Configuring advanced settings

In certain circumstances, you may want to configure the underlying infrastructure of SecOps Response to improve its performance or to make other types of low-level modifications. 

Below is a list of infrastructure issues you may encounter and the recommended response. This page describes all of these actions.

IssueSuggested response

The SecOps Response Dashboard is exhibiting poor performance.
You are using Vulnerability Manager to examine a large number of records. (A vulnerability on a server is one record. Ten vulnerabilities on two servers equals 20 records.) 

Increase memory (that is, heap size) for the DCA Index Server. See Increasing the maximum and minimum heap size for the Elasticsearch server.

When importing scan files, I want to import larger file sizes. 

Increase the size limit for scan files being imported. To ensure best performance, the size of scan file imports are limited. An administrator can increase that limit.

When importing Rapid7 scan files, I want to change how vulnerabilities are categorized (such as severity 4 or 5). You can customize the scheme used for categorizing vulnerabilities into severity levels.
The Elasticsearch server is using an HTTP port for monitoring purposes. For security reasons you want to close that port.See Disabling or enabling HTTP traffic with the Elasticsearch server.

I want to view the results of network remediation operations within SecOps Response.

Although you can enable the display of network remediation results within the UI, be aware that there may be performance issues.
The Activity Status window is showing too much information.You can configure how long the Activity Status window displays information.

Increasing the maximum and minimum heap size for the Elasticsearch server

If the performance of the Elasticsearch server degrades as it handles larger quantities of data, you can allocate more memory using the following procedure. The procedure sets the maximum and minimum amount of heap for the Elasticsearch server to be the same. This configuration prevents problems with heap being swapped out.

By default the maximum and minimum heap sizes are set to 8 GB. Do not allocate more than 32 GB of memory to the Elasticsearch server.

Before you begin

Ensure that you have downloaded and extracted the Stack Manager tool (TSVM<versionNo>-SM-LIN64.zip) from BMC Electronic Product Distribution (EPD).

To increase the maximum and minimum heap size for the Elasticsearch server

  1. Open the following file for editing: <TSVM_INSTALL_DIR>/elasticsearch/infra-ext/es/DCAIndexService/bin/elasticsearch.in.sh

    • (Linux): <install_location>/portal/DCAIndexService/bin/elasticsearch.in.sh
    • (Windows):  <install_location>\portal\DCAIndexService\bin\elasticsearch.in.bat
  2. In the file, search for this string: set ES_MIN_MEM
    You should see an entry like the following:

    if "%ES_MIN_MEM%" == "" (
    set ES_MIN_MEM=8g
    )

    if "%ES_MAX_MEM%" == "" (
    set ES_MAX_MEM=8g
    )

  3. Modify this entry by changing the memory setting to the value you want. For example, in the entry shown above, both values set to 8g. When performing these edits, make sure ES_MIN_MEM and ES_MAX_MEM are set to the same value. 

  4. Save the file.
  5. On the Elasticsearch server, navigate to the TSVM<versionNo>-SM-LIN64/truesight-sm directory.
  6. Restart the Elasticsearch (DCA Index) service using the following commands:

    python truesight-sm.py stop --deployment elasticsearch
    python truesight-sm.py start --deployment elasticsearch
    • (Windows): From the Windows Control Panel on the portal server, select Administrative Tools > Services. Find and right-click the BMC DCA Index Service 1.7.3 (DCAIndexService) service, and then select Restart.
    • (Linux): On the portal server, enter the following commands:
      /etc/init.d/DCAIndexService stop
      /etc/init.d/DCAIndexService start
                


           

  7. On the application server, navigate to the TSVM<versionNo>-SM-LIN64/truesight-sm directory.

  8. Restart the SecOps Response services:

    python truesight-sm.py stop --deployment application
    python truesight-sm.py start --deployment application
    • (Windows): From the Windows Control Panel on the portal server, select Administrative Tools > Services. Find and right-click the BladeLogic Portal service, and then select Restart
    • (Linux): On the portal server, enter the following command: /etc/init.d/BladeLogic_Portal restart

Changing the maximum file size to be imported

Use this procedure to increase the size limit for scan files being imported. BMC recommends the maximum file size be no larger than 1 GB.

Before you begin

Ensure that you have downloaded and extracted the Stack Manager tool (TSVM<versionNo>-SM-LIN64.zip) from EPD.

