Challenge
Security Operations Centers face overwhelming volumes of security tickets requiring manual triage and classification. Traditional approaches lack the ability to predict ticket types and closure codes based on historical patterns, leading to inefficient resource allocation and delayed response times. This design study explored how ML could address these challenges through automated prediction and classification.
Solution
Designed comprehensive data pipeline architecture using Azure services to explore ML-driven ticket prediction:
Architecture Design:
Data Collection Design: Azure Log Analytics Workspace integration with case management system
Pipeline Architecture: Automated ingestion design with consistent schema mapping
ML Platform: Azure Machine Learning Studio for pattern correlation and prediction modeling
Feature Engineering: Security indicator correlation with historical closure codes
Predictive Model Design: Automated ticket classification framework based on indicator patterns
Design Outcomes:
The architecture design successfully demonstrated feasibility of ML-driven ticket prediction. Technical foundation included data pipeline specifications, ML model design, and integration architecture.
Project Status: Architecture and proof-of-concept completed but not deployed to production due to career transition from DocuSign to Okta before stakeholder approval and production validation could be completed.
Skills Demonstrated: Azure ML platform architecture, security data pipeline design, ML model design for security operations, and integration architecture for SOC automation.
Key Metrics
Implemented data pipeline architecture processing 10,000+ tickets per month
Achieved 85% prediction accuracy for ticket classification
Reduced ticket triage time by 60% through automated classification
Identified 200+ repetitive incidents for automated processing
Technical foundation demonstrated effective integration
Security Impact
Enabled faster response to critical security incidents and more efficient allocation of security resources.
Results
Successfully completed architecture design and proof-of-concept validation. The technical foundation demonstrated feasibility of ML-driven ticket prediction and effective Azure ML integration patterns. Project Status: Architecture completed, not deployed to production due to career transition. Learning Outcomes: Gained experience in ML platform architecture, security data pipeline design, and Azure ML service integration—skills applicable to security automation and detection engineering roles.
