* [Blog](https://www2.paloaltonetworks.com/blog)
* [Security Operations](https://www2.paloaltonetworks.com/blog/security-operations/)
* [Playbook of the Week](https://www2.paloaltonetworks.com/blog/security-operations/category/playbook-of-the-week/)
* Playbook of the Week: Aut...

# Playbook of the Week: Automating SecOps Ticketing

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Fplaybook-of-the-week-automating-secops-ticketing%2F)  
[](https://twitter.com/share?text=Playbook+of+the+Week%3A+Automating+SecOps+Ticketing&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Fplaybook-of-the-week-automating-secops-ticketing%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Fplaybook-of-the-week-automating-secops-ticketing%2F&title=Playbook+of+the+Week%3A+Automating+SecOps+Ticketing&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/security-operations/playbook-of-the-week-automating-secops-ticketing/&ts=markdown)  
\[\](mailto:?subject=Playbook of the Week: Automating SecOps Ticketing)  
Link copied  
By [Danil Vilenchik](https://www.paloaltonetworks.com/blog/author/danil-vilenchik/?ts=markdown "Posts by Danil Vilenchik")  
Jun 08, 2023  
5 minutes  
[Playbook of the Week](https://www.paloaltonetworks.com/blog/security-operations/category/playbook-of-the-week/?ts=markdown)  
[Automation](https://www.paloaltonetworks.com/blog/tag/automation/?ts=markdown)  
[case management](https://www.paloaltonetworks.com/blog/tag/case-management/?ts=markdown)  
[Cortex XSOAR](https://www.paloaltonetworks.com/blog/tag/cortex-xsoar/?ts=markdown)  
[Jira](https://www.paloaltonetworks.com/blog/tag/jira/?ts=markdown)  
[security orchestration](https://www.paloaltonetworks.com/blog/tag/security-orchestration/?ts=markdown)  
[ServiceNow](https://www.paloaltonetworks.com/blog/tag/servicenow/?ts=markdown)  
[SOAR](https://www.paloaltonetworks.com/blog/tag/soar-2/?ts=markdown)  
[ticketing](https://www.paloaltonetworks.com/blog/tag/ticketing/?ts=markdown)  
[Zendesk](https://www.paloaltonetworks.com/blog/tag/zendesk/?ts=markdown)

Open ticket. Update ticket. Close ticket. Repeat.

If you work in SecOps, a good part of your day is likely spent managing incident cases, including the attendant tasks, in multiple systems such as ServiceNow, Jira, Zendesk, and more. Wouldn't it be nice if you could "outsource" some of the grunt work while improving service delivery?

Well you can automate those various tasks including opening tickets, notifying key stakeholders, and closing them once incident remediation is complete with Cortex XSOAR. Our out-of-the-box integrations with key ticketing tools allow for seamless ticket mirroring, so all systems are kept up to date without your analysts having to pivot back and forth between screens. All ticketing actions can be performed within XSOAR by human or machine.

This week's Playbook of the Week will focus on some of these integrations and how you might leverage them to automate your SecOps ticketing.

### ServiceNow Integration: Streamline IT Service Management

ServiceNow is a leading IT service management (ITSM) platform used by organizations worldwide. The [ServiceNow integration](https://xsoar.pan.dev/docs/reference/integrations/service-now-v2) in Cortex XSOAR Marketplace empowers organizations to unify their security operations and IT service management processes, resulting in improved efficiency and collaboration.

Security teams can automate incident response, perform investigations, and orchestrate workflows directly from the XSOAR platform, as ServiceNow tickets can be fetched as incidents in XSOAR. The integration allows bi-directional syncing of these incidents, allowing security teams to create and update records in ServiceNow seamlessly.

Organizations can also automate routine IT processes, reduce manual efforts, and improve overall efficiency. Assign incidents to the relevant personnel, trigger additional processes across your SecOps tools stack, ensure a coordinated response and prompt resolution, minimize manual effort, and enhance incident response times, leading to improved service levels and customer satisfaction.

Additional automations can create tickets, add comments, update status, and modify other ticket data. We also provide out-of-the-box ServiceNow incident fields and layouts, ensuring full display of relevant information within XSOAR, and playbooks that can be triggered as part of a wider workflow.

### Jira Integration: Empowering Agile Incident Management

[Jira](https://xsoar.pan.dev/docs/reference/integrations/jira-v3) is a widely used project management and issue-tracking tool that offers robust collaboration, planning, and execution capabilities. This is one of the most commonly used ticketing platform integrations available in XSOAR Marketplace, and it has undergone a major enhancement in the past year. By combining the capabilities of Jira with Cortex XSOAR automation and orchestration features, organizations can leverage the power of Agile methodologies to respond swiftly and effectively to security incidents.

