SecOps Response introduces some terminology and working practices that may be unfamiliar. Key items that you will see referenced in this documentation include:
A mapped vulnerability on a mapped asset. During the process of using SecOps Response, you map vulnerabilities to remediation content and map assets to managed endpoints. When that mapping is complete, a list of actionable vulnerabilities appears on the Operator Dashboard. Actionable vulnerabilities are the vulnerabilities that you can correct by running Remediation operations.
An object that is scanned by a vulnerability management system. Often, assets are servers. When using the vulnerability management process, you can map assets detected in vulnerability scans to servers managed by BMC Server Automation or SCCM.
A connection to an endpoint manager or some other optional product that provides additional capabilities for SecOps Response. To set up a connection, you must download and run a small connector program on your premises. This connector program establishes communication between SecOps Response, running in the cloud, and the other product, running on your premises.
A set of objects that SecOps Response can use to perform a task (for example, to deploy a patch or BLPackage in BSA or a collection of software updates in SCCM).
DCA Index Server
An in-memory, information-retrieval system based on Apache Lucene technology. The DCA Index Server allows for rapid text searches that apply to many areas of the SecOps Response system, including vulnerability data and searches for managed servers.
A Deploy job set up in BMC Server Automation that can be used as the basis for scheduling Remediation operations.
The administrator responsible for day-to-day configuration of SecOps Response. During the onboarding process, an administrative role for the endpoint manager is specified. If you belong to that role, you are granted endpoint administrator privileges.
The underlying product that runs in conjunction with SecOps Response, such as BSA or SCCM.
Objects managed by the endpoint manager. In BSA and SCCM, endpoints are servers. In BNA endpoints are network devices.
The process of establishing connections between SecOps Response, which runs in the cloud, and endpoint managers such as BSA, BNA, or SCCM, which run locally on your premises. You can also use onboarding to set up connections to optional products such as BMC Discovery. During onboarding, a connector utility must be downloaded to your premises to enable communication between SecOps Response and other products you are using.
Equivalent to a job in BSA or BNA.
A collection of patches assembled in the Depot in BMC Server Automation. Patch catalogs are used to analyze and remediate missing or outdated patches.
SecOps Response administrator
The administrator responsible for onboarding and management of connectors.
A grouping mechanism for users based on groups defined within the endpoint manager. Users belonging to those groups inherit the same permissions in SecOps Response. Security groups are based on:
- Roles defined in BSA.
- Realms defined in BNA
- Security roles defined in SCCM that are associated with Active Directory groups
Endpoints that you want to manage or affect during an operation. In BSA or SCCM, targets are servers. In BNA, endpoints are network devices.
A susceptibility or flaw that may allow unauthorized access to a system, such as a software or networking system. Some organizations such as Qualys, Nessus, and Rapid7 develop vulnerability management systems that allow you to scan computer systems to identify vulnerabilities.