IBM Support

Integrating Cloud Pack for Security with Guardium Insights

How To


Summary

Cloud Pak for Security Integration demo in IBM Security Guardium Insights for IBM Cloud Pak for Security

Objective

This demo guides you through an example of how to integrate IBM Cloud Pak for Security Cases with IBM Security Guardium Insights

Steps

To configure Guardium Insights ticketing to open tickets in Cloud Pak for Security Cases, enter “ticketing configuration”, which can be found in general settings.

image 12072

 

Special note here.

If self-signed certificates in the Cloud Pak for Security instance are used, upload that cert.

First, click connect a ticketing account to begin.

From the drop-down select IBM “Cloud Pak for Security Cases”.

image 12074

Enter the URL for Cloud Pak for Security.

Next, enter in the key and the password, which is also known as the key secret.

Click connect.

Connection to Cloud Pak for Security Cases complete.

Now every time you open a ticket in Guardium Insights, the corresponding case in Cloud Pak for Security Cases is created.

To customize ticketing further, in ticket templates, under anomaly type click edit.

image 12075  image 12076

You have the option here to enable automatic ticket creation, which can be defined based on the criteria of the confidence level of the anomaly.

For example, if the anomaly has a confidence level higher than 85%, a ticket is automatically created in Cloud Pak for Security Cases.                       

You have many other options here to define, for example, the short description, or description of when the ticket is created in Cases, or to have it automatically assigned to a certain group or user.

Finish editing the ticket template and click Save.

Next, let's see an example of what this integration looks like.

Locate an anomaly first.

image 12077

Return to the overview page. 

image 12078

Click view anomalies under outliers. Click the first one at the top of the list here.

image 12079

Next, click the take action dropdown and create a ticket.

image 12080

Notice this ticket is auto-populated based on the details that we defined in our ticket template for anomalies.

Click Save.

The ticket is created.

A URL link that takes you into Cloud Pak for Security Cases is provided.

image 12081

Open a new tab to see what it looks like.

image 12082

Cloud Pak for Security inside of Cases opens.

The ticket that was created in Guardium Insights is now displayed within the context of Cloud Pak for Security Cases.

Security analysts now can take this ticket and start working with it from here.

image 12083      image 12084

Document Location

Worldwide

[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSWSZ5","label":"IBM Security Guardium Insights"},"ARM Category":[{"code":"a8m0z000000Gp0cAAC","label":"CLOUD"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]

Document Information

Modified date:
11 November 2021

UID

ibm16514455

Page Feedback