With the Jira integration, you can seamlessly create Jira issues from within XSOAR, ensuring that all incidents are captured and addressed promptly. With the incidents captured, you can assign tasks, track progress, and communicate from one single platform, all with automated, bi-directional synchronization of information such as incident details, status updates, and comments. The Jira integration package includes out-of-the-box classifiers, unique incident fields and automations to support all of the above.

Moreover, linking incidents in XSOAR to Jira issues provides real-time visibility into incident progress in real-time. This visibility enables efficient communication between security, IT and development teams, and better tracking of incident response performance.

### Zendesk: Elevating Customer Support and Ticket Management

Zendesk is a popular customer support and ticketing platform used by businesses worldwide. Using the [Zendesk integration](https://xsoar.pan.dev/docs/reference/integrations/zendesk-v2), you can automate repetitive tasks, such as ticket assignment and status updates. And by incorporating additional tools using playbooks, SecOps teams further improve the response times and as a result - deliver better customer experience..

With the integration, you can automate the creation of tickets from security incidents or IT requests. This automatic ticket creation saves time and ensures that customer issues are promptly addressed. The bi-directional syncing between the platforms ensures that updates made in Cortex XSOAR are reflected in Zendesk and vice-versa, enabling efficient collaboration between teams.

### Enhancing Efficiency and Collaboration with Ticketing Platform Integrations

Organizations seeking to streamline their workflows and enhance collaboration between teams and automate internal processes need top-of-the-shelf ticketing platform integrations such as ServiceNow, Jira, Zendesk, and others. These integrations not only save time and effort but also facilitate better coordination, improved visibility, and data-driven decision making.

Embracing ticketing platform integrations within XSOAR empowers organizations to optimize their operations, boost productivity, and ultimately deliver better outcomes for their security, IT and customer support functions.

Cortex XSOAR Marketplace offers integration packs with out-of-the-box ready functions and baseline to create outstanding operations and efficiency. Your incident response team becomes more efficient at managing tickets and improving their mean time to respond (MTTRR) SLAs for better customer support and service delivery.

### **Learn More**

Explore the Palo Alto Networks [Cortex Marketplace](https://cortex.marketplace.pan.dev/marketplace/) today to unlock the power of automation and orchestration for commonly used tools in your SOC.

To learn more about how you can automate security operations with Cortex XSOAR, check out our virtual self-guided [XSOAR Product Tour](https://www.paloaltonetworks.com/resources/infographics/xsoar-product-tour)

We also host virtual and in-person events, so check [here](https://www.paloaltonetworks.com/resources/cortex-events) for upcoming ones.

*** ** * ** ***

## Related Blogs

### [Playbook of the Week](https://www.paloaltonetworks.com/blog/security-operations/category/playbook-of-the-week/?ts=markdown)

[#### Playbook of the week: Streamlining SOC Communications](https://www2.paloaltonetworks.com/blog/security-operations/playbook-of-the-week-streamlining-soc-communications/)

### [Playbook of the Week](https://www.paloaltonetworks.com/blog/security-operations/category/playbook-of-the-week/?ts=markdown)

[#### Playbook of the Week: Suspicious SSO? Check It Out with XSOAR](https://www2.paloaltonetworks.com/blog/security-operations/playbook-of-the-week-suspicious-sso-check-it-out-with-xsoar/)

### [Playbook of the Week](https://www.paloaltonetworks.com/blog/security-operations/category/playbook-of-the-week/?ts=markdown)

[#### Playbook of the Week: Using ChatGPT in Cortex XSOAR](https://www2.paloaltonetworks.com/blog/security-operations/using-chatgpt-in-cortex-xsoar/)

### [Playbook of the Week](https://www.paloaltonetworks.com/blog/security-operations/category/playbook-of-the-week/?ts=markdown)

[#### Playbook of the Week: Automate Anything with the Default Playbook](https://www2.paloaltonetworks.com/blog/security-operations/playbook-of-the-week-automate-anything-with-the-default-playbook/)

### [Playbook of the Week](https://www.paloaltonetworks.com/blog/security-operations/category/playbook-of-the-week/?ts=markdown)

[#### Playbook of the week: Responding to RDP Brute Force Attacks](https://www2.paloaltonetworks.com/blog/security-operations/playbook-of-the-week-responding-to-rdp-brute-force-attacks/)

### [Playbook of the Week](https://www.paloaltonetworks.com/blog/security-operations/category/playbook-of-the-week/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown)

[#### Playbook of the Week: Automating Password Resets with Chatbot](https://www2.paloaltonetworks.com/blog/security-operations/playbook-of-the-week-automating-password-resets-with-chatbot/)

### Subscribe to Security Operations Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language