To change the maximum file size to be imported

  1. Open the bmc-config.json file for editing.
    Typically, this file resides at <TSVM_INSTALL_DIR>/application/app/vulnerability-management-portal/data/configuration.
  2. In the file, search for the appropriate section. The term you search for varies depending on whether you are working with Qualys, Nessus, or Rapid7 files:
    • Qualys: Search for the section that includes QualysConfigManager. That section appears as follows:

      "com.bmc.dcaportal.vulnerability.core.QualysConfigManager": {

          "qualys.management.max.file.size" : 1024

          },

    • Nessus: Search for the section that includes NessusConfigManager. That section appears as follows:

      "com.bmc.dcaportal.vulnerability.core.NessusConfigManager": {

           "nessus.management.max.file.size" : 1024

          },

    • Rapid7: Search for the section that includes Rapid7ConfigManager. That section appears as follows:

      "com.bmc.dcaportal.vulnerability.core.Rapid7ConfigManager": {

           "rapid7.management.max.file.size" : 1024

          },

  3. In the sections for Qualys, Nessus, or Rapid7, enter a maximum file size for the appropriate file sources by modifying the following entry:

    "<file_source>.management.max.file.size" : 1024

    <file_source> must be Qualys, Nessus, or Rapid7.
    BMC recommends that the maximum file size be no larger than 1 GB (or 1024 MB). 

  4. Save bmc-config.json.
  5. Navigate to the TSVM<versionNo>-SM-LIN64/truesight-sm directory, restart the SecOps Response services:

    python truesight-sm.py stop --deployment application
    python truesight-sm.py start --deployment application

Changing how Rapid7 vulnerabilities are categorized

Before you begin

Ensure that you have downloaded and extracted the Stack Manager tool (TSVM<versionNo>-SM-LIN64.zip) from EPD.

To change how Rapid7 vulnerabilities are categorized

Use this procedure to change how Rapid7 vulnerabilities are categorized as they are imported into SecOps Response.

  1. Open the bmc-config.json file for editing.
    Typically, this file resides at <TSVM_INSTALL_DIR>/application/app/vulnerability-management-portal/data/configuration..
  2. In the file, search for Rapid7ConfigManager. That section appears as follows:

    "com.bmc.dcaportal.vulnerability.core.Rapid7ConfigManager": {

       "rapid7.management.max.file.size" : 1024
       "severity.normalization.1" : "1,2",
       "severity.normalization.2" : "3,4",
       "severity.normalization.3" : "5,6",
       "severity.normalization.4" : "7,8",
       "severity.normalization.5" : "9,10"
       },
  3. Provide the following values, as necessary:

    OptionExplanation
    severity.normalization.1
    severity.normalization.2 severity.normalization.3 severity.normalization.4 severity.normalization.5

    Lets you customize how the severity of vulnerabilities imported from Rapid7 into SecOps Response are categorized. The previous step shows the default scheme used for data imported from Rapid7. If you prefer to categorize data using a different scheme, adjust these entries accordingly.

  4. Save bmc-config.json.
  5. Navigate to the TSVM<versionNo>-SM-LIN64/truesight-sm directory, restart the SecOps Response services:

    python truesight-sm.py stop --deployment application
    python truesight-sm.py start --deployment application

Disabling or enabling HTTP traffic with the Elasticsearch server

The Elasticsearch server uses an HTTP port for monitoring purposes. If you do not want to leave an HTTP port open for security reasons, use this procedure to disable HTTP traffic with the Elasticsearch server.

Before you begin

Ensure that you have downloaded and extracted the Stack Manager tool (TSVM<versionNo>-SM-LIN64.zip) from EPD.

Note

The HTTP port must be enabled if you are using the web-based front end to perform a data restore procedure for the Elasticsearch server or to configure a cluster of Elasticsearch server.

  1. Open the elasticsearch.yml file for editing.
    Typically, this file resides at <TSVM_INSTALL_DIR>/ infra-ext/es/DCAIndexService/config.
  2. Take one of the following actions:
    • To disable HTTP traffic:
      1. In the file, search for a line that includes http.enabled.
        The line should be commented out. 
      2. Remove the comment from the line so it reads:
        http.enabled: false
      3. Find the following line:
        http.port: 9200
      4. Comment out the line so it reads:
        #http.port: 9200 
    • To enable HTTP traffic:
      1. In the file, add a comment in front of the line that says:
        http.enabled: false
        The line should now read:
        # http.enabled: false
      2. Find the following line and remove the comment so it reads:
        http.port: 9200

  3. Save elasticsearch.yml.
  4. On the Elasticsearch server, navigate to the TSVM<versionNo>-SM-LIN64/truesight-sm directory.

  5. Restart the Elasticsearch (DCA Index) service using the following commands:

    python truesight-sm.py stop --deployment elasticsearch
    python truesight-sm.py start --deployment elasticsearch
  6. On the application server, navigate to the TSVM<versionNo>-SM-LIN64/truesight-sm directory.
  7. Restart the SecOps Response services:

    python truesight-sm.py stop --deployment application
    python truesight-sm.py start --deployment application

Enabling display of network remediation operation results

By default, you cannot view job results for network remediation operations within SecOps Response. Instead, you must view detailed results within TrueSight Network Automation itself. However, you can configure the SecOps Response so it does display results for network remediation operations.

Note

Be aware that performance may be an issue when using this configuration to view network remediation operation results. 

