Security
Data security is an essential component of any organization. Organizations utilize the services of security vendors to identify potential threats and data breaches. The security vendors monitor the data on the enterprise and cloud infrastructure and provide information whenever there is a risk to data. When a risk is identified, the next step is to address the issue. BMC Helix Multi-Cloud Broker provides prebuilt integration between BMC Helix ITSM and IBM QRadar Security Information and Event Management (SIEM) to address such security challenges. QRadar SIEM generates offenses whenever it detects a security breach and BMC Helix ITSM enables you to service that risk with its ticket management platform.
Benefits of data security
Configuring BMC Helix Multi-Cloud Broker with QRadar SIEM enables the following actions:
- Automatic creation of an incident in BMC Helix ITSM whenever an offense is generated in QRadar SIEM.
- Notifications for status updates, so that changes in the status of the incident are synchronized between BMC Helix ITSM and QRadar SIEM offense.
- Updates to the incident notes in the BMC Helix ITSM incident as well as in the QRadar SIEM offense.
Using BMC Helix Multi-Cloud Broker with Mid Tier
You can integrate BMC Helix Multi-Cloud Broker with QRadar SIEM without using Smart IT. Instead of the Smart IT console, you can use Mid Tier to view incidents. When working without Smart IT, you cannot view the vendor ticket details. However, you can view the work logs to verify that tickets are being brokered. When working without Smart IT, BMC Helix Multi-Cloud Broker supports all available features except the sending of an activity note from BMC Helix ITSM to the vendor application ticket.
How incidents are consolidated into BMC Helix ITSM by using BMC Helix iPaaS, powered by Jitterbit
The following image shows how BMC Helix Multi-Cloud Broker creates a BMC Helix ITSM incident is created from an IBM QRadar offense:
How incidents are consolidated into BMC Helix ITSM by using BMC Helix Integration Service
The following image illustrates how BMC Helix Multi-Cloud Broker uses connectors, flows, and processes when a vendor ticket is created:
How status and activity notes are updated in BMC Helix Multi-Cloud Broker
The following table lists the events that update the status and activity notes:
Event type | Event | Result |
|---|---|---|
Addition of a comment | A service desk agent adds a comment to the incident ticket in Smart IT and clicks Share with IBM QRadar. | The comment is added to the vendor application ticket. |
A comment is added to an offense in QRadar SIEM. | Smart IT displays the comment as an activity note for the corresponding incident. | |
Updates to a field (For fields mapped when you specify the technology provider and field mapping during vendor data configuration) | A field is updated in BMC Helix ITSM. | BMC Helix Multi-Cloud Broker updates the corresponding vendor application ticket with a comment listing the field name with the new and existing values. |
Fields in the vendor application ticket are updated. | Updates are reflected in the corresponding BMC Helix ITSM incident fields. | |
Updates to a ticket status | A vendor ticket is closed. | The corresponding BMC Helix ITSM incident is marked as resolved, based on the option you select during the vendor data configuration. |
An BMC Helix ITSM incident is Canceled, Closed, or Resolved. | The corresponding vendor application ticket is Closed. | |
Status changes to a vendor application ticket except for Jira. | Changes are reflected as an activity note on the BMC Helix ITSM incident. For Jira, you can map the fields between BMC Helix ITSM and Jira to keep them in sync. For details about syncing field values between Jira and BMC Helix ITSM, see Enabling-prebuilt-DevOps-integration-between-JIRA-Software-and-BMC-Helix-ITSM. For other vendors, status changes are communicated through addition of activity notes. |
Activity notes display the vendor ticket numbers and the author of the note.
The following table lists the different formats in which an activity note can be displayed:
From where a ticket is created | Format of the activity note |
|---|---|
From a vendor to BMC Helix ITSM | Note added from <vendor> ticket <vendor ticket id as URL> by <vendor user first last names> |
From BMC Helix ITSM to vendor | ITSM user <ITSM user first last name>, added a work note: <work note text> |
Where to go from here