Creating BMC Helix ITSM incidents from Tenable.io via BMC Helix iPaaS, powered by Jitterbit
BMC Helix iPaaS, powered by Jitterbit provides a prebuilt integration template that enables you to create an incident in BMC Helix ITSM from a vulnerability in Tenable.io.
To use the integration template with the values defined out of the box, update the project variables with details of your systems and deploy the integration template.
To learn about the various components of a template, refer to Jitterbit Integration Studio.
The template provides the following capability:
Use case | Tenable.io to BMC Helix ITSM | BMC Helix ITSM to Tenable.io |
|---|---|---|
| Create tickets | Creates a BMC Helix ITSM incident from a new Tenable.io vulnerability event and associates all impacted configuration items (CIs) from the event with the same incident. Important: A new ticket is created if existing incidents are Canceled, Resolved, or Closed. A new ticket is not created only when there is already an active open incident. | Not supported |
Tenable.io to BMC Helix ITSM data flow
The following image shows an overview of the data flow for creating a BMC Helix ITSM incident from a Tenable.io vulnerability:
Before you begin
You require the following items to successfully set up and use this integration:
| Required versions |
|
|---|---|
| Authentication and permissions |
|
| Subscription | A valid BMC Helix iPaaS subscription |
| APIs | Generate access and secret keys to access APIs in Tenable.io. |
| Others | Assets are scanned in Tenable.io. For more information about scans, see Scans. |
Task 1: To download and import the integration template project file
- Download the Create BMC Helix ITSM Incident from Tenable.io Vulnerability Management file to your system.
This file contains the BMC Helix iPaaS Integration Studio project: Create BMC Helix ITSM Incident from Tenable.io Vulnerability Management.
Important: Your ability to access product pages on the EPD website is determined by the license your company purchased. - As a developer, log in to BMC Helix iPaaS and navigate to the Integration Studio.
- On the projects page, click Import.
- Click Browse and then select the Create BMC Helix ITSM Incident from Tenable.io Vulnerability Management file you downloaded.
The Project Name and Organization fields are automatically populated depending on the values defined. - From the Environment list, select the environment to which you want to import this integration template, and click Import.
The project opens after the integration template is imported. - To open the project file at a later time, select the environment where the integration templates are available, select the Create BMC Helix ITSM Incident from Tenable.io Tenable Vulnerability Management project and click View/Edit.
Task 2: To update the project variables for the integration template
- Next to the Environment name, click the ellipses ... and select Project Variables.
- Update the following project variables:
Project variable | Action |
|---|---|
| BMC Helix ITSM | |
| ITSM_Host | Enter the BMC Helix ITSM Rest API URL. |
| ITSM_Incident_Type | Enter any of the following incident types that you want to create:
By default, this variable is set to User Service Restoration. |
| ITSM_Customer_First_Name | Enter the first name of the BMC Helix ITSM customer. |
| ITSM_Customer_Last_Name | Enter the last name of the BMC Helix ITSM customer. |
| ITSM_Company | Enter the company name for which the integration template needs to be run. |
| ITSM_Status | Enter a status for the BMC Helix ITSM incident. By default, this variable is set to New. |
| ITSM_Assigned_Support_Company | Enter the name of the support company to which you want to assign the incident. |
| ITSM_Assigned_Organization | Enter the name of the organization for which you want to create the incident. |
| ITSM_Assigned_Group | Enter the name of the support group to which you want to assign the incident. |
| Tenable Vulnerability Management | |
| (Mandatory) Tenable_Host | Enter the hostname of the Tenable.io instance that you are using. |
| (Mandatory) Tenable_vpr_score | The integration template returns vulnerabilities with the Vulnerability Priority Rating (VPR) score that you specify. Enter a number or a greater than equal to (gte) range for which you want to retrieve vulnerabilities. |
| (Mandatory) Tenable_severity | The integration template returns vulnerabilities with the specified Common Vulnerability Scoring System (CVSS) score. Enter any of the following array values:
|
| (Mandatory) Tenable_secretKey | Enter the secret key for your Tenable account. Use the secret key to access the API for all the Tenable Vulnerability Management products for which your organization has licenses. |
| (Mandatory) Tenable_accessKey | Enter the access key for your Tenable account. Usae the access key to access the API for all the Tenable Vulnerability Management products for which your organization has licenses. |
| Tenable_Last_found | Specify the date and time for which you want to retrieve the vulnerabilities. By default, the integration template retrieves vulnerabilities that were found or fixed in the last 30 days. |
