Documentation update

   

To provide a better user experience, we have now created a separate documentation space for Helix Vulnerability Management.
Users of Helix Vulnerability Management (includes BMC Helix Automation Console) can find the latest documentation at BMC Helix Vulnerability Management .

20.08 enhancements

This topic describes the enhancements in this version of 

Enhanced connector configuration experience in TrueSight Automation Console

In earlier versions, after installing the product, an administrator would configure the TrueSight Orchestration and BMC Discovery connectors using the REST API. In this release, after installing TrueSight Automation Console, an administrator can configure those connectors using the new Manage Connectors page. 

The TrueSight Server Automation connector is configured during installation and appears in the Running state on the Manage Connectors page. You can update the Server Automation host details, service account, or data refresh interval by editing the connector. Therefore, the Administration > Service Account page is not required anymore and has been removed from this release. 

For more information, see Managing connectors.



Collecting diagnostic information in TrueSight Automation Console

You can now collect diagnostic information such as logs and configuration files for the TrueSight Automation Console (on-premises) services in a zipped file by running a command using the Stack Manager. For this, a zip library must be created on the host where the application is installed. 

For more information, see Collecting diagnostic information



Remediating missing patches and vulnerabilities from the dashboard 

You can now create a remediation operation for missing patches directly from the Patch Dashboard page. After filtering the data for a patch policy, you can click Remediate to open the Create Operation page. 

The Remediate option is also available when you drill down to the Patch Compliance widget and select a policy. 

For details, see Using the Patch Dashboard.

For all actionable vulnerabilities, you can now create a remediation operation directly from the Vulnerability Dashboard page. The Remediate option takes you to the Create Operation page with selected actionable vulnerabilities. You can also filter and choose more vulnerabilities while creating the operation. 

The Remediate option is also available when you drill down to the Vulnerabilities widget to view the Actionable Vulnerabilities. 

For details, see Using the Vulnerability Dashboard.



Dashboard enhancements

The Patch and Vulnerability Dashboard are enhanced with the following enhancements. 

Patch Dashboard enhancements

The following image shows the enhancements in the Patch Dashboard:

  1. New Risk Score and Risk Owner filters – Filters data on the dashboard. 
  2. New Missing Patches by Stage widget – Shows the total number of missing patches by stage. If an operation is created for the missing patches, the different stages are Awaiting ExecutionAwaiting Attention, and Awaiting Approval
  3. New Top 10 Business Services at Risk widget – Shows the top 10 business services or applications with the maximum number of missing patches and impacted assets.
    You see this information only if the BMC Discovery connector is configured.
  4. New Top 10 Risk Owners widget – Shows the number of missing patches that are owned by the top ten security groups and the impacted assets.
  5. The Remediation Trend widget – Shows a trend for the past 13 weeks. In earlier versions, this widget showed data for the past six weeks. A new Average Days Awaiting Approval graph shows data for the average number of days for which a change request is pending approval for a patch operation. 
  6. The Asset Distribution by Severity widget – This is renamed to Asset Distribution by Risk Score.

For details, see Using the Patch Dashboard.

Vulnerability Dashboard enhancements

The following image shows the enhancements in the Vulnerability Dashboard:

  1. New Marked as Exception stage on the Vulnerabilities by Stage widget – Shows the number of vulnerabilities for which an exception is created.
  2. New Top 10 Risk Owners widget – Shows the number of vulnerabilities that are owned by the top ten security groups and the impacted assets.
  3. The Remediation Trend widget – Shows a trend for the past 13 weeks. In earlier versions, this widget showed data for the past six weeks. 

For details, see Using the Vulnerability Dashboard.



Support for auto-import of scan files from Nessus

Typically, you export a scan file from any of the supported vulnerability scanning systems, and then import the scan file in Automation Console. With this release, you can automate the process of exporting scan files from Nessus and importing them in to Automation Console, by integrating with TrueSight Orchestration.

For details, see Use case: Automatically importing vulnerability scan files.



Exceptions for vulnerabilities

You can now create exceptions to exclude vulnerabilities on assets for a selected period. When you create a remediation operation, vulnerabilities that are a part of an exception are not displayed. Creating exceptions lets you exclude a set of vulnerabilities for a particular duration, and then remediate them later. This ensures that an operation is not created for these vulnerabilities due to human error. Exceptions can also be created when assets are going to be decommissioned, and hence can be left out of the remediation process. 

Administrators can create exceptions and operators can only view the details of the exceptions created in their environment. 

For details, see Working with exceptions.



