Tickets report

Most modern SIEM implementations support an alerting facility that is used for threat detection and used to assist in the review of security information as required by virtually all security specifications. BMC Defender implements this using its built-in tickets facility, that permits alerts (of various types) to automatically open tickets that can drive notifications.

BMC Defender Server provides a special report to monitor and tabulate ticket information. These BMC Defender Server tickets are the actionable data of the system, generated by the alerting facility. The Tickets report is useful for furnishing evidence that BMC Defender is performing threat and anomaly detection in compliance with various security standards.

The BMC Defender Tickets report facility scans the list of tickets on the system for the specified Span Days range and creates a summary of tickets showing the ticket date, assignee, affected device, as well as the resolution and actual ticket text. This information is intended mainly as summary info useful to show that tickets are being generated.

These reports are not intended to actually replace the ticketing system as a central method of collecting and analyzing actionable data. (The Tickets tab provides multiple capabilities not provided in these reports, such as the ability to view all related messages to the ticket.) Rather, these reports are intended to provide summary information useful to auditors and managers looking to quickly assess the current and past actionable data that BMC Defender has detected.

This section provides information about the following topics: