ManageEngine Firewall Analyzer reviews firewall logs to capture network security threats. It generates alerts upon detecting security threats and attacks, and notifies you, the security administrator, in real time. You can configure alerts to be sent via email, SMS, and more.
With these real-time notifications, you can troubleshoot to take instant remedial action. You can also make changes to your firewall policies and configurations to prevent recurring security incidents.
Why you need to track security issues
Even though real-time notifications ensure you’re able to take instant action to remediate issues, following up on why incidents occur in the first place is essential to prevent them from happening again. Preventing recurring security issues requires changes in firewall policies and configurations.
To track the policy and configuration change actions closely, you have to get the alert logged as a ticket in a help desk application. On its own, Firewall Analyzer doesn’t support help desk functionality. To track and troubleshoot security issues, Firewall Analyzer needs an integrated with a help desk application, like ManageEngine ServiceDesk Plus.
How ServiceDesk Plus handles tickets
ServiceDesk Plus manages the life cycle of IT security tickets. It helps analyze the root cause of incidents to reduce the number of repeat incidents in IT security. It streamlines planning, approval, and implementation with automated work flows and ensures that there are no unauthorized or failed changes. It also tracks and manages all configuration items and maps their relationships and dependencies.
Advantages of integrating with a help desk application
By leveraging this powerful integration, you can proactively initiate vital preventative follow-up actions, including:
-
Modifying firewall rules.
-
Pruning firewall rules.
-
Denying or restricting permissions to affected users or user groups.
-
Denying or restricting permissions to affected resources or objects.
How to integrate ServiceDesk Plus with Firewall Analyzer
You need to have an account in ServiceDesk Plus. Go to Third Party Integration in Firewall Analyzer’s Settings and enter the ServiceDesk Plus account details. Once finished, you’ll be able to create tickets for alert notifications.
How to raise a ServiceDesk Plus ticket for an alert
While creating an alert profile, choose Log a Ticket as the Template Type. Now, whenever an alert is triggered for the specified event, a ticket will automatically be sent to ServiceDesk Plus with the configured details.
Include alert details in the ticket
You can include all the information your service desk needs in the ticket, including:
-
Category – Category of the alert
-
Sub-category – Sub-category of the alert
-
Item – Alert item
-
Priority – User-set priority
-
Group – User group
-
Technician – Security team technician assigned to the ticket
-
Title – Title of the ticket
-
-
$stringseverity – $displayName
-
-
Title variables – Variables to be included in the title
-
-
Select Subject Variables
-
-
Description – Description of the alert in the ticket
-
-
Message: $message
-
Device: $displayName
-
Category: $category
-
Error Condition: $stringseverity
-
Generated at: $strModTime
-
-
Variables – Additional variables to be sent with the ticket message
-
-
Select Message Variables
-
When a ticket is raised in ServiceDesk Plus, it’s assigned to a security administrator who will initiate a workflow to follow up with an action based on the type of issue. If the action is pending for longer than a predefined amount of time, the ticket will be escalated to the security manager. This provides real-time resolution of issues and establishes effective monitoring following incidents.
Integrate ServiceDesk Plus with Firewall Analyzer to ensure easy and smooth ticket handling in your organization.