SSIM and Workflow - "Better Together"


SSIM provides extensive event correlation capabilities; Workflow is a framework for creating processes.  When you combine these two technologies, you have a comprehensive solution for incident discovery, response, and management.  The main takeaway is... when SSIM creates an incident, you can AUTOMATICALLY start a Workflow to handle the incident response process and audit the process from end to end.


The following is a sequence of instructions that explain how to configure and test the provided SSIM Workflow project to work with a SSIM implementation (compatible with SSIM version 4.7.1 and higher).  Watch the following videos listed below for additional use case context.


Video 1 - Basic Connectivity

Video 2 - Basic Decisioning

Video 3 - Basic Workflow


Step 1:  Download the SSIM Workflow .package file here... Download Package File


Step 2:  Verify that you have your Workflow Designer set to use IIS and Sticky Debug URL's is turned on.  This is critical if you want to run this process in your Debugger/Simulator.  If you don't adjust these settings, you'll have to change the URL configurations every time you test your project.




Step 3:  Open the .package file



Step 4:  Configure the Project Properties - (SIM Properties & Email Properties)



Step 5:  Run the project in the simulator/debugger and invoke the Subscribe method.  Enter the URL to the Workflow project you want SSIM to start when an incident is created (start with a debug URL so you can test first).  This is a "ONE TIME" step that establishes the connection between SSIM incidents and the Workflow process.



Step 6:  Open the web.config file located in the project's resources (select the file and click the "Edit" button)



Step 7:  Edit the URL so it points to the deployed version of this project

              (*Note - for testing you can point it to the Debug URL)




Step 8:  (Testing) - Run the project in debug mode (simulator); verify that the Debug URL matches the URL you entered in the web.config file above.



Step 9:  Open the SSIM Console and create an incident manually



Step 10:  Verify that the Workflow process started in the simulator/debugger



Step 11:  Now that you've verified you have connectivity between SSIM and Workflow; build out your process by adding components after the "Get Incident Details" component.  Once complete, re-test using the same steps above.  Once the process is tested, deploy it to production and rerun the subscription method to point to your production process.  That's it, SSIM will now start your process whenever it creates an incident.  Watch the videos at the top of this page to get additional use case context.