To stay informed about changes to this space, place a watch on this page.
November 2017 Release 1
Release date: November 13, 2017
This release of SecOps Response includes fixes for the SCCM connector so that it works with legacy Active Directory environments. The release also includes fixes for better load handling.
This release also certifies proxy support for connectors that must communicate to the Internet by means of a proxy server. If your proxy setup requires authentication, note that the current configuration only supports a basic authentication mechanism.
October 2017 Release 2
Release date: November 2, 2017
This release of SecOps Response corrects a problem that occurred when a duplicate connector of the same type was running on different machines.
October 2017 Release 1
Release date: October 5, 2017
|Improved support for multiple distribution points in SCCM||
Distribution of content in SecOps Response can now determine what distribution points are configured for a target's boundaries based on boundaries specified in Active Directory (that is, a boundary type of "AD site"). If a target is not contained within the boundaries specified by Active Directory, remediation content is pushed to all distribution points to which the user has access.
To ensure that one failing distribution point does not block distribution of content to other distribution points, an option is now available at the connector level to specify a completion percentage for content distribution. When that percentage is met, the Update Software job is created in SCCM. See Onboarding SCCM for details.
If distribution of content fails against some distribution points but not against others, the operation fails but does not block deployment to targets with distribution points that successfully received content. Thus, the operation successfully remediates as many targets as possible rather than blocking all targets because distribution has failed for one or more distribution points.
|Support for more recent versions of SCCM||
SecOps Response now supports Microsoft System Center 2017 Configuration Manager.
September 2017 Release 1
Release date: September 11, 2017
|Multiple distribution points for SCCM||
Remediation operations for SCCM now distribute software updates to all distribution points to which the user has access. Previously, you specified a single distribution point when onboarding a connector for SCCM. Now there is no need to specify distribution points because SecOps Response determines that automatically from the SCCM configuration.
|Integrated searches for SecOps documentation and other resources||
The help link at top right of SecOps Response now provides access to various BMC resources, including BMC Documentation, BMC Communities, BMC Support, and BMC Training.
The link also lets you perform a search across all BMC SecOps products. Search results can be filtered by information source, file type, and date. Searches support many types of search syntax common in Google searches.
For more information see Searching BMC documentation.
This release of SecOps Response also includes improvements and fixes to improve security.
August 2017 Release 2
Release date: August 31, 2017
|Support for BMC Network Automation||
SecOps Response now supports BMC Network Automation (BNA) as an endpoint manager. You can now use BNA to track, analyze, and remediate network vulnerabilities. SecOps Response can integrate with BNA and manage vulnerabilities in the same way that it integrates with BMC Server Automation or SCCM. Most of the capabilities of SecOps Response that are available for server vulnerability management are now also available for network management. Using SecOps Response you can:
Managing security groups that correspond to realms in BMC Network Automation
You can now import realms from BNA into SecOps Response. The realms are automatically converted into security groups. Users associated with a realm in BNA log into SecOps Response using the same credentials they used in BNA.
You can also use the administrative tools of SecOps Response to add and delete security groups that correspond to realms in BNA.
For more information, see Managing portal security groups for BMC Network Automation.
Results for network remediation
You can view the results of network remediation operations just as you do for other types of endpoint managers such as BSA. However, users can also view the results of network remediation operations by selecting an option on the home page that opens up the appropriate results within BMC Network Automation itself.
Interface changes when connected to BMC Network Automation
When SecOps Response is connected to BNA, you will observe the following differences in behavior:
|Versioning of connectors||
Connectors for SecOps Response are now versioned. When you log into SecOps Response as a SecOps Response administrator, a warning message appears if updated versions of connectors are available. In addition, on the Manage Connectors page, the tile representing each installed connector now shows its version number. A message appears at the bottom of a tile if an updated version is available.
This release of SecOps Response also included improvements and fixes to improve security.
August 2017 Release 1
Release date: August 7, 2017
|Running the connector as a service||
When you download a connector, you now install the program and it runs as a service. You can start, stop, and uninstall the connector service. Previously, connectors ran as scripts.
The procedure for installing a connector and starting the connector service has been revised. See Onboarding connectors for detailed instructions for each type of connector.
This release of SecOps Response also included improvements and fixes related to security and infrastructure monitoring.
July 2017 Release 2
Release date: July 24, 2017
|Downloading a connector||
You can now disable and enable a connector using the connector management interface. Disabling a connector stops communication between the connector and SecOps Response.
