Incident creation from IBM QRadar offenses

BMC Helix Multi-Cloud Service Management provides prebuilt integration with IBM QRadar Security Information and Event Management (SIEM) to create incidents in Remedy ITSM whenever QRadar SIEM offenses are generated.

The following image describes how an incident ticket is created in Remedy ITSM for an offense in QRadar SIEM:

Scenario

Calbro Services uses QRadar SIEM for monitoring security threats in the enterprise data across on-premises and cloud-based environments. QRadar SIEM generates offenses whenever it detects a threat in the environments, servers, or the networks it is monitoring, such as malware injection. BMC Helix Multi-Cloud Service Management creates incidents in Remedy ITSM when such offenses are generated so that Calbro Services can remediate the issue even before a service request is raised for the problem.

Calbro Services has the following requirements:

• QRadar SIEM generates offenses whenever it detects a security threat to the organization data.
• A ticket needs to be created in Remedy ITSM.

Workflow

Calbro Services implements their requirements by using BMC Helix Multi-Cloud Service Management:

The tenant administrator sets up BMC Helix Multi-Cloud Service Management to integrate Remedy ITSM with QRadar SIEM. The administrator also sets up the required trigger conditions for creating incidents in Remedy ITSM.

Results

1. QRadar SIEM generates offenses whenever it detects a security threat.
2. BMC Helix Multi-Cloud Service Management validates the trigger conditions and creates a ticket in Remedy ITSM.
3. Remedy ITSM displays the incident details in the Smart IT console.

Benefits

• Effective ticket management from a single console.
• Easily track issues through automatic ticket creation and updates .
• Remediate issues before a service request is created for the problem.