Primary Storage

 View Only

Ransomware Alerts on ServiceNow via Storage Insights

By AKSHAT MITHAL posted 6 days ago

  

Ransomware Alerts on ServiceNow via Storage Insights

Author - Akshat Mithal, akmithal@in.ibm.com

What is Storage Insights ?

IBM Storage Insights is an IBM SaaS product which tracks inventory, health and performance of All IBM Block and multi vendor controllers (EMC, Hitachi etc.), file controllers, switches, hosts etc., in 1 single pane of dashboard.

Storage Insights now Detects Real time Ransomware Threats

In 2023, IBM Storage Insights did Tech Preview of Ransomware Threat Detection feature for all Storage Virtualize systems.

These alerts and notifications are communicated using various mechanisms to Storage Admins via, instant alert on the Storage Insights dashboard, Email Alert and QRadar dashboard update.

In 1H2024, with the introduction of Flash Core Modules, FCM4's, Storage Virtualize and Storage Insights enabled capability to do real time ransomware threat detection via Storage Insights. This capability is now GA'd as well.

IBM Storage Insights is now integrated with ServiceNow as well which is one of the most widely used incident management system. This enables all IBM Flashsystem customers who are impacted by Ransomware to get instantly notified resulting in very swift corrective action by the Customer Admin teams.

Here is a snippet of how IBM Storage Insights integrates with ServiceNow and alerts users of Ransomware threat.

This is a representation of how Storage Insights is using Webhooks to send Ransowmare Alerts to ServiceNow

Mechanism of Communication - "Webhook"

IBM Storage Insights communicates with ServiceNow via Webhook notification. Webhook is an HTTP request triggered by occurrence of a specific event on the source system(Storage Insights) and it is received at the destination system(ServiceNow).

When Storage Insights detects a Ransomware Alert on an underlying Storage Virtualize system volume, it creates a webhook message resulting in a new Incident on the ServiceNow dashboard.

The webhook comprises of JSON format payload which contains

  • Storage System Details

  • Application host causing this Ransomware attack

  • Volume impacted

  • Attack Occurrence Time

This represents important payload specifics over secured Webhook between Storage Insights and ServiceNow

Steps to Integrate Storage Insights with ServiceNow.

It is a simple 2 step process for Users of Service Now:

  1. Creation of Rest API endpoint creation in ServiceNow

  2. Integration of Endpoint with-in Storage Insights

This showcase how ServiceNow is configured in Storage Insights Dashboard
There is an enhanced security between IBM Storage Insights and ServiceNow by usage of various Authentication types like API Key, Basic Auth and OAuth2.0.
                                                  
It showcase various authentication methods are available for secured Webhook connectivity to ServiceNow

ServiceNow Dashboard Views

Here is a snapshot of how All incidents reported from Storage Insights would reflect on the ServiceNow Incidents Dashboard.

This showcase listing of all Ransomware Threats detected by Storage Insights on ServiceNow Dashboard page

Detailed View of an Incident reported by Storage Insights

Here is how an Incident details look like. It captures all details related to the incident like Volume ID, System details, Host ID hosting application, Event occurrence time etc.

This represents incident details on ServiceNow dashboard with all payload from Storage Insights

This function is available to ONLY Storage Insights Pro users.

All Spectrum Control and Expert Care Premium license users are Auto entitled for Storage Insights Pro Access

We have a demo instance available for anyone who wants to give it a try - https://demo.insights.ibm.com

References:

IBM Storage Insights documentation - https://www.ibm.com/docs/en/storage-insights

Storage Insights Product Page - https://www.ibm.com/products/storage-insights

Youtube Channel - https://www.youtube.com/@StorageGuru

Author is Quality Architect for Storage Insights and Spectrum Control and has close to 20 years of Storage Industry Experience.

0 comments
6 views

Permalink