Ongoing operational workflow

1. Each operator is assigned a particular set of tickets that are associated with their user ID and BMC Defender Server login, or associated with a particular operational group.
2. Operators receive ticket notifications by email or some other method, or they monitor their set of tickets for problems.
3. As tickets are opened on the system, operators resolve these tickets and close them, possibly with a required resolution.
4. System or project management can monitor the ticketing activity to assess the workload and effectiveness of the operational staff.

The precise workflow of operators is governed almost entirely by the number of tickets assigned to each operator and the difficulty in resolving these tickets. BMC Defender Server maintains the ticket information and an administrator or supervisory operator assesses it.

Resolution of the ticket might be as simple as adjusting a threshold or adding a system filter, or might be a highly complex activity requiring high-level security analysts.