CW Ticket Filter — User Manual

Overview

This app reads ConnectWise Manage service tickets from the SOC board, applies deterministic rules (plus optional LLM classification), and highlights tickets that require patching action. It is read-only; it never updates tickets.

Data Sources & Scope

• Board: SOC (board id 149).
• Read-only: Uses GET-only API calls.
• Fields searched: Summary, description, notes, type/subtype/item, custom fields.

You can change rules and in-scope categories in rules.yaml.

How Matching Works

A ticket is included when it matches a profile and a category, does not hit exclusions, and passes metadata filters (status, etc).

Override: if a summary contains {'InternetFacing': 'True'}, it is flagged for 48‑hour patching regardless of profile/category.

Run Filter Panel

• Days (last updated): limits tickets to those updated within N days.
• Status Include / Exclude: choose from active SOC statuses only.
• Use LLM: optional; if enabled and valid, LLM signals are added.
• Fetch notes: slower, but more evidence for matching.
• Max tickets: optional cap for large boards.
• Show all tickets: shows non‑matches with scope tags for review.

Results Dashboard

The top metrics are clickable filters (In Scope, Out of Scope, EOL, etc). Click again to clear. This stacks with the search, profile, and category filters.

Ticket Cards

• Badges: show profile/category, scope, EOL/no‑patch, internet‑facing.
• Evidence chips: terms and fields used to match.
• Explanation report: a structured, human‑readable summary of why it matched.

LLM Mode (Optional)

LLM is optional and only used for classification signals. If JSON is invalid or fails schema validation, the system falls back to deterministic rules.

LLM output never changes ConnectWise data.

Troubleshooting

• No tickets: check status filters and Days window.
• Missing notes: enable “Fetch notes”.
• Bad credentials: verify .env values.

Read‑Only Guarantee

This app does not create, update, or close tickets. It only reads data.