BMC

BMC SecOps Response Service

BMC SecOps Response Service is cloud-based digital platform that can identify, analyze, and correct vulnerabilities across an enterprise computing or network environment. IT operators and security personnel can pair SecOps Response with endpoint managers such as BMC BladeLogic Server Automation, BMC Network Automation, and Microsoft Service Center Configuration Manager. Operators can generate scan files using vulnerability management tools, import those scan files into SecOps Response, map assets and vulnerabilities listed in the scan files to endpoints and remediation content managed with endpoint managers, and finally generate operations that can automatically correct vulnerabilities across the enterprise. 
Release notes
updated 16 Nov
This topic provides information about what is new or changed in this space, including new features and defects fixed.

Tip

To stay informed about changes to this space, place a watch on this page.


November 2017 Release 1

Build version: 17:11:01
Release date: November 13, 2017

What's new?

This release of SecOps Response includes fixes for the SCCM connector so that it works with legacy Active Directory environments. The release also includes fixes for better load handling.

This release also certifies proxy support for connectors that must communicate to the Internet by means of a proxy server. If your proxy setup requires authentication, note that the current configuration only supports a basic authentication mechanism. 


October 2017 Release 2

Build version: 17:10:02
Release date: November 2, 2017


What's new?

This release of SecOps Response corrects a problem that occurred when a duplicate connector of the same type was running on different machines.


October 2017 Release 1

Build version: 17:10:01
Release date: October 5, 2017

What's new?


Feature Description
Improved support for multiple distribution points in SCCM

Distribution of content in SecOps Response can now determine what distribution points are configured for a target's boundaries based on boundaries specified in Active Directory (that is, a boundary type of "AD site"). If a target is not contained within the boundaries specified by Active Directory, remediation content is pushed to all distribution points to which the user has access.

To ensure that one failing distribution point does not block distribution of content to other distribution points, an option is now available at the connector level to specify a completion percentage for content distribution. When that percentage is met, the Update Software job is created in SCCM. See Onboarding SCCM for details.

If distribution of content fails against some distribution points but not against others, the operation fails but does not block deployment to targets with distribution points that successfully received content. Thus, the operation successfully remediates as many targets as possible rather than blocking all targets because distribution has failed for one or more distribution points.

Support for more recent versions of SCCM

SecOps Response now supports Microsoft System Center 2017 Configuration Manager.



September 2017 Release 1

Build version: 17:09:01
Release date: September 11, 2017

What's new?


Feature Description
Multiple distribution points for SCCM

Remediation operations for SCCM now distribute software updates to all distribution points to which the user has access. Previously, you specified a single distribution point when onboarding a connector for SCCM. Now there is no need to specify distribution points because SecOps Response determines that automatically from the SCCM configuration.

Integrated searches for SecOps documentation and other resources

The help link at top right of SecOps Response now provides access to various BMC resources, including BMC Documentation, BMC Communities, BMC Support, and BMC Training.

The link also lets you perform a search across all BMC SecOps products. Search results can be filtered by information source, file type, and date. Searches support many types of search syntax common in Google searches.

For more information see Searching BMC documentation.

This release of SecOps Response also includes improvements and fixes to improve security.


August 2017 Release 2

Build version: 17:08:02
Release date: August 31, 2017

What's new?

Feature Description
Support for BMC Network Automation

SecOps Response now supports BMC Network Automation (BNA) as an endpoint manager. You can now use BNA to track, analyze, and remediate network vulnerabilities. SecOps Response can integrate with BNA and manage vulnerabilities in the same way that it integrates with BMC Server Automation or SCCM. Most of the capabilities of SecOps Response that are available for server vulnerability management are now also available for network management. Using SecOps Response you can:

  • Import scan files that survey a computing environment, including its network infrastructure.
  • Map network devices detected in scans to devices managed in BNA.
  • Map vulnerabilities in network infrastructure to rules for which corrective actions and grammars have been defined in BNA.
  • Remediate network vulnerabilities using corrective actions associated with networking rules.
  • View the results of network remediation operations within BNA itself or within SecOps Response.

