Security Dashboard

The Security Dashboard provides visual tools to help security and operations team members assess the vulnerabilities affecting their server environment.

To display the Security Dashboard, select SecOps Response > Security Dashboard.

 Take an interactive self-guided tour of these capabilities  (login to SecOps Response required). 

This topic includes the following sections:

Overview

The Security Dashboard offers a set of charts that give insight into the security status of a computing or network environment.

The Vulnerability Status bubble chart depicts vulnerabilities across a date range. The position, color, and size of bubbles indicate vulnerability severity, service level agreement (SLA) status, and number of endpoints affected. At a glance, you can identify situations on the bubble chart that may require immediate attention and prioritize remediation actions accordingly. 

The Vulnerabilities per Stage bar chart shows the daily status of vulnerabilities across the same date range as the Vulnerability Status chart. Each bar in the chart represents vulnerabilities on a given day. Colors indicate the management status of each vulnerability, such as awaiting action or awaiting execution. Using this chart you can spot vulnerability management trends and project a date when all vulnerabilities should be closed.

The only action you can take from this dashboard is to export information. However, if you specify a set of filters on this page and then open the Operator Dashboard, it will automatically use the same set of filters.

Notes

For the Security Dashboard to show data, you must first:

Vulnerability Status chart

The Vulnerability Status bubble chart provides a snapshot showing how vulnerabilities affect your server or network environment.

The chart presents vulnerabilities across a date range (the X axis). The default date range is 90 days, but you can adjust the range. The Y axis measures severity; the most severe vulnerabilities (level 5) appear at the top of the axis. 

The color of each bubble corresponds to an SLA status: green for within the SLA limits, yellow for approaching the SLA, or red for exceeding. (Both endpoint administrators and ordinary users can enter SLA standards for each severity level.)

The size of each bubble indicates how many endpoints are affected by these vulnerabilities; the bigger the circle, the more endpoints that are affected. Even though a single endpoint might have hundreds of severity 5 vulnerabilities, the size of the bubble remains constant if only that one endpoint is affected.

Using these visual cues, you can scan the chart to identify problems. For example, large red bubbles high on the Y axis might mean trouble. Red indicates the SLA has expired. Large bubbles mean more endpoints are affected. Higher on the Y axis means the vulnerability is more severe. When you identify a hot spot like this, you can hover the cursor over a bubble to get more information (as shown at right). Then you might want to instruct the operations team to take corrective actions. If necessary, you can export the contents of the dashboard.

Restricting vulnerabilities by stage

Headers on the Vulnerability Status chart show the average time needed for each stage of activity in the vulnerability management process. 

You can limit the information displayed on the chart by clicking the headers that correspond to stages:




  • Average Days Awaiting Attention—The average number of days before vulnerabilities are addressed as well as the average number of days for vulnerabilities that have never been addressed.
  • Average Days Awaiting Approval—Vulnerabilities for which a remediation action has been created but still must be approved.  This statistic is not provided for BNA or SCCM.
  • Average Days Awaiting Execution—Vulnerabilities for which a remediation action has been created and approved but still must be executed. This category also includes vulnerabilities that are currently being remediated.
  • Average Days to Close—Vulnerabilities that have been closed. The color of bubbles indicates the SLA status of vulnerabilities when they were closed.

SLA Breakdown chart

The SLA Breakdown pie chart shows the total number of unique vulnerabilities for the selected stage and divides those vulnerabilities according to their SLA status. When you hover over any part of the chart, you see a breakdown of vulnerabilities by severity level.

Note that "within SLA" means vulnerabilities that have not exceeded the SLA and are not categorized as approaching the SLA.

Vulnerabilities per Stage chart

The Vulnerabilities per Stage chart helps security and operations team members recognize historical trends in vulnerability management.

The chart shows the daily status of vulnerabilities across a date range (the X axis). The default range is 90 days, but you can adjust the range. The Y axis measures the total number of vulnerabilities. When new scans are imported, the height of the bar changes.

The colors in each bar represent the stages of vulnerability management: awaiting action, awaiting approval, awaiting execution, or closed. 

Every bar in the chart is a daily snapshot showing vulnerabilities in their various stages. For example, the chart above shows how a few scans are initially imported. After about a week, the colors begin to change as remediation actions begin. After nine days, the number of vulnerabilities awaiting action begins to decline until more scans are imported and the total number rises. 

Restricting vulnerabilities by stage

Headers on the Vulnerabilities per Stage chart show the total number of vulnerabilities in each stage of activity in the vulnerability management process. 

You can limit the information displayed on the chart by clicking the headers that correspond to stages:


  • Awaiting Attention—Vulnerabilities that have not been acted on in any way. 
  • Awaiting Approval—Vulnerabilities for which a remediation action has been created but still must be approved. This statistic is not provided for BNA or SCCM.
  • Awaiting Execution—Vulnerabilities for which a remediation action has been created and approved but still must be executed.
  • Closed—All vulnerabilities that have been closed.
  • Total—All vulnerabilities.

