FIELD · OPS
FIELD OPS CONSOLE
Critical
Warnings
Open Tkts
SLA Breach
At Risk
Bkp Fails
Env Score
◌ MOCK
⚡ LIVE
Initializing feed…
3 CRITICAL · 2 SLA BREACHES — Ransomware activity detected at Harbor Medical · DC offline at Acme Financial Active P1 tickets require immediate attention
Operations Summary
Critical
Open Tickets
SLA Breach
Closed Today
Bkp Fails
At-Risk Clients
Active Threats
Env Score
Backup Health
Security & Threat Intel
Network / RMM
Client Health Overview
Profitability & EHR
L4
API Status
P1 SLA: OK Assign →
Intake
2
Triage
3
Investigate
4
Remediate
5
Verify
6
Close/Esc
01
Intake
02
Triage
03
Investigate
04
Remediate
05
Verify / Doc
06
Close / Esc
07
History
Ticket Details
Intake Checklist
Confirm caller identity and affected company
CW PSA
Verify issue reproducibility and impact scope
Assign correct priority (P1-P4) per SLA matrix
SLA
Tag correct board and type in ConnectWise PSA
CW PSA
Set initial response SLA timer
Send intake acknowledgment to client
Three-Pass Triage
Pass 1 — Confirm symptom, kill noise, quick win?
PASS 1
Check recent changes, maintenance windows, patch events
Cross-reference NinjaRMM event log for affected device
NINJA
Pass 2 — Reduce ambiguity, isolate single variable
PASS 2
Check SentinelOne for endpoint threats on affected device
S1
Check Huntress for persistent threats / footholds
HUNTRESS
Verify Mimecast for email-borne threat vectors
MIMECAST
Pass 3 — Deep dive only if P1/P2 and unresolved
PASS 3
Diagnostic Snapshot
> Awaiting triage commands…
> Click "Run Diag" in Quick Actions to begin
Advanced Triage — L3/L4
🔍IOC HuntHuntress
🧠Mem ForensicS1 + Huntress
📋Event TimelineNinja + CW
🔒Net IsolateRequires L3+
Vendor Diagnostics
Investigation Notes
> [ConnectWise Automate] Querying agent health…
> Agent online. Last check-in: 4 min ago
> [NinjaRMM] Pulling event logs…
> Event 7031: Service terminated unexpectedly (x3 in 24h)
> [SentinelOne] Checking threat status…
> No active threats detected on endpoint
> [Auvik] Network path analysis…
> Switch path clean, 0 interface errors
> Awaiting Huntress scan completion…
Remediation Actions — ⚠ Destructive actions require L2+
⚠ L2+ actions active — Isolate Endpoint and Block IP/Domain are irreversible without change approval
Execution Log
> No actions executed yet
> All actions are logged to audit trail
Change Management
Pre-Check: Document current state before change
Minimum Change: Apply smallest possible fix first
Trail Log: Record every command and config change
Rollback plan defined and accessible
Verification Checklist
Confirm issue is resolved from client's perspective
Verify resolution holds for minimum 15 minutes
Post-check: All vendor dashboards reflect healthy state
Confirm no downstream or related systems affected
Documentation
Root cause documented in ticket notes
Resolution steps fully documented
KB article created or updated
Time entries accurate and billable hours tagged
CW PSA
Client communication sent summarizing resolution
Status Post-Verification
> Run verification checks to populate status
⬆ Escalation
Escalate To
Reason
Close Ticket
All checklist items complete across all tabs
Client confirmed resolution verbally or via email
All time entries posted to ConnectWise
CW PSA
CSAT survey triggered
Activity Timeline
📝 Ticket Notes
Confirmed with client S1 clean Service restart Escalated Root cause KB reference