Using the Vulnerability Dashboard

This topic provides instructions to view the vulnerability dashboard and the information each widget displays.

To view information about the missing patches, see Using the Patch Dashboard.

Viewing the Vulnerability Dashboard

Widgets on the dashboard display metrics about the assets and the vulnerabilities. You can drill down to a widget to view additional data related to the metrics. The Dashboard data refreshes every time after you import a scan, map vulnerabilities, and run remediation operations to completion. 

To view metrics based on any of the following options, select a filter, and click Apply

  • Operating System
  • Severity
  • Scan File: Lists the scan files imported in BMC Helix Automation Console and TrueSight Automation Console.  

Tip

Click PDF to download the current dashboard metrics as a PDF file.

Vulnerabilities

This widget shows the total number of vulnerabilities imported from a scan file in the Automation Console and their distribution. Vulnerabilities mapped to remediation content are displayed in the Mapped Vulnerabilities graph. Vulnerabilities mapped to remediation content and assets are displayed in the Actionable Vulnerabilities graph. 

To drill down for more information about the mapped vulnerabilities, click the bar graph. In the following image, the vulnerability names, CVE IDs, severity, and the number of impacted assets for mapped and unmapped vulnerabilities are displayed. 

To drill down for more information about the actionable vulnerabilities, click the bar graph. In the following image, the vulnerability names, CVE IDs, severity, and the number of impacted assets for actionable and non-actionable vulnerabilities are displayed. 

SLA Breakdown by Assets and Vulnerabilities

This widget shows the number of assets and vulnerabilities based on the service level agreements (SLA).

To view vulnerabilities as per the service level agreements, use the Vulnerabilities toggle button. Using this data, you can plan remediation steps based on your organizational standards. 

If assets or vulnerabilities are approaching an SLA level, they appear in Approaching SLA. Assets with a severity level other than Critical appear in Exceeding SLA (Other). Assets or vulnerabilities that have reached a critical severity appear in the Exceeding SLA (Critical) graph. 

To view the number of vulnerabilities for assets based on their SLA, click the bar graph, and then click any SLA level. 

In the following image, 10 assets are in the Within SLA bracket.  

Severity Breakdown by Assets and Vulnerabilities

This widget shows the total number of assets and vulnerabilities as per the vulnerability severity levels. To view vulnerabilities as per the severity levels, use the Vulnerabilities toggle button.

Note

Assets and vulnerabilities with different severity levels are counted as belonging to the highest level.

For example, out of 100 assets, if 10 assets have vulnerabilities with a Critical, High, and Medium severity, those 10 assets appear in the Critical bracket. If 20 assets have vulnerabilities with a High and Low severity, those assets appear in the High bracket. 

To view more information about assets or vulnerabilities based on their severity, click the bar graph and then click each severity level. 

For vulnerabilities, use the toggle button, and then click the bar graph to view more information about the severity level. 

In the following image, 5 assets are in the Critical state. 

Vulnerability by Stage

After you map vulnerabilities with remediation content, either automatically or manually, you create an operation to remediate the vulnerabilities. This widget shows the number of vulnerabilities for which an operation is created (Awaiting Execution) against the number of vulnerabilities where the operation is yet to be created (Awaiting Attention). It also shows the number of vulnerabilities for which remediation operations are created, and change request approval is pending (Awaiting Approval). 

To view more information, click the bar graph. Vulnerability name, CVE IDs, severity, and the number of impacted assets are displayed. 

Remediation trend

This widget shows a cumulative vulnerability remediation trend for the last six weeks, which includes the total number of vulnerabilities against the vulnerabilities remediated on the assets. 

This graph also shows: 

  • Average Days Awaiting Attention: Average number of days since vulnerabilities are identified and not yet remediated. 
  • Average Days Awaiting Approval: Average number of days in which a remediation operation is created with a change integration, and the change request is not yet approved. 
  • Average Days Awaiting Execution: Average number of days in which a remediation operation is scheduled but not yet executed. 
  • Average Days to Close: Average number of days it takes from identifying a vulnerability to successfully remediating it. 

To view more information, click the bar graph. The total number of vulnerabilities identified and remediated is displayed. You can also view these details:

  • Vulnerability name
  • Impacted assets
  • Scan Age: Number of days since the vulnerability is identified in the scan file by a vulnerability management tool. 
  • Severity
  • CVE IDs

Top 10 Missing Vulnerabilities

This widget shows the top ten vulnerabilities and the impacted assets on which the vulnerabilities are identified. This metric also shows the SLA level for the vulnerabilities.

Click the Impacted Assets link to see the assets and their operating system for each vulnerability. 

Top 10 Business Services at Risk

This widget shows the top ten business services or applications with a maximum number of vulnerabilities and the number of impacted assets. In BMC Helix Automation Console (SaaS) and TrueSight Automation Console (on-premises) version 20.02.01 only, this widget also shows the total number of missing patches on the impacted asset. This data is generated after patch policies run on those assets. 

BMC Discovery sends data about business services at risk to Automation Console. 

Why do I not see the Top 10 Business Services at Risk?

To view this data, you must ensure that the BMC Discovery connector is configured. For more information, see Configuring the BMC Discovery connector.

Was this page helpful? Yes No Submitting... Thank you

Comments