Note

Dashboard statistics may not show the most recent vulnerability status, depending on how often data from the endpoint manager is updated using the Data Refresh capability.

Estimated Days to Close chart

The Estimated Days to Close chart projects on a time line the date when all vulnerabilities should be closed based on current trends. 



Specifying the range of vulnerability data 

By default, the charts in the Security Dashboard show all vulnerability information that was generated and imported into SecOps Response within the last 90 days. Rather than use that time frame, you can display vulnerability information for:

  • A set period of time—From Scan Data, select 90, 45, or 30 days. 
  • The oldest date included in selected scan reports—From Scan Data, select the name of one or more reports. If you want information for all reports, click Select All.  The date range extends to the oldest scan data that was imported.

When you select an option from Scan Data, the dashboard automatically updates to show the information you have selected.

Showing vulnerability information by security group

If you belong to more than one security group, use the Security Group drop-down list at top to show vulnerability information for a particular group. If you belong to one security group only, this option is not enabled.

In SCCM you can only belong to one security group.

Filtering vulnerability information

Using the filters at top, you can limit the information that the Security Dashboard shows. All charts, counts, and graphs update dynamically based on your filtering choices. Filters can be particularly useful if you plan to export data that lists vulnerabilities requiring action.

By default, the Security Dashboard uses the same filters last set in the Operator Dashboard. This allows users of the Operator Dashboard to refine their view of vulnerabilities. Then, users can open the Security Dashboard to display the same set of vulnerabilities immediately. In addition, settings for the Tags filter persist when you move between the Operator Dashboard, the Security Dashboard, and the Assets page.

To filter data, select any of the following options:

  • BULLETIN IDSCCM only: Shows information for specific vulnerabilities, as identified by Microsoft bulletin ID.
  • CVEBSA and BNA only: Shows information for specific vulnerabilities, as identified by common vulnerability and exposure (CVE) number. 
  • Device collectionSCCM only: Shows information about selected device collections, which are groupings of devices. You can choose from all the device collections accessible to your Active Directory group.

  • Device typeBNA only: Shows information about selected network devices.

  • O/SBSA only: Shows information about selected operating systems. 

  • Server GroupBSA only: Shows information about vulnerabilities detected for a selected BladeLogic server group. Because you can select smart groups, this filtering option can be very useful for limiting the information displayed. 

  • Severity—Shows information about vulnerabilities with a specific severity.
  • Software Instance—Shows information about servers that include the types of software you specify.

    Note

    To enable the Software Instance filter, you must set up a connection to BMC Discovery.

  • Tags—Shows information about tagged assets.

      Click here for more information about tag filters.

    If you have imported tags, you can filter assets using any combination of tags or tag values that have been applied to those assets. (A tag is a key/value pair.) The following example filters for both the "SRS" value of the tag called "BU" and the "Maria" value for the tag called "OWNER."

    When using the Tags option, the search field lets you search for tag values but not for tag names.

    When filtering by tags, you can select the key, which filters for all values of that key, or you can select individual values. Filtering behavior differs depending on whether you select tags, tag values, or both.

    • When you select multiple values within a tag, filtering is based on an OR condition. For example, in the Owner tag, you might select Owner1 and Owner2. Filtering shows assets with the Owner1 OR the Owner2 value.
    • When you select multiple tags, filtering is based on AND condition. For example, if you select the Owner and the Applications tags, filtering only shows assets with any Owner tag value AND any Applications tag value.
    • When you select a combination of tags and tag values, filtering is based on a combination of AND and OR conditions. The AND conditions apply between tags and the OR conditions apply between values for a particular tag. For example, if you select the Application tag and the Owner 1 and Owner2 values of the Owner tag, filtering shows assets that have any Application tag value AND either the Owner1 value or the Owner2 value.

    When you set tag filters, they persist when you switch between the Assets page, the Security Dashboard, and the Operator Dashboard.

To apply filtering choices

After making filtering choices, click Apply Filters to activate your selections. 

Exporting data

You can export the current contents of Security Dashboard. Data is exported in a comma-separated value (CSV) format and stored in a ZIP file. After exporting, you can open the file in a spreadsheet and then manipulate the data in any way you want.

If you filter data by software instance, an export shows the applicable software instances per server. If you do not filter by software instance but a connection to BMC Discovery is enabled, an export lists all software instances that are discovered.

If you have imported tag data, the export file includes a column for each tag.

Large exports are broken into multiple files within the ZIP file. Each file contains 40-50 thousand rows. 

To export the contents of the dashboard

Click Export, at top right. Using your browser, you can open the file or save it locally.  


Was this page helpful? Yes No Submitting... Thank you

Comments