×
 
 
  •  
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')

   

This documentation supports the 21.3 version of BMC Helix ITSM: Smart IT.

To view an earlier version, select the version from the Product version menu.

BMC Helix ITSM: Smart IT 21.3 ... Using Creating incidents, service requests, and work orders

Managing and tracking security incidents

You can easily manage and track security incidents by using the Ticket Console in Smart IT.


Related topics

Troubleshooting security incident issues

Configuring settings for managing security incidents

Overview

With a subscription to BMC Helix Multi-Cloud Broker 20.02, you can automatically create incidents in BMC Helix ITSM from offenses generated in IBM QRadar SIEM. You can then manage these security incidents by filtering and auto assigning them to the security team by using the Ticket Console in Smart IT. Additionally, you can also manually create security incidents through the Ticket Console and then manage and track these security incidents.

Scenario for automatic incident creation

Calbro Services uses Smart IT and BMC Helix ITSM for creating and managing tickets. They also use QRadar SIEM for monitoring security threats in the enterprise data across on-premises and cloud-based environments. The tenant administrator sets up BMC Helix Multi-Cloud Broker to integrate BMC Helix ITSM with QRadar SIEM and also sets the required trigger conditions for creating incidents in BMC Helix ITSM. Additionally, the Smart IT administrator configures settings for managing security incidents. 

QRadar SIEM generates offenses whenever it detects a threat in the environments, servers, or the networks it is monitoring, such as malware injection. Whenever such offenses are generated, BMC Helix Multi-Cloud Broker automatically creates incidents in BMC Helix ITSM. Calbro Services can then manage and track these incidents as security incidents in Smart IT. 

Before you begin

If you want to manage security incidents that are automatically created from BMC Helix Multi-Cloud Broker, make sure that your Smart IT administrator has installed BMC Helix Multi-Cloud Broker version 20.02 and integrated it with BMC Helix ITSM. For more information, see  Incident creation from IBM QRadar offenses Open link .

If you want to manage the security incidents that are manually created in the Ticket Console, make sure that your Smart IT administrator has performed the required configuration settings. For more information, see Configuring settings for managing security incidents.

To manually create security incidents

You can manually create security incidents in  Smart IT. For this, while creating an incident from the Ticket Console, on the Incident Create window, from the Incident Type drop-down menu, select the Security Incident option. For more information about creating security incidents, see Creating a ticket from the Create New menu.

To filter security incidents

You can filter the security incidents using the My Security Incidents predefined filter. Additionally, the Security Tickets option on the console displays the number of security tickets in the Ticket Console. If you click the Security Tickets option, the filter of Security Incident is applied. If you select either the My Security Incidents pre-defined filter or click the Security Tickets option on the console, the Security Incident option is automatically selected under Filter > Incident Type. For more information, see Tailoring Smart IT consoles for your work.

To display the Security Tickets option on the console, the Smart ITadministrator should configure the required settings. For more information, see Configuring settings for managing security incidents.

Automatic assignment of security incidents

If you have not selected an assignee while creating a security incident, if the Smart ITadministrator has performed the configuration settings, the ticket is automatically assigned to the security team. For more information about ticket assignments, see Assigning tickets.

Was this page helpful? Yes No Submitting... Thank you
Last modified by Manash Baruah on May 31, 2021
security_incidents assign filter

Comments

Log in or register to comment.

Submitting service requests
Managing and tracking major incidents
© Copyright 2014 - 2022 BMC Software, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2023 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.