OSSIM includes an Incident Manager which controls the assignment of actions to be taken of all the actions resulting from security events.
The Incident Manager allows to create tickets from most of the OSSIM reporting tools such as the Alarm Panel, the Forensic Console or the Risk Metrics Score dashboard. Each ticket shows a Person in charge, Status, Actions to be taken and tracks the workflow from the creation of the ticket to the actual status.
All tickets are stored in the Database and a search tool allows filtering them. An Explotation Report is automatically printed periodically processing this Data. It is also possible to draw incident trends and implement Metrics to measure the situation at the present moment and track the evolution over time.