This documentation supports the 21.3 version of BMC Helix ITSM: Smart IT.To view an earlier version, select the version from the Product version menu.

Managing security incidents


This use case describes how you can automate the creation of security incidents in your organization and resolve them quickly to ensure the smooth working of the organization.

Scenario

ABC company hosts most of its services in the cloud environment that they own and manage. Recently, there have been a lot of malware attacks on their servers that have resulted in a lot of financial losses. So, they decide to integrate BMC Helix Multi-cloud Broker with BMC Helix ITSM to automatically create security incidents when there are malware attacks.

Workflow

Securityincidents_flow_final.png

The following table describes the tasks that are taken from the creation of the security incidents till they are resolved:

Task

Component

User

Action

Reference

1.

BMC Helix Multi-cloud Broker 

Smart IT administrator

Smart IT administrator configures BMC Helix Multi-Cloud Broker. BMC Helix Multi-Cloud Broker integrates with IBM QRadar Security Information and Event Management (SIEM). IBM QRadar SIEM automatically creates incidents in BMC Helix ITSM when an offense occurs.

2.

Smart IT

Smart IT administrator

To display the security incidents that are generated by QRadar Siem in the ticket console, the Smart IT administrator has to display the Security Tickets options on the console.

3.

Smart IT

Smart IT administrator

Automatic assignment of security incidents.

4.

Smart IT

Incident user

Resolve the security incidents.

Results

  • Automatic creation of security incidents.
  • Automatic assignment of security incidents.

Benefits

  • Quick identification and resolution of security incidents.
  • Effective ticket management from a single console.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*