Managing and tracking security incidents

You can easily manage and track security incidents by using the Incident Management Console in Remedy IT Service Management.

Overview

With a subscription to Helix Multi-Cloud Service Management 20.02, you can automatically create incidents in Remedy IT Service Management from offenses generated in IBM QRadar SIEM. You can then manage these security incidents by filtering and auto assigning them to the security team by using the Incident Management Console in Remedy IT Service Management. Additionally, you can manually create security incidents through the Incident Management Console and then manage and track these security incidents.

Scenario for automatic incident creation

Calbro Services uses Remedy with Smart IT and Remedy IT Service Management for creating and managing tickets. They also use QRadar SIEM for monitoring security threats in the enterprise data across on-premises and cloud-based environments. The tenant administrator sets up BMC Helix Multi-Cloud Service Management to integrate Remedy IT Service Management with QRadar SIEM and also sets the required trigger conditions for creating incidents in Remedy IT Service Management. Additionally, the Smart IT administrator configures settings for managing security incidents. 

QRadar SIEM generates offenses whenever it detects a threat in the environments, servers, or the networks it is monitoring, such as malware injection. Whenever such offenses are generated, BMC Helix Multi-Cloud Service Management automatically creates incidents in Remedy IT Service Management. Calbro Services can then manage and track these incidents as security incidents in Remedy IT Service Management. 

Before you begin

If you want to manage security incidents that are automatically created from BMC Helix Multi-Cloud Management, make sure that your system administrator has installed BMC Helix Multi-Cloud Management version 20.02 and integrated it with Remedy IT Service Management. For more information, see  Incident creation from IBM QRadar offenses .

If you want to manage the security incidents that are manually created in the Incident Management Console, make sure that your system administrator has performed the required configuration settings. For more information, see Configuring settings for managing security incidents.

To manually create security incidents

You can manually create security incidents in Remedy IT Service Management. For this, from the Incident Management Console, click Create and select the Security Incident option from the Incident Type drop-down menu. For more information about creating security incidents, see Creating an Incident request record by using a template and Creating an incident request record without a template.

To filter security incidents

You can filter the security incidents by using the Security Incident option in the Incident Type menu. This option is available on the Incident Basics and Assignment tab when you click More Filters on the Incident Management Console to display a More Filter Criteria pop-up window. For more information, see Functional areas of the Incident Management console.

Automatic assignment of security incidents

If you have not selected an assignee while creating a security incident, if the Remedy IT Service Management administrator has performed the configuration settings, the ticket is automatically assigned to the security team.