Creating security cases by using the Create case API
Workflow of automatic case creation
The following image shows the workflow of how a security case is automatically created in BMC Helix Business Workflows:
To create security cases by using the Create case API
- Integrate your security scanning tool with BMC Helix iPaaS.
- (Optional) To relate assets to the security cases, enable asset integration in BMC Helix Business Workflows. Learn more in Enabling-BMC-Helix-ITSM-integration-and-Asset-integration.
Example of automatic security case creation
Apex Global uses CrowdStrike as the security monitoring tool. Elizabeth, a case business analyst, configures BMC Helix iPaaS and BMC Helix Business Workflows so that security cases are automatically created when an event occurs in CrowdStrike. Case agents can then work on resolving the security cases. Elizabeth also enables BMC Helix ITSM integration and asset integration in BMC Helix Business Workflows.
When a security breach occurs on one of the company servers, an event occurs in CrowdStrike. The event messages are transformed in BMC Helix iPaaS and a security case is created in BMC Helix Business Workflows. Paul, a case agent in the Security Incident Handling line of business, works on the case. He relates the affected asset to the case.
Results
If BMC Helix Business Workflows is integrated with BMC Helix ITSM, and if asset integration is enabled in BMC Helix Business Workflows, the case agent can relate the affected asset to the case. The case is automatically assigned to a security support group. The case agent from the support group can work on the case in the following ways:
- Update case details
- Change security stages
- Add evidence and view the evidence log
- Resolve the case
Where to go from here