In any IT environment, documentation of work performed by IT is critical and necessary to maintain order when providing resolutions for issues that users face. The BMC Remedy ITSM (BMC) is an IT service management system that allows for the management of incidents—e.g., events that are not part of standard operation that cause interruption or reduction in service quality. The BMC plugin focuses on the automation of incidents in BMC, with the goal of freeing up analysts’ time so they can focus on resolving issues, rather than documenting them.
What is InsightConnect?
InsightConnect is Rapid7’s security orchestration, automation and response (SOAR) solution that is purpose-built to accelerate your teams and tools through automation. By streamlining time-intensive processes, security teams are freed up to tackle other challenges. InsightConnect does this by connecting your tools so that each tool is used to its maximum potential, connecting the dots between them to better inform your security teams and enrich your data and security alerts. This leads to a major improvement in operational efficiency.
The BMC Remedy plugin allows you to automate the creation of incidents as part of your InsightConnect workflows by giving you the power to create new incidents from SIEM alerts. It offers options for automatically provisioning users, creating incidents, updating incidents with worknotes, and closing them out. Whenever a security team has standardized work surrounding an incident, there is a time-saving opportunity made possible with InsightConnect in conjunction with the BMC plugin. The BMC Remedy plugin includes several actions to control the automation of incident creation and management, including the following:
- Creation of a new incident in BMC
- Adding information to an incident
- Closing an incident with a resolution describing how the incident was resolved
- Retrieval of detailed Information on an incident, including the incident reporter, the assignee, and any worknotes
Let’s look at a simple incident creation workflow in InsightConnect. In this example, we’ll use the BMC plugin with the InsightVM plugin to automate the creation of incidents for InsightVM’s top remediations. InsightVM maintains a list of top remediations that is generated based on the impact the remediation will have. This includes the severity of the vulnerability, the number of systems vulnerable, and how critical these systems are. Every week, the workflow will check this list and pull down the top 10 remediations. Each remediation will receive its own incident in BMC, with each one containing information on the affected systems and how to remediate the issue. The workflow is available here for use within InsightConnect.
The incident will contain information on the hosts, as well as the remediation itself.
The BMC plugin provides many opportunities to automate incident management, freeing up security teams’ time to actually work on resolving incidents. Both the BMC plugin and workflow are now available for use in InsightConnect.