Ivanti Security Operations Service...
Enterprise Service Management content for Security Operations applicable for existing as well as new Cloud & On-Premise customers. This package upgrades Customers to Security Operations Content delivered with 2020.3 release.
What's new in Security Operations Content?
Integration for Ivanti Service Manager and Splunk Enterprise for creation of Security Incident in ISM: Ivanti have developed an integration for ISM and Splunk to provide an alert action for using the ISM REST API to create a Security incident in Ivanti Service Manager. To configure an alert action to generate a Security Incident, check the appropriate checkbox when configuring the alert action. This will cause the Technology Add-On to create an instance of the new (2020.3) Security Incident business object. Please refer Ivanti Service Manager Add-On for Splunk for more information.
Security Specific Roles & Dashboards: Security specific roles such as Chief Information Security Officer, Security Administrator, Security Manager, Security Analyst are added. Dashboards for Chief Information Security Officer , Security Manager, Security Analyst specific to security are added
Security Incident Management: Security related incidents such as Data Breach, Malware, Phishing Attack, Vulnerability Issues etc can be raised as Security Incident. Each Security Incident has their own pre-defined workflow template associated. Once Security Incident is submitted, workflow triggers and necessary tasks for various Security Teams will added. Below are the new pre-defined security incident templates added
i. Report a Data Breach
ii. Report a Policy Violations
iii. Report a Stolen or Lost Device
iv. Report Phishing
Confidential Security Incidents: Security Incidents can be confidential w.r.t Employees. Security Incidents can be visible to only specific employees if “Is Confidential” check box is checked
Security Reports: Reports specific to Security Incidents are added. Below are the newly added reports
i. Open High Priority Security Incidents
ii. Open Security Incidents by Category
iii. Open Security Incidents by Team
iv. Security Incidents SLAs by Assigned User
v. Security Incidents Opened last month by Category
vi. Security Incidents Opened this month by Category
vii. Security Incidents with breached SLA
Security Knowledge Base: Security Teams can make use of Security Knowledge base workspace where Security related articles can be added and published
Security Announcements: Security related announcements can be sent through Security Announcements workspace
Security Related Request Offerings: Below are the newly created security related request offerings
i. Request a Vulnerability Assessment Report
ii. Request an Offsite Hostname
iii. Request for an IP Address Whitelisting
iv. Request for Data
v. Request for Security Services
It is recommended to import content package by navigating to Admin UI-> Package import option. Once package is applied with validation, package will be applied successfully without any errors. It is recommended to apply package on STG tenant and execute necessary tests before applying the package on UAT/PRD tenant. For any issues or concerns, please log a ticket with Ivanti Support team.
Note: It is advised to perform customization only after the content package is applied to avoid any errors/warnings.