Managing security groups that correspond to realms in BMC Network Automation

You can now import realms from BNA into SecOps Response. The realms are automatically converted into security groups. Users associated with a realm in BNA log into SecOps Response using the same credentials they used in BNA. 

You can also use the administrative tools of SecOps Response to add and delete security groups that correspond to realms in BNA.

For more information, see Managing portal security groups for BMC Network Automation.

Results for network remediation

You can view the results of network remediation operations just as you do for other types of endpoint managers such as BSA. However, users can also view the results of network remediation operations by selecting an option on the home page that opens up the appropriate results within BMC Network Automation itself.

Interface changes when connected to BMC Network Automation

When SecOps Response is connected to BNA, you will observe the following differences in behavior:

  • When using the Remediation operation wizard, there is no Notifications tab.
  • When using the Remediation operation wizard, the Scheduling tab only allows you to schedule one execution of an operation. There are no recurring operations.
  • When using the Remediation operation wizard, the Scheduling tab does not allow you to set up job approval.
  • On the home page, there is no Run Now option that lets you execute the job. You cannot re-run jobs in BNA.
Versioning of connectors

Connectors for SecOps Response are now versioned. When you log into SecOps Response as a SecOps Response administrator, a warning message appears if updated versions of connectors are available. In addition, on the Manage Connectors page, the tile representing each installed connector now shows its version number. A message appears at the bottom of a tile if an updated version is available.


This release of SecOps Response also included improvements and fixes to improve security.

 

August 2017 Release 1

Build version: 17:08:01
Release date: August 7, 2017

What's new?

Feature Description
Running the connector as a service

When you download a connector, you now install the program and it runs as a service. You can start, stop, and uninstall the connector service. Previously, connectors ran as scripts.

The procedure for installing a connector and starting the connector service has been revised. See Onboarding connectors for detailed instructions for each type of connector.

This release of SecOps Response also included improvements and fixes related to security and infrastructure monitoring.

 

 

July 2017 Release 2

Build version: 17:07:02
Release date: July 24, 2017

What's new?

Feature Description
Downloading a connector

You can now disable and enable a connector using the connector management interface. Disabling a connector stops communication between the connector and SecOps Response.

The procedure for re-downloading a connector has been modified to include disabling and enabling the connector.

This release of SecOps Response also included improvements and fixes related to security, scalability, fault tolerance and infrastructure monitoring.



July 2017 Release 1

Build version: 17:13:01
Release date: July 13, 2017

What's new?

This release of SecOps Response consisted of improvements and fixes related to security and infrastructure.


 

June 2017 Release 1

Build version: 17:06:01
Release date: June 22, 2017

What's new?

Feature Description
Active Directory location for SCCM

When using SecOps Response with SCCM, the Active Directory server can now be deployed on a server remote from the SCCM server. In older versions, both the SCCM server and the Active Directory server had to be deployed to the same machine. Both SCCM and Active Directory must still be located in the same domain. The documentation for onboarding SCCM now includes procedures that are necessary when Active Directory is remote from the SCCM server.

If you deploy Active Directory and SCCM on separate machines, you must use the latest connector for SCCM. If you are using an existing integration of SCCM with SecOps Response, there is no need to begin running the most recent connector.

This release of SecOps Response also implemented some deployment optimizations and fixes to functional defects.

 

May 2017 Release 1

Build version: 17:05:01
Release date: June 1, 2017

What's new?

This release of SecOps Response consists of security enhancements and fixes to functional defects.

 

 

April 2017 Release 1 - Initial release

Build version: 17:04:01
Release date: April 24, 2017

What's new?

The following new features are available in this release of SecOps Response. The features listed below compare SecOps Response to its predecessor, BMC BladeLogic Portal 2.2.

Feature Description
Software as a service

The functionality of SecOps Response is now delivered as a web-based service. To access the service, you must first onboard connectors to endpoint managers, which are applications such as BMC Server Automation or Microsoft Service Center Configuration Manager (SCCM). You must also onboard connectors for any external products used with SecOps Response, such as BMC Discovery. After onboarding is complete, BMC provides you with a URL to access the SecOps Response service.

Although many companies use the SecOps Response service simultaneously, each organization is considered a separate tenant. Data is never intermingled between tenants.

Support for SCCM

SecOps Response can now be paired with Microsoft Service Center Configuration Manager (SCCM) as an endpoint manager. When you are connected to SCCM, the functionality of SecOps Response is largely the same as when you are connected to BMC Server Automation. 

The main differences in functionality are:

  • Only Software Update operations are possible with SCCM. With BSA, there are several types of Remediation operations possible.
  • The options available on the Remediation operation wizard vary somewhat from the corresponding wizard for BSA.
  • Some of the filters available on dashboards differ between the two types of endpoint managers.

SecOps Response only supports server endpoints in SCCM. It does not support workstation endpoints.

New licensing system

SecOps Response employs a new mechanism for calculating licensing fees. Fees are now based on a transaction count. Transactions are vulnerabilities that are associated with a mapped asset. Each vulnerability that is found on a mapped endpoint is counted. For example, if ten vulnerabilities are found on an endpoint that is mapped to an asset in a scan file, BMC recognizes ten transactions. Similarly, if there is one vulnerability found on ten separate endpoints that have been mapped to assets in a scan file, BMC again recognizes ten transactions.

Here are some issues to understand when calculating utilization counts:

  • Duplicate vulnerabilities on the same endpoint do not increase the transaction counts.
  • The transaction count does not increase when the same vulnerability is discovered on the same endpoint in subsequent scans.
  • Transaction counts are historical. After a transaction is counted, it persists until BMC purges it.
  • Transaction counts span all the endpoint managers you are using.
  • Endpoint administrators have access to all transaction records–-not just records for the current endpoint manager.
  • If an asset is remapped to a different endpoint, the vulnerabilities associated with the old endpoint are still counted and vulnerabilities associated with the new endpoint are counted as new transactions.

Endpoint administrators can view transaction counts by exporting records of mappings. To export a list, use the License Usage tab on the Administration page.

Support for SuSE

When connected to BSA, you can now perform patch analysis and remediation operations on devices running the SuSE 11 and SuSE 12 operating system.

Data Refresh

The Data Refresh capability can now be configured from the Administration page. Data Refresh can be set up for BSA, SCCM, and BMC Discovery.

Scan import

To improve upload performance when you are importing scan files, you can now compress the files being uploaded. However, this is not a requirement. If you prefer, you can continue to upload uncompressed XML files.

BMC Network Automation SecOps Response does not currently support BMC Network Automation (BNA) as an endpoint manager. Support for BNA is planned for the near future.
Legacy BladeLogic Portal capabilities SecOps Response does not support any functionality that was available in BladeLogic Portal 2.2 other than capabilities associated with Threat Director.

Known issues?

For a list of open defects, see Open issues.

 



Using SecOps Response

Walkthroughs for SecOps Response

Walkthrough videos 

Onboarding

 

Registering with BMC and setting up connections to endpoint managers.

Configuring after onboarding

 

Configuring the product after onboarding is complete.

Using SecOps Response

 

Everything you need to know about SecOps use cases.

Troubleshooting

 

Troubleshooting configuration and usage.
FAQs and additional information

 

Frequently asked questions

 

  Do users need special permissions to access content?

Access to content is based on roles in BMC BladeLogic Server Automation (BSA) and SCCM. For BSA, each security group in SecOps Response maps to a role in BSA and grants the permissions assigned to that role. For SCCM, each security group maps to a security role in SCCM. Security groups in SecOps Response should be set up to reflect roles in BSA or SCCM rather than the other way around. 

  If I can only see my operations, how can a user on the second shift see the output of my work?

If the other user belongs to the same security group as you, that user can see the output of your work.

 

Additional information for related products

Use the following online technical documentation links for products related to SecOps Response:

Was this page helpful? Yes No Submitting... Thank you

Comments