Limited supportBMC provides limited support for this version of the product. As a result, BMC no longer accepts comments in this space. If you encounter problems with the product version or the space, contact BMC Support.BMC recommends upgrading to the latest version of the product. To see documentation for that version, see BMC AMI Command Center for Security 6.2.

Ongoing operational workflow

BMC Defender employs a simple workflow for operators.

  • Each operator is assigned a particular set of tickets (associated with their user ID and BMC Defender login, or associated with a particular operational group).
  • The operator receives ticket notifications by e-mail or some other method, or monitors their set of tickets for problems.
  • As tickets are opened on the system, the operator is tasked with resolving these tickets, closing the tickets (possibly with a required and proper resolution).
  • The ticketing activity can be monitored by system or project management as a method of assessing the workload and effectiveness of the operational staff.
  • Given the preceding scheme, the precise workflow of operators is therefore governed almost entirely by the number of tickets assigned to each operator and the difficulty in resolving these tickets. BMC Defender maintains the ticket information, and an administrator or supervisory operator assesses it.


Note

Resolution of the ticket might be as simple as adjusting a threshold or adding a system filter, or might be a highly complex activity requiring high-level security analysts.

Related topic

Key-concepts

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*