization implement to enable this functionality?
The requirement is to take alerts from email protection systems and MSSPs and ensure they are entered into an IT service management system and assigned to the security team. That function is best achieved through automated ticket creation, which generates incidents or service tickets based on incoming alerts and routes them to the appropriate group.
This improves consistency, response time, and tracking of security events.
Why the other options are incorrect:
A. Automated compliance monitoringThis focuses on compliance status, not routing alerts into an ITSM workflow.
C. Automated vulnerability scansVulnerability scanning identifies weaknesses, but it does not create or assign incident tickets from security alerts.
D. Automated indicator sharingIndicator sharing helps distribute threat intelligence, but it does not directly create and assign IT service tickets.
From a Security+ viewpoint, integrating alert sources with response workflows commonly involves ticketing automation, so B is correct.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit