VN-07 · Internal Ticketing & Alert Triage
Status: Delivered Roles needed: Operator (triage/mutate), auditor (read-only)
What the client asked for
"Jira is not the platform ticketing system. OneProtect needs its own canonical ticket/work-item module in Phase 1. External Jira/ServiceNow/ Freshdesk/Zendesk/HaloPSA integrations are Phase 2."
And operator alert handling: acknowledge, assign, resolve, and turn an alert into a ticket.
What this proves
OneProtect has its own canonical, tenant-scoped ticketing module. An operator can triage an alert (acknowledge, assign to self, resolve) and create a ticket from it; auditors can read but not mutate.
How it works (at a glance)
Where to look in the portal
AlertsTicketsAudit
Validation walkthrough
| # | Action | What you should see |
|---|---|---|
| 1 | Log in as operator, open Alerts, pick an alert | Alert detail with triage actions |
| 2 | Acknowledge the alert | Status updates to acknowledged |
| 3 | Assign to me | The alert shows you as assignee (operators may assign only to themselves) |
| 4 | Resolve the alert | Status updates to resolved |
| 5 | From the alert, create a ticket | A ticket is created and linked to the alert |
| 6 | Open Tickets, open the new ticket | You can change status/priority/assignee, add a comment, and see linked records |
| 7 | Re-trigger the same alert-to-ticket action with the same source | No duplicate ticket is created (idempotent) |
| 8 | Open Audit | Acknowledge / assign / resolve / ticket-create entries are recorded |
| 9 | Log in as auditor | Tickets and alerts are read-only; no mutation controls |
Pass / fail checklist
- Operator can acknowledge, assign-to-self, and resolve an alert
- Operator can create a ticket from an alert (and it links back)
- Ticket supports status, priority, assignee, comments, and links
- Alert-to-ticket creation is idempotent (no duplicates)
- All mutations appear in
Audit - Auditor sees tickets/alerts read-only
- Tickets and alerts are scoped to the owning tenant
Intentionally not in Phase 1
- External ticketing connectors (Jira, ServiceNow, Freshdesk, Zendesk, HaloPSA). Phase 1 delivers the canonical internal module plus basic outbound webhook delivery (see VN-11).
Evidence to capture
- Screenshot of the alert after acknowledge/assign/resolve.
- Screenshot of the ticket created from the alert with its links.
- Screenshot of the triage/ticket audit entries.