Today, I looked at why I have a ticket from 2019 open in regards to brute force attacks that I'm told we can't close.
In my case, brute force attacks. While I agree the primary issue is the root cause has not been resolved the format the ticket takes is not actionable.
For each account that has 'brute force' triggered, a separate ticket should be created. This permits us to assign them separately, and split up the work.
Two Years ago it was opened because two users admin and user1 were in the ticket.
Since then, the user 1 has left the company, the number of bad login attempts on admin ranges from 1 to 69, and apparently never reaches zero keeping this ticket alive.
The most recent update yesterday included a new user who hasn't was unable to log in, this was added to a ticket from 2019. They were not employed in 2019.
If in my case the ticket was split out between the users it would have created seven tickets in the past two years vs one
Of those seven tickets, the one that would still be open from 2019 would be the admin account, and at least know I can resolve that.
The issue with the most recent user a email could have been sent asking them if they need help. In the current format the techs ignore the ticket from 2019.
There are a few other items that make sense to do per device/user but this is the first that comes to mind.