Free community edition

Request a demo

Streamline Incident Management and Issue Tracking with BMC Remedy and DFLabs IncMan SOAR

Back to all articles

issue tracking

Integrate IncMan SOAR’s Orchestration, Automation and Response capabilities with your existing BMC Remedy solution.

Security incidents are complex and dynamic events, requiring the coordinated participation from multiple teams across the organization. For these teams to work with maximum efficiency, as a single body, it is critical that information flows seamlessly between all teams in real-time.

Faced with a continued onslaught of security incidents, organizations must find ways to maximize the utilization of their limited resources to remain ahead of the attackers and ensure the integrity of the organization’s critical resources.

Security Operations Center (SOC) managers who are primarily responsible for security event monitoring, management and response, may find themselves asking a number of questions including:

  • How can I integrate the power of IncMan SOAR into my existing issue management process?
  • How can I enable all teams to work as a single, unified body to increase the efficiency of the incident response process?
  • How can I quickly communicate critical information to those outside the security team?

The DFLabs and BMC Remedy Solution

Security Operations Teams struggle to gain visibility of threats and rapidly respond to incidents due to the sheer number of different security technologies they must maintain and manage and the resulting flood of alerts. Aggregating these into a single pane of glass to prioritize what is critical and needs immediate attention requires a platform that can consolidate disparate technologies and alerts and provides a cohesive and comprehensive capability set to orchestrate incident response efforts. By integrating with BMC Remedy, DFLabs IncMan SOAR platform extends these capabilities to Remedy users, combining the Orchestration, Automation and Response power of IncMan SOAR with the organization’s existing issue tracking process.

About BMC Remedy

BMC Remedy IT Service Management Suite (BMC Remedy ITSM Suite) provides out of-the-box IT Information Library (ITIL) service support functionality. BMC Remedy ITSM Suite streamlines and automates the processes around IT service desk, asset management, and change management operations. It also enables you to link your business services to your IT infrastructure to help you manage the impact of technology changes on business and business changes on technology — in real time and into the future. In addition, you can understand and optimize the user experience, balance current and future infrastructure investments, and view potential impact on the business by using a real-time service model.

Use Case

Here is a simple use case to see how the two technologies work together.

An alert of a host communicating with a potentially malicious domain has automatically generated an Incident within IncMan SOAR. This alert is automatically categorized within IncMan based on the organizations policies, which initiates the organization’s Domain reputation runbook, shown below:

Through this Runbook, IncMan automatically gathers domain reputation information for the domain which generated the alert. If the resulting domain reputation information indicates that the domain may be malicious, IncMan will use an Notification action to automatically create a new Issue within BMC Remedy, allowing Remedy users to immediately begin next steps.

S_Rif2Jj7zco23PZTtahx1WIidxvGvF0AaUBJsOWmHc-Jh6OMmKBEEjByWYIrLAyraotzh8ZjazypaGyYw6enCa9q_hKCCxLsW-rpYWl5R4XZ4PN-iIUcEkeYZb2ROihQ8XL_yUo

Next, using additional Enrichment actions, IncMan will automatically gather additional information regarding the suspicious domain, such as WHOIS and geolocation information. IncMan will then automatically update the BMC Remedy issue tracking system with this information. Finally, a screenshot of the page (if applicable), is taken and added to IncMan.

The automated workflow of IncMan SOAR’s R3 Runbooks means that an IncMan incident and BMC Remedy issue will have been automatically generated, and these enrichment actions through the Quick Integration Connector with BMC Remedy and other enrichment sources will have already been committed before an analyst is even aware that an incident has occurred.

Both IncMan and BMC Remedy issue tracking tool users are now able to perform their respective tasks, knowing that they are each working with the same information, and can continue to do to as the incident progresses.

By harnessing the power of BMC Remedy’s industry-leading issue tracking solution, along with the Orchestration, Automation and Response of IncMan SOAR, organizations can elevate their incident response process, leading to faster and more effective response and reduced risk across the entire organization.

Get Started with a One-to-One Personalized Demo

Dramatically reduce the mean time to detection, response and remediation of all potential security incidents, ensuring no alert goes untouched.

See IncMan SOAR in Action.

Request a demo