Skip to Content

Sending tickets via HelixITSM.bat

You can track correlation threads that trigger an emergency alert with tickets in BMC Helix ITSM.

To raise an automated ticket alert in BMC Helix ITSM, administrators can customize the HelixITSM.bat file in the installationDirectory/t-actions folder.

Related topics

Using-and-creating-an-action-program

BMC-Defender-Server-automation

Replace the following placeholders in the HelixITSM.bat file:

  • <BASEURL>—BMC Helix Portal URL that supports REST API endpoints for your installed BMC Helix ITSM Server (AR Server)
  • <USER>—BMC Helix ITSM server user with permission to create incidents on the BMC Helix ITSM Server
  • <PASSWORD>—Password for the BMC Helix ITSM server user
  • <FIRSTNAME>—First name for the Customer field of the created incident, as defined in the BMC Helix ITSM server
  • <LASTNAME>— Last name for the Customer field of the created incident, as defined in the BMC Helix ITSM server

The HelixITSM.bat file has the following default values:

  • Description (displayed as Summary in the user interface) is fetched from the Alert Message / Ticket Text field (Alerts > Counters tab).

  • Urgency is prioritized from the Alert/Ticket Severity (Messages > Catalogs > Severities) as follows:

    BMC Helix ITSM Urgency value

    BMC AMI Command Center for Security Severity value

    4-Low

    debug and info

    3-Medium

    notice and warning

    2-High

    error and critical

    1-Critical

    alert and emergency

  • Impact is set as 3-Moderate/Limited.
  • Reported Source is set as Other.

  • Service_Type (displayed as Incident Type in the user interface) is set as Security Incident.

    image2021-3-2_17-42-3.png

    You can customize the default values in the HelixITSM.bat file:

    @echo OFF

    REM: # Helix ITSM Incident Creation Program.

    REM: Used variables
    set baseurl="<BASEURL>"
    set user="<USER>"
    set pwd="<PASSWORD>"
    set firstname="<FIRSTNAME>"
    set lastname="<LASTNAME>"

    REM: Incident Urgency
    set tsev=%T_SEVERITY%
    set tmsg=%T_MESSAGE%

    REM: Decide urgency as per severity of the ticket
    if "%tsev%"=="debug"     set turgency="4-Low"
    if "%tsev%"=="info"      set turgency="4-Low"
    if "%tsev%"=="notice"    set turgency="3-Medium"
    if "%tsev%"=="warning"   set turgency="3-Medium"
    if "%tsev%"=="error"     set turgency="2-High"
    if "%tsev%"=="critical"  set turgency="2-High"
    if "%tsev%"=="alert"     set turgency="1-Critical"
    if "%tsev%"=="emergency" set turgency="1-Critical"

    REM: Check whether curl is available
    where curl
    if not errorlevel 0 (
       echo curl not available!
       exit 1
    )

    for /F %%I in ('curl.exe -s -X POST %baseurl%/api/jwt/login -H "Content-type: application/x-www-form-urlencoded" -d "username=%user%&password=%pwd%"') do set authtoken=%%I

    REM: Call Complete
    REM: echo %authtoken%

    REM: Incident Creation using HPD:IncidentInterface_Create Interface
    curl -s -X POST %baseurl%/api/arsys/v1/entry/HPD:IncidentInterface_Create/ ^
    -H "Content-type:application/json" ^
    -H "Authorization:%authtoken%" ^
    -d "{\"values\": {\"First_Name\": \"%firstname%\",\"Last_Name\": \"%lastname%\",\"Description\": \"%tmsg%\",\"Impact\": \"3-Moderate/Limited\",\"Urgency\": \"%turgency%\",\"Status\": \"New\",\"Reported Source\": \"Other\",\"Service_Type\": \"Security Incident\" }}"

    REM: Expire the used auth token
    curl -s -X POST %baseurl%/api/jwt/logout -H "Authorization:%authtoken%"

    echo Execution complete.
    exit 0


 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

BMC Defender SIEM Correlation Server 6.2