The procedure for re-downloading a connector has been modified to include disabling and enabling the connector.
This release of SecOps Response also included improvements and fixes related to security, scalability, fault tolerance and infrastructure monitoring.
July 2017 Release 1
Release date: July 13, 2017
This release of SecOps Response consisted of improvements and fixes related to security and infrastructure.
June 2017 Release 1
Release date: June 22, 2017
|Active Directory location for SCCM||
When using SecOps Response with SCCM, the Active Directory server can now be deployed on a server remote from the SCCM server. In older versions, both the SCCM server and the Active Directory server had to be deployed to the same machine. Both SCCM and Active Directory must still be located in the same domain. The documentation for onboarding SCCM now includes procedures that are necessary when Active Directory is remote from the SCCM server.
If you deploy Active Directory and SCCM on separate machines, you must use the latest connector for SCCM. If you are using an existing integration of SCCM with SecOps Response, there is no need to begin running the most recent connector.
This release of SecOps Response also implemented some deployment optimizations and fixes to functional defects.
May 2017 Release 1
Release date: June 1, 2017
This release of SecOps Response consists of security enhancements and fixes to functional defects.
April 2017 Release 1 - Initial release
Release date: April 24, 2017
The following new features are available in this release of SecOps Response. The features listed below compare SecOps Response to its predecessor, BMC BladeLogic Portal 2.2.
|Software as a service||
The functionality of SecOps Response is now delivered as a web-based service. To access the service, you must first onboard connectors to endpoint managers, which are applications such as BMC Server Automation or Microsoft Service Center Configuration Manager (SCCM). You must also onboard connectors for any external products used with SecOps Response, such as BMC Discovery. After onboarding is complete, BMC provides you with a URL to access the SecOps Response service.
Although many companies use the SecOps Response service simultaneously, each organization is considered a separate tenant. Data is never intermingled between tenants.
|Support for SCCM||
SecOps Response can now be paired with Microsoft Service Center Configuration Manager (SCCM) as an endpoint manager. When you are connected to SCCM, the functionality of SecOps Response is largely the same as when you are connected to BMC Server Automation.
The main differences in functionality are:
SecOps Response only supports server endpoints in SCCM. It does not support workstation endpoints.
|New licensing system||
SecOps Response employs a new mechanism for calculating licensing fees. Fees are now based on a transaction count. Transactions are vulnerabilities that are associated with a mapped asset. Each vulnerability that is found on a mapped endpoint is counted. For example, if ten vulnerabilities are found on an endpoint that is mapped to an asset in a scan file, BMC recognizes ten transactions. Similarly, if there is one vulnerability found on ten separate endpoints that have been mapped to assets in a scan file, BMC again recognizes ten transactions.
Here are some issues to understand when calculating utilization counts:
Endpoint administrators can view transaction counts by exporting records of mappings. To export a list, use the License Usage tab on the Administration page.
|Support for SuSE||
When connected to BSA, you can now perform patch analysis and remediation operations on devices running the SuSE 11 and SuSE 12 operating system.
The Data Refresh capability can now be configured from the Administration page. Data Refresh can be set up for BSA, SCCM, and BMC Discovery.
To improve upload performance when you are importing scan files, you can now compress the files being uploaded. However, this is not a requirement. If you prefer, you can continue to upload uncompressed XML files.
|BMC Network Automation||SecOps Response does not currently support BMC Network Automation (BNA) as an endpoint manager. Support for BNA is planned for the near future.|
|Legacy BladeLogic Portal capabilities||SecOps Response does not support any functionality that was available in BladeLogic Portal 2.2 other than capabilities associated with Threat Director.|
For a list of open defects, see Open issues.
Registering with BMC and setting up connections to endpoint managers.
Configuring the product after onboarding is complete.
Everything you need to know about SecOps use cases.
Troubleshooting configuration and usage.
Frequently asked questions
Access to content is based on roles in BMC BladeLogic Server Automation (BSA) and SCCM. For BSA, each security group in SecOps Response maps to a role in BSA and grants the permissions assigned to that role. For SCCM, each security group maps to a security role in SCCM. Security groups in SecOps Response should be set up to reflect roles in BSA or SCCM rather than the other way around.
If the other user belongs to the same security group as you, that user can see the output of your work.
Additional information for related products
Use the following online technical documentation links for products related to SecOps Response: