Managing and tracking security incidents
You can easily manage and track security incidents by using the Ticket Console in Smart IT.
With a subscription to BMC Helix Multi-Cloud Broker 20.02, you can automatically create incidents in BMC Helix ITSM from offenses generated in IBM QRadar SIEM. You can then manage these security incidents by filtering and auto assigning them to the security team by using the Ticket Console in Smart IT. Additionally, you can also manually create security incidents through the Ticket Console and then manage and track these security incidents.
Scenario for automatic incident creation
Calbro Services uses Smart IT and BMC Helix ITSM for creating and managing tickets. They also use QRadar SIEM for monitoring security threats in the enterprise data across on-premises and cloud-based environments. The tenant administrator sets up BMC Helix Multi-Cloud Broker to integrate BMC Helix ITSM with QRadar SIEM and also sets the required trigger conditions for creating incidents in BMC Helix ITSM. Additionally, the Smart IT administrator configures settings for managing security incidents.
QRadar SIEM generates offenses whenever it detects a threat in the environments, servers, or the networks it is monitoring, such as malware injection. Whenever such offenses are generated, BMC Helix Multi-Cloud Broker automatically creates incidents in BMC Helix ITSM. Calbro Services can then manage and track these incidents as security incidents in Smart IT.
Before you begin
If you want to manage security incidents that are automatically created from BMC Helix Multi-Cloud Broker, make sure that your Smart IT administrator has installed BMC Helix Multi-Cloud Broker version 20.02 and integrated it with BMC Helix ITSM. For more information, see .
If you want to manage the security incidents that are manually created in the Ticket Console, make sure that your Smart IT administrator has performed the required configuration settings. For more information, see Configuring settings for managing security incidents.
To manually create security incidents
You can manually create security incidents in Smart IT. For this, while creating an incident from the Ticket Console, on the Incident Create window, from the Incident Type drop-down menu, select the Security Incident option. For more information about creating security incidents, see Creating a ticket from the Create New menu.
To filter security incidents
You can filter the security incidents using the My Security Incidents predefined filter. Additionally, the Security Tickets option on the console displays the number of security tickets in the Ticket Console. If you click the Security Tickets option, the filter of Security Incident is applied. If you select either the My Security Incidents pre-defined filter or click the Security Tickets option on the console, the Security Incident option is automatically selected under Filter > Incident Type. For more information, see Tailoring Smart IT consoles for your work.
To display the Security Tickets option on the console, the Smart ITadministrator should configure the required settings. For more information, see Configuring settings for managing security incidents.
Automatic assignment of security incidents
If you have not selected an assignee while creating a security incident, if the Smart ITadministrator has performed the configuration settings, the ticket is automatically assigned to the security team. For more information about ticket assignments, see Assigning tickets.