Managing security incidents
This use case describes how you can automate the creation of security incidents in your organization and resolve them quickly to ensure the smooth working of the organization.
Scenario
ABC company hosts most of its services in the cloud environment that they own and manage. Recently, there have been a lot of malware attacks on their servers that have resulted in a lot of financial losses. So, they decide to integrate BMC Helix Multi-cloud Broker with BMC Helix ITSM to automatically create security incidents when there are malware attacks.
Workflow
The following table describes the tasks that are taken from the creation of the security incidents till they are resolved:
Task | Component | User | Action | Reference |
|---|---|---|---|---|
1. | BMC Helix Multi-cloud Broker | Smart IT administrator | Smart IT administrator configures BMC Helix Multi-Cloud Broker. BMC Helix Multi-Cloud Broker integrates with IBM QRadar Security Information and Event Management (SIEM). IBM QRadar SIEM automatically creates incidents in BMC Helix ITSM when an offense occurs. | |
2. | Smart IT | Smart IT administrator | To display the security incidents that are generated by QRadar Siem in the ticket console, the Smart IT administrator has to display the Security Tickets options on the console. | |
3. | Smart IT | Smart IT administrator | Automatic assignment of security incidents. | |
4. | Smart IT | Incident user | Resolve the security incidents. |
Results
- Automatic creation of security incidents.
- Automatic assignment of security incidents.
Benefits
- Quick identification and resolution of security incidents.
- Effective ticket management from a single console.