The View Ticket page lets you see all the details of a ticket. On this page, you can see all the details of a ticket. The View Details page also gives you the tools to block or unblock IPs, suspend users, and most importantly, communicate to the XDR SOC team about the ticket you’re viewing.
Communicating to the SOC team using this page is more efficient than contacting the team by phone.
Navigating to the View Ticket page
You can navigate to the View Ticket page two ways:
By clicking Intelligence > View Ticket in the left navigation menu. If you navigate this way, you'll have to enter a Ticket Id in the top right corner.
By clicking a row in the All Tickets table on the Alarms & Alerts page. If you navigate this way, the ticket you clicked is displayed.
To view the View Ticket page
Do one of the following:
To search for a ticket, click Intelligence > View Ticket, then type a Ticket ID in the top right of the View Ticket page.
To view a specific ticket, click a row in the All Tickets table on the Alarms & Alerts page. Then click View Ticket Details
.
Type the number of the ticket you want to display in this field
Click Respond to SOC to communicate to the SOC team about this ticket. See Responding to Alerts from the XDR Dashboard .
Displays the ticket ID.
Displays the subject line of the ticket.
Displays the ticket type.
Displays the impact of the ticket.
Displays the status of the ticket.
Displays the account the ticket belongs to.
Displays the MITRE ATT&CK® Tactic attempted.
Displays the time the ticket was created.
Displays the originating IP.
Displays the targeted user, if applicable.
If you have a firewall configured, click to block or unblock the originating IP address. See Blocking and Unblocking IP Addresses.
Click to suspend a Microsoft 365 or Duo user. See Suspending Users.
Displays the description, if applicable.
Displays the notes, if applicable.
Displays the raw events.