Data security is an essential component of any organization. Organizations utilize the services of security vendors to identify potential threats and data breaches. The security vendors monitor the data on the enterprise and cloud infrastructure and provide information whenever there is a risk to data. When a risk is identified, the next step is to address the issue. BMC Helix Multi-Cloud Broker provides prebuilt integration between ITSM and IBM QRadar Security Information and Event Management (SIEM) to address such security challenges. QRadar SIEM generates offenses whenever it detects a security breach and ITSM enables you to service that risk with its ticket management platform.
Benefits of data security
Configuring BMC Helix Multi-Cloud Broker with QRadar SIEM enables the following actions:
- Automatic creation of a incident in ITSM whenever offenses are generated in QRadar SIEM.
- Notifications for status updates, so that changes in the status of the incident are synchronized between ITSM and QRadar SIEM offense
- Updates to incident notes in the ITSM incident as well as in the QRadar SIEM offense.
Using BMC Helix Multi-Cloud Broker with Remedy Mid-Tier
You can integrate BMC Helix Multi-Cloud Broker with QRadar SIEM without using Smart IT. Instead of the Smart IT console, you can use Remedy Mid-Tier to view incidents. When working without Smart IT, you cannot view the vendor ticket details. However, you can view the work logs to verify that tickets are being brokered. When working without Smart IT, BMC Helix Multi-Cloud Broker supports all available features except the sending of an activity note from ITSM to the vendor application ticket.
How incidents are consolidated into ITSM
The following image illustrates how BMC Helix Multi-Cloud Broker uses connectors, flows, and processes when a vendor ticket is created:
How status and activity notes are updated in BMC Helix Multi-Cloud Broker
The following table lists the events that update the status and activity notes:
|Addition of a comment
A service desk agent adds a comment to the incident ticket in Smart IT and clicks Share with IBM QRadar.
|The comment is added to the vendor application ticket.
|A comment is added to an offense in QRadar SIEM.
Smart IT displays the comment as an activity note for the corresponding incident.
|Updates to a field (For fields mapped when you specify the technology provider and field mapping during vendor data configuration)
|A field is updated in ITSM.
BMC Helix Multi-Cloud Broker updates the corresponding vendor application ticket with a comment listing the field name with the new and existing values.
|Fields in the vendor application ticket are updated.
|Updates are reflected in the corresponding ITSM incident fields.
|Updates to a ticket status
|A vendor ticket is closed.
|The corresponding ITSM incident is marked as resolved, based on the option you select during the vendor data configuration.
|An ITSM incident is Canceled, Closed, or Resolved.
|The corresponding vendor application ticket is Closed.
|Status changes to a vendor application ticket except for Jira.
Changes are reflected as an activity note on the ITSM incident. For Jira, you can map the fields between ITSM and Jira to keep them in sync.
For details about syncing field values between Jira and ITSM, see Enabling prebuilt DevOps integration between JIRA Software and BMC Helix ITSM. For other vendors, status changes are communicated through addition of activity notes.
Activity notes display the vendor ticket numbers and the author of the note.
The following table lists the different formats in which an activity note can be displayed:
|From where a ticket is created
|Format of the activity note
From a vendor to ITSM
|Note added from <vendor> ticket <vendor ticket id as URL> by <vendor user first last names>
|From ITSM to vendor
ITSM user <ITSM user first last name>, added a work note:
<work note text>
Where to go from here
To configure incident brokering, see Configuring BMC Helix Multi-Cloud Service Management.