Use case: Remediating vulnerabilities
This topic provides instructions on how to identify and remediate vulnerabilities.
What do I need to get started?
- A user account with privileges to access either BMC Helix Automation Console or TrueSight Automation Console.
You do not require administrative privileges for this use case.
- An administrator must have imported patch catalogs from TrueSight Server Automation.
- An administrator must have defined Service Level Agreement deadlines and warning thresholds.
- Results of a vulnerability scan in a supported file format.
For details about the vulnerability scanning tools and supported formats, see Scans.
How to identify and remediate?
This topic describes the steps to identify and remediate vulnerabilities.
1. Import a vulnerability scan results file.
For details, see Working with scans.
2. View asset details, and if required, manually map each asset.
After you import a scan file, assets are automatically mapped to endpoints in the endpoint manager, and the results appear on the Assets > Scanned Assets page and on the Vulnerability Dashboard.
On the Scanned Assets page, you can view these results:
- Assets imported from a scan, automatically mapped to endpoints
- Number of vulnerabilities identified for each asset
- Host name, IP address, and operating system of each asset
- Vulnerability management scanning tool that has scanned the assets
If assets are not mapped automatically, manually map each asset.
For details, see Working with assets.
The Vulnerability Dashboard provides a graphical view of the assets and vulnerabilities imported from a scan file. On the dashboard, you can view these results:
- Total number of vulnerabilities and number of mapped and actionable vulnerabilities
- Number of impacted assets by Service Level Agreement levels
- Number of impacted assets by severity
- Number of vulnerabilities by their remediation stages
- Vulnerability remediation trend for the last six weeks
- Top 10 identified vulnerabilities and the number of impacted assets for every single vulnerability
The following figure shows the asset and vulnerability data on the Vulnerability Dashboard.
For details, see Using the Vulnerability Dashboard.
3. View vulnerability results, and if required, manually map each vulnerability with remediation content.
After you import a scan file, vulnerabilities are automatically mapped to remediation content, which includes patches, NSH scripts, or deploy jobs. The results appear on the Risks > Vulnerabilities page.
On the Vulnerabilities page, you can view these results for each vulnerability:
- Vulnerability name, ID, source, and severity
- CVE IDs associated with vulnerabilities
- Mapping status, whether mapped or unmapped, with remediation content
- Remediation content
- Number of impacted assets for each vulnerability
If vulnerabilities are not mapped to remediation content automatically, manually map each vulnerability.
For details, see Working with risks.
4. Create an operation to remediate vulnerabilities.
For details, see Working with operations.