top | item 39820205

(no title)

neochris | 1 year ago

Save time and money. That's what we are here for.

Any thoughts on our analysis regarding case management and log storage? These are two technical decisions we made before writing a single line of code to bring down cost and increase value-for-money.

discuss

toomuchtodo|1 year ago

Staying within the tool to manage cases is good vs shelling out to Jira or another ticketing tool. Folks with purchasing authority typically want their analysts in the tool as much as possible (in my experience; you may find customers who want to open incidents elsewhere so keep that interface in mind).

Also a good choice in storing logs. Make a margin but don't be greedy, otherwise you turn into Splunk, where folks don't want to use the product effectively because they can't afford to. Make it easy to route logs to S3 cold storage or other "reliable enough" object storage systems based on criteria, but retaining the capability to retrieve them if needed for forensics or compliance/audit sampling. Log storage intervals are traditionally some variation of 30, 60, 90 days, a year, seven years, etc. Architect accordingly based on your customers' record retention schedule(s), control/compliance requirements, etc.

kjs3|1 year ago

you may find customers who want to open incidents elsewhere so keep that interface in mind

My large financial (and many in our peer group that I've talked to) see "open incidents elsewhere" (WorkDay in our case) as minimum table stakes. YMMV.

neochris|1 year ago

Glad to hear we are on the right track.

Tracecat is still in alpha, but would be great to have your thoughts / opinions / feedback in our Discord community. We are anon-friendly. There's still a lot more we can innovation on.