Incident creation from IBM QRadar offenses

BMC Helix Multi-Cloud Broker provides prebuilt integration with IBM QRadar Security Information and Event Management (SIEM) to create incidents in BMC Helix ITSM whenever QRadar SIEM offenses are generated.

Scenario

Calbro Services uses QRadar SIEM for monitoring security threats in the enterprise data across on-premises and cloud-based environments. QRadar SIEM generates offenses whenever it detects a threat in the environments, servers, or the networks it is monitoring, such as malware injection. BMC Helix Multi-Cloud Broker creates incidents in BMC Helix ITSM when such offenses are generated so that Calbro Services can remediate the issue even before a service request is raised for the problem.

Calbro Services has the following requirements:

• QRadar SIEM generates offenses whenever it detects a security threat to the organization data.

• A ticket needs to be created in BMC Helix ITSM.

Workflow

Calbro Services implements their requirements by using BMC Helix Multi-Cloud Broker:

The tenant administrator sets up BMC Helix Multi-Cloud Broker to integrate BMC Helix ITSM with QRadar SIEM. The administrator also sets up the required trigger conditions for creating incidents in BMC Helix ITSM.

Results

1. QRadar SIEM generates offenses whenever it detects a security threat.
2. BMC Helix Multi-Cloud Broker validates the trigger conditions and creates a ticket in BMC Helix ITSM.
3. BMC Helix ITSM displays the incident details in the BMC Helix ITSM: Smart IT console.

Benefits

• Effective ticket management from a single console.
• Easily track issues through automatic ticket creation and updates .
• Remediate issues before a service request is created for the problem.