Dear IBM Community,

I am writing this email to seek assistance regarding a concern I have with IBM Resilient SOAR. As a user of the platform, I have noticed that there are times when tickets are not being opened on time, despite the severity of the issue. This is causing significant delays in resolving critical issues, which is impacting the efficiency of our operations.

I would like to escalate this issue to the unit head if the tickets are not opened on due time, based on the severity of the issue. I am not sure of the procedure or the documentation that I need to follow to do this, which is why I am reaching out to the community for help.

Could you please guide me on the procedure or provide me with any documentation that I need to follow to escalate this issue to the unit head? Any assistance or information on this matter would be greatly appreciated.

Thank you for your time and support.

Best regards,

Umer N.

------------------------------
Umer Nawaz
------------------------------

Is the issue that you want to compare the date the incident is created, against some other date that indicates perhaps when it occurred, or was discovered, etc, and if the gap between them is beyond some SLA value, you want to trigger the escalation email ?

If so you would need to define a custom field to represent the SLA value (or else work hardcoded in a script if you want)

Then have a playbook that is based on incident creation, and checks the creation time against this other field and the SLA, in order to then trigger the escalation email.

Some relevant links...

https://www.ibm.com/docs/en/sqsp/48?topic=layouts-fields

https://www.ibm.com/docs/en/sqsp/48?topic=guide-build-manage-playbooks

https://www.ibm.com/docs/en/sqsp/48?topic=administrator-notifications

https://exchange.xforce.ibmcloud.com/hub?br=Resilient&q=email

------------------------------
Martin Feeney
Product Manager, IBM Security SOAR
martin.feeney@ie.ibm.com
Ireland
------------------------------

Original Message:
Sent: Wed March 08, 2023 02:35 AM
From: Umer Nawaz
Subject: IBM Resilient SOAR Automatic Email Escalation.

Dear IBM Community,

I am writing this email to seek assistance regarding a concern I have with IBM Resilient SOAR. As a user of the platform, I have noticed that there are times when tickets are not being opened on time, despite the severity of the issue. This is causing significant delays in resolving critical issues, which is impacting the efficiency of our operations.

I would like to escalate this issue to the unit head if the tickets are not opened on due time, based on the severity of the issue. I am not sure of the procedure or the documentation that I need to follow to do this, which is why I am reaching out to the community for help.

Could you please guide me on the procedure or provide me with any documentation that I need to follow to escalate this issue to the unit head? Any assistance or information on this matter would be greatly appreciated.

Thank you for your time and support.

Best regards,

Umer N.

------------------------------
Umer Nawaz
------------------------------