Working with Security Operations Management

Version: 2023.4

Ivanti Neurons for ITSM Enterprise includes the following applications as part of the solution package:

•Neurons for Facilities

•Neurons for GRC

•Neurons for HR

•Security Operations Management

•Neurons for PPM

Minimum platform version requirements

Existing Ivanti Neurons for ITSM 2023.4 or a new installation of Neurons for ITSM Enterprise.

Installation and Configuration

New Customers

When installing ITSM 2023.4 or later, all the applications (HR, Facilities, GRC, SOM, PPM) are installed too. Customers do not have to do anything with respect to installation.

•Customers without Neurons for ITSM Enterprise licensing: The applications are disabled by default and will not be enabled.

•Customers with Neurons for ITSM Enterprise licensing: The applications are disabled by default but Ivanti Professional Services Organization (PSO) will enable them for these customers.

Existing or On-premises Customers

•Existing ITSM customers who were onboarded pre-2023.4 and wish to upgrade to Neurons for ITSM Enterprise will need to contact Ivanti Professional Services Organization (PSO) to do the install/upgrade. Cloud customers can opt in to automatic updates if desired.

•On-prem customers will need to ask Ivanti Professional Services Organization (PSO) to install/upgrade.

About

With the IvantiSecurity Operations Management capabilities, security incidents of your organization such as theft, data breach, phishing, and policy violation are addressed in a structured manner with automated workflows. It also helps employees to easily report security incidents, and request for security services.

Ivanti Security Operations Management converts an Event to a Group Business Object, and creates Network and Security Event types under the new Event Business Object. This gives you more flexibility in integrating an Event with other systems.

The software integrates with RiskSense and uses an API call to import Network and Security Events. You can also create new Network and Security Events. and create Incidents or Changes to help manage your events. Track unmanaged devices on a dashboard and integrate with Atlassian Jira Software. and Azure DevOps to automatically create issues.

Features

•The following scripts are included in the software:

•RiskSense - CIs by Security Event

•RiskSense - Create Security Events

•RiskSense - Security Event Details

•Risk-Based Vulnerability Management (RBVM) Integration Using Export API

These scripts have been updated for Security Operations Management 2023.1. If you have already installed an older version of Security Operations Management, the previous scripts (RiskSense Integration, RiskSense Integration -Get CIs, RiskSense Integration - Link CI to Ransomware Incident) will not be overwritten.

•RiskSense Integration Schedule: Set the start and end times to run the scripts above. See Creating a Schedule in About the Schedule Entry and Scheduled Jobs Workspaces.

See Creating a Scheduled Workflow in Using Workflows.

•Unmanaged Device Dashboard Special Part: Use this to track unmanaged devices on a dashboard. It isn't tied to a dashboard, so you can add it to any existing dashboard. See Using Special Parts in Using the Dashboard Center.

•Integration with the Jira Service Desk Connector: The RiskSense integration works with the Jira Service Desk Connector (part of the Ticket Sharing and Synchronization package). The Jira Service Desk Connector is a separate package that you can find in the Ivanti Marketplace. See Jira Service Connector for Ivanti Automation.

Important: Some content, such as pick list values, is locked to preserve system functions. Locked content is designated by a padlock icon in the Configuration console. You can duplicate locked content and then edit it.

If you're not currently using the Event Business Object, we recommend you delete the demo data from the package import before you use this software. This makes it easier to find events that you create or import. There are 2000+ demo records.

To delete demo data:

1.Open the Event workspace.

2.From the list view, change the Page Size to 100.

3.Highlight all events on the page, and then select Delete.

4.Repeat steps 2-3 for all pages.

User Roles

The following user roles are available in Security Operations Management. Each user role has different capabilities, roles and responsibilities:

•Chief Information Security Officer

•Security Administrator

•Security Analyst

•Security Manager

What's New

Security Operations Management offers the following enhancement for 2023.4:

•Use the new Risk-Based Vulnerability Management (RBVM) Data Connector integration to import event data from your RBVM client. The RBVM Data Connector is easy to configure, with no requirement to edit scripts. It also removes limitations on the number of records you can import into Neurons for ITSM. You can set filters on the data import, and set schedules to run the connector. The imported data is automatically turned into new Events and Security Incidents in ITSM. See Configure the RBVM Data Import Connector to Import RBVM Events.