Before you begin

Ensure that you have downloaded and extracted the Stack Manager tool (TSVM<versionNo>-SM-LIN64.zip) from EPD.

To enable display of network remediation operation results

  1. Open the bmc-config.json file for editing.
    Typically, this file resides at <TSVM_INSTALL_DIR>/application/app/vulnerability-management-portal/data/configuration.
  2. In the file, search for elementmanager.bna
  3. Insert this entry beneath elementmanager.bna: "showBNAResultsInPortal":"true". The elementmmanager.bna section appears as shown below:

    "elementmanager.bna": {
            "type":"BNA",
            "host":"myserver.com",
            "port":"443",
            "protocol":"https",
            "user":"sysadmin",
            "role":"Default",
            "adminUser":"sysadmin",
            "adminRole":"Default",
     "showBNAResultsInPortal":"true"
    }
  4. On the application server, navigate to the TSVM<versionNo>-SM-LIN64/truesight-sm directory.
  5. Restart the SecOps Response services:

    python truesight-sm.py stop --deployment application
    python truesight-sm.py start --deployment application

Configuring display of information in the Activity Status window

Using the bmc-config.json file, you can configure how long information is displayed in the Activity Status window.

Before you begin

Ensure that you have downloaded and extracted the Stack Manager tool (TSVM<versionNo>-SM-LIN64.zip) from EPD.

To configure display of information in the Activity Status window

  1. Open the bmc-config.json file for editing.
    Typically, this file resides at <TSVM_INSTALL_DIR>/application/app/vulnerability-management-portal/data/configuration.
  2. In the file, search for ActivityService. The ActivityService section appears as shown below:

    "com.bmc.dcaportal.dcaportalprovider.activity.ActivityService": {
       "activityMonitorInterval": "86400",
       "activityExpirationTime": "2592000"
    }
  3. Provide the following values, as necessary:

    OptionExplanation
    activityExpirationTimeSpecifies the time period, in seconds, after which information in the Activity Status window expires. By default, this value is set to 30 days (in seconds).
    activityMonitorInterval 
    Specifies how frequently the Activity Status page checks for expired content. Content expires when it is older than the value of activityExpirationTime. Set the value of activityMonitorInterval in seconds. By default, the value is set to 24 hours (in seconds).
  4. On the application server, navigate to the TSVM<versionNo>-SM-LIN64/truesight-sm directory.
  5. Restart the SecOps Response services:

    python truesight-sm.py stop --deployment application
    python truesight-sm.py start --deployment application


Enabling automatic imports of scan data

To enable automatic importing of scan data, a configuration process is required. However, in addition to that process, the capability to import scan data must also be enabled. Typically, this capability is enabled during installation, but you may decide to enable automatic imports sometime after installation. In that situation you must perform the following procedure to enable the capability. After the procedure is complete, perform the configuration procedure described in Setting up a scanner connection

  1. Open the bmc-config.json file for editing.
    Typically, this file resides at <install_location>/portal/configuration/bmc-config.json.
  2. In the file, search for data.refresh.bsa
  3. In the data.refresh.bsa entry, make sure the isScanImporter option is set to true, as shown below:

    "data.refresh.bsa": {
            "connections":[{
                   "user": "BLAdmin", 

                   "password": "NW012T6Tp4UPeCJO+Qo36sg==", 
                   "authenticationMethod": "SRP",
                   "roles": ["BLAdmins"],
                   "isScanImporter" : true
            }],

            "delayBetweenRefreshCycles": 3600
    }
  4. Restart the portal server:

    • (Windows): On the portal server, open the Services window, find and right-click the BladeLogic Portal service, and select Restart
    • (Linux): On the portal server, enter the following command: /etc/init.d/BladeLogic_Portal restart

Configuring the collection of data from BMC Discovery

Connecting to BMC Discovery lets you collect data about a computing environment and import that data into BladeLogic Portal. 

Using the bmc-config.json file, you can configure some aspects of how data is obtained from BMC Discovery.

  1. Open the bmc-config.json file for editing.
    Typically, this file resides at <install_location>/portal/configuration/bmc-config.json.
  2. In the file, search for "discovery". The discovery section appears as shown below:

    "data.refresh.discovery": {
       "delayBetweenRefreshCycles" : 86400,
       "discoveryDataRefreshEnable" : "true"
    }

  3. Provide the following values, as necessary:

    OptionExplanation
    delayBetweenRefreshCyclesSpecifies the time interval, in seconds, between updates from BMC Discovery. By default, this value is set to 24 hours (in seconds).
    discoveryDataRefreshEnable
    Enables or disables the automatic refreshing of data from BMC Discovery.
  4. Restart the portal server:

    • (Windows): On the portal server, open the Services window, find and right-click the BladeLogic Portal service, and select Restart
    • (Linux): On the portal server, enter the following command: /etc/init.d/BladeLogic_Portal restart
Was this page helpful? Yes No Submitting... Thank you

Comments