Enriching scanned asset information using tags

On the Scanned Assets page, you can now add tags to the assets imported from a vulnerability scan file. While creating a vulnerability remediation operation, you can also choose assets based on the tags. For details, see Working with assets



Support for vulnerability management for additional operating systems

You can now import scanned asset data for the following operating systems in addition to Microsoft Windows and Red Hat Enterprise Linux:

  • IBM AIX
  • HP-UX
  • Solaris
  • CentOS
  • SuSE
  • Ubuntu
  • Debian
  • Oracle Enterprise Linux (OEL)

You can create vulnerability operations for assets with the newly supported operating systems only if the remediation content type is NSH script or BLpackageDeploy.



Noise reduction for missing patches and vulnerabilities

If the vulnerabilities and missing patches affect the same assets, and if the remediation content is common to both, then the vulnerability remediation operation also remediates the missing patches. This saves time and effort and ensures that the number of risks is reduced. 

For details, see Operations.



Filters for Risk Score, Risk Owner, and Risk Tags

A risk score is a range of numeric values, similar to severity, which you can change for the risks identified on the assets. A risk owner is the security group who owns vulnerabilities or missing patches. By default, the risk owner is the security group who has imported a scan file (for vulnerabilities) or created a patch policy (for missing patches).

The Risk Owner and Risk Score filters are available as advanced search filters on the following pages :

  • Assets > Managed Assets
  • Assets > Scanned Assets
  • Risks > Missing Patches
  • Risks > Vulnerabilities
  • Operation for vulnerabilities: Select vulnerabilities using these filters. 
  • Patch Dashboard
  • Vulnerability Dashboard

The Risk Tag filter is available as an advanced search filter on the following pages:

  • Risks > Missing Patches
  • Risks > Vulnerabilities
  • Operation for vulnerabilities: Select vulnerabilities using this filter.

You can modify or update the risk score, risk owner, and risk tags using the API endpoint: PATCH/api/v1/violations. 

For details, see Using REST API.



REST API updates

With this release, the following changes are made to the REST APIs:

  • A REST API request expires after 15 minutes. After this, you must generate the authentication token again.
  • The Login APIs are changed from the previous release. If you have used these APIs for any automated tasks, update your code as per the latest APIs.

For more information, see Using REST API.



User experience enhancements

This release also provides several changes to the existing features that improve your experience with the product:

FeatureEnhancementsSee topic
Assets
  • You can now export data from the Assets > Managed Assets and Assets > Scanned Assets pages to a CSV file.
  • A new Business Services column on the Assets > Discovered Assets page shows the business services at risk.
  • On the Assets > Scanned Assets page, you can select up to 10 tags to be displayed using Display Tags.
Working with assets
Risks
  • On the Risks > Vulnerabilities page, when you click the Remediation link against any vulnerability, a dialog box displays details such as the remediation content type, path, fix available, and assets for which this remediation content is selected. 
Working with risks
Operations
  • Child operations for a vulnerability operation are now available in a collapsible menu. When you expand a parent operation, actions for running a child operation immediately (Execute Now) or deleting (Remove) are also available.
  • Deleting a parent operation also deletes its child operations, which eliminates the need to manually delete each child operation.
  • On the Operation Results page, you no longer see the time spent while the operation is in progress. After the operation is complete, the total duration is displayed.
Working with operations
Patch Policies
  • While adding a patch policy, you can select a catalog only if the catalog Sync Status is Complete. If the catalog sync status is Failed or In-Progress, the catalog cannot be selected.
  • On the Policy Results page, you no longer see the time spent while the policy run is in progress. After the policy run is complete, the total duration is displayed.
Working with patch policies
Import

On the Manage > Import page, you can import a scan file up to 1 GB.

Scans
Catalogs
  • When you add, edit, or enable a catalog in Automation Console, on the Administration > Manage Catalogs page, a new column, Sync Status shows the synchronization status with TrueSight Server Automation. In addition, in the Last Updated column, a green (tick) shows that the last update is successful. A (error) indicates that there is a problem and the catalog is not updated. 
  • While creating a patch policy, you can select a catalog only if the Sync Status is Complete.
Working with catalogs
SLAThe SLAs on the Administration > Manage Service Level Agreements page are based on Risk Score.Service Level Agreements
Security GroupsA new Browse option on the Administration > Security Group page enables you to select the Default Depot Path and the Default Job Path for storing the depot items and jobs.Working with security groups
Was this page helpful? Yes No Submitting... Thank you

Comments