Data security is an essential component of any organization. Organizations utilize the services of security vendors to identify potential threats and data breaches. The security vendors monitor the data on the enterprise and cloud infrastructure and provide information whenever there is a risk to data. When a risk is identified, the next step is to address the issue. BMC Helix Multi-Cloud Service Management provides prebuilt integration between Remedy ITSM and IBM QRadar Security Information and Event Management (SIEM) to address such security challenges. QRadar SIEM generates offenses whenever it detects a security breach and Remedy ITSM enables you to service that risk with its ticket management platform.
Configuring BMC Helix Multi-Cloud Service Management with QRadar SIEM enables the following actions:
- Automatic creation of a incident in Remedy ITSM whenever offenses are generated in QRadar SIEM.
- Notifications for status updates, so that changes in the status of the incident are synchronized between Remedy ITSM and QRadar SIEM offense
- Updates to incident notes in the Remedy ITSM incident as well as in the QRadar SIEM offense.
Using BMC Helix Multi-Cloud Service Management without Smart IT
You can integrate BMC Helix Multi-Cloud Service Management with QRadar SIEM without using Smart IT. Instead of the Smart IT console, you can use Remedy Mid-Tier to view incidents. When working without Smart IT, you cannot view the vendor ticket details. However, you can view the work logs to verify that tickets are being brokered. When working without Smart IT, BMC Helix Multi-Cloud Service Management supports all available features except the sending of an activity note from Remedy ITSM to the vendor application ticket.
How incidents are consolidated into Remedy ITSM
The following diagram illustrates how BMC Helix Multi-Cloud Service Management uses connectors, flows, and processes when a vendor ticket is created:
How status and activity notes are updated in BMC Helix Multi-Cloud Service Management
- When a service desk agent adds a comment to the incident ticket in Smart IT and clicks Share with IBM QRadar, the comment is added to the vendor application ticket.
- For fields mapped when you specify the technology provider and field mapping during vendor data configuration:
- When a field is updated in Remedy ITSM, BMC Helix Multi-Cloud Service Management updates the corresponding vendor application ticket with a comment mentioning the field name with the new and existing values.
- Any updates to fields in the vendor application ticket are reflected in the corresponding Remedy ITSM incident fields.
- A Remedy incident is marked as resolved when the vendor ticket is closed, based on the option you select during the vendor data configuration.
- For QRadar SIEM:
- When a comment is added to an offense in QRadar SIEM, Smart IT displays the comment as an activity note for the corresponding incident.
- When a Remedy ITSM incident is Canceled, Closed, or Resolved, the corresponding vendor application ticket is Closed.
Status changes to a vendor application ticket except for Jira are reflected as an activity note on the Remedy ITSM incident. For Jira, you can map the fields between Remedy ITSM and Jira to keep them in sync. For details about syncing field values between Jira and Remedy ITSM, see Enabling prebuilt DevOps integration between JIRA Software and Remedy ITSM. For other vendors, status changes are communicated through addition of activity notes. Activity notes display the vendor ticket numbers and the author of the note. Following are formats of the activity notes added:
From a vendor to Remedy ITSM
Note added from <vendor> ticket <vendor ticket id as URL> by <vendor user first last names>
From Remedy ITSM to vendor
Remedy user <remedy user first last name>, added a work note:
<work note text>
Where to go from here
To configure incident brokering, see Configuring BMC Helix Multi-Cloud Service Management.