Question & Answer
Question
Can offenses created by QRadar generate ServiceNow tickets?
Answer
If your ticketing system is able to generate tickets based on emails or SNMP traps, it can be integrated with QRadar.
Workflow for integration
Create an Authorized Services token for your ticketing system for your QRadar Console. To create an Authorized Services token, perform the following steps:
- Log in to the QRadar Web User Interface.
- Go to the Admin tab > Authorized Services Icon > Add Authorized Service from the menu.
- Specify the Service Name (for example, ServiceNow).
- Select a User Role from the pull-down menu.
- Select a Security Profile from the pull-down menu.
- Enter an Expiration Date for the token.
Note: By default, the User Role and Security Profile are set as Admin.
This procedure creates an Authentication Token for the ticketing system. Copy the token to the Notepad.
Configure an offense rule with an email or SNMP trap response.
You can configure the email locale settings along with the SNMP trap settings from the QRadar Web User Interface.
Admin tab > System Settings Icon > SNMP Settings on the left menu or scroll down to SNMP Settings
The email or SNMP trap contains information such as the offense ID. For more detailed instructions on how to configure SNMP traps, see SNMP trap configuration in QRadar.
The ticketing system receives the SNMP trap or email, parses it and based on the information included, it creates a ticket such as Offense ID.
Result
The email or SNMP trap contains information such as the offense ID. For more detailed instructions on how to configure SNMP traps, see SNMP trap configuration in QRadar.
The ticketing system receives the SNMP trap or email, parses it and based on the information included, it creates a ticket such as Offense ID.
Result
Offenses can be closed or dismissed by using a query string. For detailed instructions, refer to the Managing authorized services.
[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwsyAAA","label":"Admin Tasks"}],"ARM Case Number":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
14 April 2023
UID
swg21969815