×
 
 
  •  
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')

   

This documentation supports the 22.1 and consecutive patch versions of BMC Helix Multi-Cloud Broker.

To view an earlier version, select the version from the Product version menu.

BMC Helix Multi-Cloud Broker 22.1 ... Administering Configuration reference IBM QRadar Security Information and Event Management (SIEM) integration reference

Reference of integration between BMC Helix ITSM and IBM QRadar SIEM by using BMC Helix iPaaS

You can integrate BMC Helix ITSM with IBM QRadar Security Information and Event Management (SIEM) to create BMC Helix ITSM incidents from IBM QRadar offenses. The integration helps your agents to track and remediate security threats to your organization.

BMC Helix Multi-Cloud Broker, along with BMC Helix iPaaS, powered by Jitterbit, provides the Create_BMC_Helix_ITSM_incident_from_IBM_QRadar_offense.json integration template that you can use to integrate BMC Helix ITSM with IBM QRadar. You configure the integration in BMC Helix Multi-Cloud Broker and deploy the template to your BMC Helix iPaaS environment.

List of project variables

The following sections describe the variables that you can update as per your requirements:

BMC Helix iPaaS variables

Project variableValue
BHIP_API_NAME

The default value of this variable is set to BMCHelixITSMIncidentAndQRadarOffense.

If required, you can change the name.

BHIP_API_User_RolesSpecify the organization roles that should have access to the new API. You can add multiple comma separated values.
Important: If you do not specify any value, all the organization roles get access to the new API.
BHIP_MCSM_API_Profile_Username

The integration template creates an API in BMC Helix iPaaS to handle requests from BMC Helix Multi-Cloud Broker.

Enter the user name that should be used while creating the BASIC type of BMC Helix Multi-Cloud Broker API profile.

BHIP_MCSM_API_Profile_Password

The integration template creates an API in BMC Helix iPaaS to handle requests from BMC Helix Multi-Cloud Broker.

Enter the password that should be used while creating the BASIC type of BMC Helix Multi-Cloud Broker API profile.

BHIP_Vendor_API_Profile_Type

You do not need to enter any value for these variables.

BHIP_Vendor_API_Profile_Username
BHIP_Vendor_API_Profile_Password
BHIP_Vendor_API_Profile_ApiKey_Name
BHIP_Host

Enter the BMC Helix iPaaS instance URL where you want to run this project.

BHIP_Username

Enter the user name for the BMC Helix iPaaS instance.

BHIP_Password

Enter the password for the BMC Helix iPaaS instance.

Enable_BMC_Helix_To_Vendor_Integration

By default, this variable is set to true and you must not change it.

Important: This variable enables the synchronization of comments between the incident and offense, and updates the offense status to Closed when the incident is closed.

Enable_Vendor_To_BMC_Helix_Integration

By default, this variable is set to true and you must not change it

Important: This variable enables the creation of BMC Helix ITSM incidents from IBM QRadar offenses, shares activity notes between an incident and offense, and closes the offense from the incident.

IBM QRadar project variables

Project variable

Value

QRadar_Host_Url

Enter the IBM QRadar instance URL in the following format: 

[http/https]://[host name]:[port]

QRadar_UsernameEnter the name of the administrator who has access to the IBM QRadar instance.
QRadar_PasswordEnter the password of the administrator user who has access to the IBM QRadar instance.

BMC Helix Multi-Cloud Broker project variables

Project variable

Value

MCSM_Host

Enter the BMC Helix Multi-Cloud Broker host URL to which IBM QRadar offenses should be synchronized.

MCSM_Username

Enter the user name that enables users to interact with BMC Helix Multi-Cloud Broker.

MCSM_PasswordEnter the password for the provided user name.
MCSM_Vendor_Name

The default value of this variable is QRadar. You must not change this value.

The following variables are inputs from BMC Helix ITSM. Either enter values for these variables or map appropriate IBM QRadar fields if the data is available:

Project variable

Value

ITSM_Company_Name

Enter the company name for which the integration template needs to be run.

For example, Calbro Services

ITSM_Customer_First_nameEnter the first name of the Helix ITSM customer.
ITSM_Customer_Last_NameEnter the last name of the Helix ITSM customer.
ITSM_Incident_Type

Enter any of the following incident types that you want to create:

  • User Service Restoration
  • User Service Request
  • Infrastructure Restoration
  • Infrastructure Event
  • Security Incident

Related topics

Getting started with BMC Helix Multi-Cloud Broker

Creating incidents from IBM QRadar SIEM offenses via BMC Helix iPaaS, powered by Jitterbit

Was this page helpful? Yes No Submitting... Thank you
Last modified by Anushree Chavan on Jul 29, 2022
integration reference project_variables_list itsm ibm_qradar incidents offenses

Comments

Log in or register to comment.

IBM QRadar Security Information and Event Management (SIEM) integration reference
Reference of integration between BMC Helix ITSM and IBM QRadar by using BMC Helix Integration Service
© Copyright 2017 - 2023 BMC Software, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2023 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.