| Tenable_Num_Asset | Enter the number of assets you want to fetch in a chunk. By default, 500 assets are fetched in a chunk from Tenable.io. |
| CMDB Username | Enter the username for the BMC Helix CMDB account used by the integration to access configuration items. |
| CMDB Password | Enter the password used to authenticate with BMC Helix CMDB. |
(Optional) Task 3: To map custom fields between BMC Helix ITSM and Tenable.io
Out of the box, the following fields are mapped between BMC Helix ITSM and Tenable.io:
| BMC Helix ITSM field | Tenable.io field |
|---|---|
| First_Name | Project variable |
| Last_Name | Project variable |
| Company | Project variable |
| Service_Type | Project variable |
| Status | Project variable |
| Assigned_Support_Company | Project variable |
| Assigned_Support_Organization | Project variable |
| Assigned_Group | Project variable |
| mc_ueid | Asset_UUID_PORT The Asset_UUID_PORT field contains the asset hostname, asset UUID, and asset port number values. |
| Description | Description The Description field contains the asset hostname and plugin name values. Important: Because the BMC Helix ITSM ticket Description field length is limited to 100 characters, the plugin name value is trimmed. |
| Impact | Severity |
| Detailed_Description | Notes The Notes field contains the affected asset hostname, cve ID, VPR score, severity, plugin output, synopsis, and plugin solution values. |
| Reported_Source | The default value is Email. You can change the default value. |
| Urgency | Severity |
To map custom fields between BMC Helix ITSM and Tenable.io
- In Workflows, select 1.0 Tenable.io flow > 1.3 Incident Creation.
- On the Decider transformer transformation element, click the ellipsis ..., and then click View/Edit.
- In the Target section, from the list of fields, add the required field that you want to map, as shown in the following image:
If you want to map a field with a project variable, perform the following steps:
- In Workflows, select 1.0 Tenable.io flow > 1.2 Get Chunks.
- On the get chunk transfer transformation element, click the ellipsis ..., and then click View/Edit.
- In the JSON script, add the required field and drag the variable from Source objects, as shown in the following image:
(Optional) Task 4: To fetch vulnerabilities by using custom filters
Out of the box, the following project variables help you filter vulnerabilities from Tenable.io:
- Tenable_vpr_score
- Tenable_severity
- Tenable_Last_found
However, you can define custom filters and use them to fetch vulnerabilities.
To do this, perform the following steps:
- In the integration template, select 1.0 Tenable.io flow > 1.0 Export using the Filter.
- On the ExportInputPayload transformation element, click the ellipses …, and click View/Edit.
- In the JSON script, add the required filter.
For information about available filters in Tenable.io, see Export filters.
Task 5: To deploy and enable the project
Deployment is a one-time activity that initializes the integration configurations. The UI displays a message for the deployment status.
To deploy the project and then enable the integration, perform the following step:
- To enable the integration, next to the 1.0 Export using the Filter workflow, click the ellipsis ... and click Run, as shown in the following image:
(Optional) Task 6: To use a scheduler to run the template
- In Workflows, expand 1.0 Tenable.io flow.
- Next to the 1.0 Export by using Filter workflow, click the ellipsis ..., and then click Settings.
- On the Schedules tab, use an existing schedule, if any, or create a new schedule.
- (Optional) To create a new schedule, click Create New Schedule, complete the following fields, and click Save:
- Schedule Name
- Occurrence
- Frequency
- Duration
The following image shows an example of a new schedule:
(Optional) To use a custom field to store the asset details
By default, the mc_ueid field in BMC Helix ITSM stores the host name, UUIID, and port number of a Tenable.io asset. However, you can use a custom field to store these asset details.
To learn how to create custom fields in BMC Helix ITSM, see Customized fields.
Workflows included in the integration template
The following workflows are defined as a part of the integration template. Refer to the following details for an overview of the tasks defined in the workflow operations and configurations defined within each workflow.
1.0 Tenable.io flow
| Operation name | Actions performed |
|---|---|
| 1.0 Export using the Filter | Retrieves vulnerabilities from Tenable.io by using the filters you specify in the project variable |
| 1.1 Get Export Status | Gets the status of an export for Tenable.io vulnerabilities; for example, Pending, Running, Canceled |
| 1.2 Get Chunks | Fetches Tenable.io vulnerabilities in chunks. A chunk contains a maximum of 500 vulnerabilities. |
| 1.3 Incident Creation | Creates an incident for a vulnerability only if the vulnerability does not exist in BMC Helix ITSM |
| 1.4 Query Asset | Queries the asset data based on the specified filters in the project variables |