This documentation supports the 23.3 version of BMC Helix ITSM: Service Desk.To view an earlier version, select the version from the Product version menu.

Managing and tracking security incidents

With a subscription to BMC Helix Multi-Cloud Broker, you can automatically create incidents in Mid Tier from offenses generated in IBM QRadar SIEM. You can then manage these security incidents by filtering and auto assigning them to the security team by using the Ticket Console in BMC Helix ITSM. Additionally, you can also manually create security incidents through the Ticket Console and then manage and track these security incidents.

Related topics

Troubleshooting-security-incident-issues

Configuring-settings-for-managing-security-incidents

Scenario for automatic incident creation

Scenario

Calbro Services uses BMC Helix ITSM and BMC Helix ITSM: Service Desk (Mid Tier) for creating and managing tickets. They also use QRadar SIEM for monitoring security threats in the enterprise data across on-premises and cloud-based environments. The tenant administrator sets up BMC Helix Multi-Cloud Broker to integrate BMC Helix ITSM: Service Desk with QRadar SIEM and also sets the required trigger conditions for creating incidents in Mid Tier. Additionally, the BMC Helix ITSM administrator configures settings for managing security incidents. 

QRadar SIEM generates offenses whenever it detects a threat in the environments, servers, or the networks it is monitoring, such as malware injection. Whenever such offenses are generated, BMC Helix Multi-Cloud Broker automatically creates incidents in BMC Helix ITSM: Service Desk. Calbro Services can then manage and track these incidents as security incidents in BMC Helix ITSM


Securityincidents_flow_final.png

Before you begin

If you want to manage security incidents that are automatically created from BMC Helix Multi-Cloud Broker, make sure that your BMC Helix ITSM administrator has installed BMC Helix Multi-Cloud Broker and integrated it with BMC Helix ITSM: Service Desk. For more information, see Incident creation from IBM QRadar offenses.

If you want to manage the security incidents that are manually created in the Ticket Console, make sure that your BMC Helix ITSM administrator has performed the required configuration settings. For more information, see Configuring-settings-for-managing-security-incidents.

To manually create security incidents

You can manually create security incidents in BMC Helix ITSM. For this, while creating an incident from the Ticket Console, on the Incident Create window, from the Incident Type drop-down menu, select the Security Incident option. For more information about creating security incidents, see Creating-an-incident-request.

To filter security incidents

You can filter the security incidents using the My Security Incidents predefined filter. Additionally, the Security Tickets option on the console displays the number of security tickets in the Ticket Console. If you click the Security Tickets option, the filter of Security Incident is applied. If you select either the My Security Incidents pre-defined filter or click the Security Tickets option on the console, the Security Incident option is automatically selected under Filter > Incident Type. For more information, see Navigating-the-ticket-console.

To display the Security Tickets option on the console, the BMC Helix ITSM administrator should configure the required settings. For more information, see Configuring-settings-for-managing-security-incidents.

Automatic assignment of security incidents

If you have not selected an assignee while creating a security incident, if the BMC Helix ITSM administrator has performed the configuration settings, the ticket is automatically assigned to the security team. For more information about ticket assignments, see Assigning tickets.


Instructions for classic interfaces

View instructions for Mid Tier

To manually create security incidents

From the Incident Management console, click Create and select the Security Incident option from the Incident Type menu.
For more information about creating security incidents, see Creating an incident request record by using a template and Creating an incident request record without a template.

To filter security incidents

Select Security Incident from the Incident Type menu.
This option is available on the Incident Basics and Assignment tab when you click More Filters on the Incident Management console to display a More Filter Criteria pop-up window. For more information, see Navigating-the-ticket-console.

Automatic assignment of security incidents

If the BMC Helix ITSM administrator has performed the configuration settings and you have not selected an assignee while creating a security incident, the ticket is automatically assigned to the security team.


 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*