Ivanti Security Operations Service...
Enterprise Service Management content for Security Operations applicable for existing as well as new Cloud & On-Premises customers. This package upgrades Customers to Security Operations Content delivered with 2020.4 release.
- Ivanti Service Manager
- Ivanti Service Manager with Asset Manager
NOTE: This content is not applicable to customers who only own Ivanti Asset Manager
What's new in Security Operations Content?
Integration for Ivanti Service Manager and Splunk Enterprise for creation of Security Incident in ISM: Ivanti have developed an integration for ISM and Splunk to provide an alert action for using the ISM REST API to create a Security incident in Ivanti Service Manager. To configure an alert action to generate a Security Incident, check the appropriate checkbox when configuring the alert action. This will cause the Technology Add-On to create an instance of the new (2020.3) Security Incident business object. Please refer Ivanti Service Manager Add-On for Splunk for more information.
Security Specific Roles & Dashboards: Security specific roles such as Chief Information Security Officer, Security Administrator, Security Manager, Security Analyst are added. Dashboards for Chief Information Security Officer , Security Manager, Security Analyst specific to security are added
Security Incident Management: Security related incidents such as Data Breach, Malware, Phishing Attack, Vulnerability Issues etc can be raised as Security Incident. Each Security Incident has their own pre-defined workflow template associated. Once Security Incident is submitted, workflow triggers and necessary tasks for various Security Teams will added. Below are the new pre-defined security incident templates added
i. Report a Data Breach
ii. Report a Policy Violations
iii. Report a Stolen or Lost Device
iv. Report Phishing
Confidential Security Incidents: Security Incidents can be confidential w.r.t Employees. Security Incidents can be visible to only specific employees if “Is Confidential” check box is checked
Security Reports: Reports specific to Security Incidents are added. Below are the newly added reports
i. Open High Priority Security Incidents
ii. Open Security Incidents by Category
iii. Open Security Incidents by Team
iv. Security Incidents SLAs by Assigned User
v. Security Incidents Opened last month by Category
vi. Security Incidents Opened this month by Category
vii. Security Incidents with breached SLA
Security Knowledge Base: Security Teams can make use of Security Knowledge base workspace where Security related articles can be added and published
Security Announcements: Security related announcements can be sent through Security Announcements workspace
Security Related Request Offerings: Below are the newly created security related request offerings
i. Request a Vulnerability Assessment Report
ii. Request an Offsite Hostname
iii. Request for an IP Address Whitelisting
iv. Request for Data
v. Request for Security Services
Vendor Enhancement: New “Category” field is added on Vendor Workspace which differentiates between Security Vendors and other vendors. Security roles can add Security specific vendors
Rapid7 InsightVM Integration: Rapid7 InsightVM Security Tool is a vulnerability scanner and management system where it scans the assets for vulnerabilities.Data displayed in Rapid7 InsightVM will be retrieved and stored in ISM on daily basis once configuration is done.Security Incident will be created in ISM for critical vulnerabilities of the assets fetched from Rapid7 InsightVM tool. Once security Incident is created in ISM, security team can work to resolve and close the incident. Workspaces named as Site Configuration, Discovered Assets and Vulnerabilities are also added.
New dashboards are also added with this integration i.e - InsightVM Discovered Assets Dashboard,InsightVM Vulnerability Management Dashboard and InsightVM Security Incidents Dashboard
Creation of Security Incident based on End of Life of the Software: If End of Life of Licensable software value is less than or equal to 30 days (calculated from current date), then security incident will be created automatically with source value as “Software License Management”. Hence, Security teams can work on the created Security incident(s).
It is recommended to import content package by navigating to Admin UI-> Package import option. Once package is applied with validation, package will be applied successfully without any errors. It is recommended to apply package on STG tenant and execute necessary tests before applying the package on UAT/PRD tenant. For any issues or concerns, please log a ticket with Ivanti Support team.
Note: It is advised to perform customization only after the content package is applied to avoid any errors/warnings.
To use these solutions, first download and install the unpackager tool from here. Once you’ve found a solution you’re interested in, just download it and use the unpacking tool to open up the solution and use it.