This documentation supports the 21.3 version of BMC Helix ITSM: Service Desk.To view an earlier version, select the version from the Product version menu.

Managing and tracking security incidents

You can easily manage and track security incidents by using the Incident Management console in BMC Helix ITSM.

Related topics

Troubleshooting-security-incident-issues

Configuring-settings-for-managing-security-incidents

Overview

With a subscription to BMC Helix Multi-Cloud Broker, you can automatically create incidents in BMC Helix ITSM from offenses generated in IBM QRadar SIEM. You can then manage these security incidents by filtering and auto-assigning them to the security team by using the Incident Management console in BMC Helix ITSM. Additionally, you can manually create security incidents through the Incident Management console and then manage and track these security incidents.

Scenario for automatic incident creation

Calbro Services uses Smart IT and BMC Helix ITSM for creating and managing tickets. They also use QRadar SIEM for monitoring security threats in the enterprise data across on-premises and cloud-based environments. The tenant administrator sets up BMC Helix Multi-Cloud Service Management to integrate BMC Helix ITSM with QRadar SIEM and also sets the required trigger conditions for creating incidents in BMC Helix ITSM. Additionally, the Smart IT administrator configures settings for managing security incidents. 

QRadar SIEM generates offenses whenever it detects a threat in the environments, servers, or the networks it is monitoring, such as malware injection. Whenever such offenses are generated, BMC Helix Multi-Cloud Broker automatically creates incidents in BMC Helix ITSM. Calbro Services can then manage and track these incidents as security incidents in BMC Helix ITSM

Securityincidents_flow_final.png

Before you begin

If you want to manage security incidents that are automatically created from BMC Helix Multi-Cloud Broker, make sure that your system administrator has installed BMC Helix Multi-Cloud Broker  and integrated it with BMC Helix ITSM. For more information, see Incident creation from IBM QRadar offenses.

If you want to manage the security incidents that are manually created in the Incident Management Console, make sure that your system administrator has performed the required configuration settings. For more information, see Configuring-settings-for-managing-security-incidents.

To manually create security incidents

To filter security incidents

  • Select Security Incident from the Incident Type menu.
    This option is available on the Incident Basics and Assignment tab when you click More Filters on the Incident Management console to display a More Filter Criteria pop-up window. For more information, see Incident-Management-interface.

Automatic assignment of security incidents

If the BMC Helix ITSM administrator has performed the configuration settings and you have not selected an assignee while creating a security incident, the ticket is automatically assigned to the security team.


 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*