This documentation supports the 23.3 and consecutive patch versions of BMC Helix Multi-Cloud Broker.To view an earlier version, select the version from the Product version menu.

Reference of integration between BMC Helix ITSM and IBM QRadar SIEM by using BMC Helix iPaaS

You can integrate BMC Helix ITSM with IBM QRadar Security Information and Event Management (SIEM) to create BMC Helix ITSM incidents from IBM QRadar offenses. The integration helps your agents to track and remediate security threats to your organization.

BMC Helix Multi-Cloud Broker, along with BMC Helix iPaaS, provides the Create_BMC_Helix_ITSM_incident_from_IBM_QRadar_offense.json integration template that you can use to integrate BMC Helix ITSM with IBM QRadar. You configure the integration in BMC Helix Multi-Cloud Broker and deploy the template to your BMC Helix iPaaS environment.

Related topic

Creating-incidents-from-IBM-QRadar-SIEM-offenses-via-BMC-Helix-iPaaS-powered-by-Jitterbit

List of project variables

The following sections describe the variables that you can update as per your requirements:

  • BMC Helix iPaaS variables:

    Project variable

    Action

    BHIP_API_NAME

    Enter the name for API that is created in the BMC Helix iPaaS API Manager to receive BMC Helix Multi-Cloud Broker or QRadar requests.

    BHIP_API_User_Roles

    Enter comma-separated values of the organization roles assigned for the BMC Helix iPaaS API.

    Important: If you do not specify any value, all the organization roles get access to the new API.

    BHIP_MCB_API_Profile_User_Name

    Enter the user name that should be used while creating the BASIC type of BMC Helix Multi-Cloud Broker API profile.

    BHIP_MCB_API_Profile_User_Password

    Enter the password that should be used while creating the BASIC type of BMC Helix Multi-Cloud Broker API profile.

    The integration template creates an API in BMC Helix iPaaS to handle requests from  BMC Helix Multi-Cloud Broker.

    BHIP_Vendor_API_Profile_Type

    Do not enter any value for these variables.

    BHIP_Vendor_API_Profile_User_Name

    BHIP_Vendor_API_Profile_User_Password

    BHIP_Vendor_API_Profile_ApiKey_Name

    BHIP_Host

    Enter the BMC Helix iPaaS instance URL where you want to run this project.

    Important: Make sure that you do not enter any leading and trailing spaces in the URL.

    BHIP_User_Name

    Enter the user name for the BMC Helix iPaaS instance.

    Important:
    BMC Helix iPaaS login credentials are required to create the API in BMC Helix iPaaS by using RestAPI. This is due to a limitation that BMC Helix iPaaS does not enable access to information about being logged in to BMC Helix iPaaS.

    BHIP_User_Password

    Enter the password for the BMC Helix iPaaSinstance.

    Enable_BMC_Helix_To_Vendor_Integration

    Enable the creation of QRadar offenses from BMC Helix ITSM incident, and synchronization of updates and comments.

    By default, this variable is set to true. If you want to disable the synchronization of updates and comments between the incident and offense, set this variable to false.

    Enable_Vendor_To_BMC_Helix_Integration

    Enable the creation of BMC Helix ITSM incidents from IBM QRadar offenses, synchronization of activity notes between an incident and offense, and closing the offense from the incident.

    By default, this variable is set to true. If you want to disable the creation of BMC Helix ITSM incidents from IBM QRadar offenses, sharing of activity notes between an incident and offense, and closing the offense from the incident, set this variable to false.

  • IBM QRadar project variables:

    Project variable

    Action

    QRadar_Host_Url

    Enter the IBM QRadar instance URL in the following format:

    [http/https]://[host name]:[port]

    Important: Make sure that you do not enter any leading and trailing spaces.

    QRadar_User_Name

    Enter the name of the administrator who has access to the IBM QRadar instance.

    QRadar_User_Password

    Enter the password of the administrator user who has access to the IBM QRadar instance.

  • BMC Helix Multi-Cloud Brokerproject variables:

    Project variable

    Action

    MCB_Host

    Enter the BMC Helix Multi-Cloud Broker host URL to which IBM QRadar offenses should be synchronized.

    Important: Make sure that you do not enter any leading and trailing spaces in the URL.

    MCB_User_Name

    Enter the user name to access BMC Helix Multi-Cloud Broker.

    MCB_User_Password

    Enter the password for the user name that you have entered.

    MCB_Vendor_Name

    Enter the name of the Vendor name configured in the BMC Helix Multi-Cloud Broker application.

    The following variables are inputs from BMC Helix ITSM. Either enter values for these variables or map appropriate IBM QRadar fields if the data is available:

    Project variable

    Action

    ITSM_Company_Name

    Enter the name of the company for which an incident should be created in BMC Helix ITSM; for example, Apex Global.

    ITSM_Customer_First_name

    Enter the first name of the BMC Helix ITSM customer.

    ITSM_Customer_Last_Name

    Enter the last name of the BMC Helix ITSM customer.

    ITSM_Incident_Type

    Enter any of the following incident types for which a corresponding IBM QRadar offense should be created:

    • User Service Restoration
    • User Service Request
    • Infrastructure Restoration
    • Infrastructure Event
    • Security Incident

    The default value of this variable is User Service Restoration.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*