Troubleshooting

See the following sections when analyzing problems that occur while using SecOps Response:

Onboarding a connector fails when there are multiple instances of Java

The process of onboarding a connector can fail if multiple instances of Java exist.

To work around this problem, take the following steps to provide an absolute path to a Java binary:

  1. Cd to the directory where you have installed the connector.
  2. Uninstall the connector service by running the following command:
    <connector-type>-connector.exe uninstall
    For example, if you are uninstalling the BSA connector, enter: bsa-connector.exe uninstall
  3. Modify the <connector-type>-connector.xml file by changing the <executable>java</executable> entry so it provides an absolute path to a Java binary.
    For example, the modified entry might read:
    <executable>C:\Program Files\Java\jdk1.8.0_151\bin\java</executable>
  4. Re-install the connector service by running the following command:
    <connector-type>-connector.exe install

Software Update operation in SCCM does not get created because software download fails

When SecOps Response is connected to SCCM, you may see an operation listed on the home page that does not get created correctly. Clicking on the operation reveals a status that says, "Failed to Create Operation: Error occurred while creating job in SCCM - SCCM remediation API call failed."

An error about software updates also appears in the SCCM connector log, which can be found at this location on the connector host: <connector_install_location>\logs.

This situation is probably caused because a software download failed. Possible causes of this failure are:

  • Network name cannot be found—The shared folder name is incorrect, is not shared correctly, or does not exist.
    When specifying the shared folder location during onboarding:
    • Provide the actual name by which the folder is shared. In some situations folders are shared using a different name than the name actually assigned to the folder.
    • Do not prepend the server name. The folder location is a relative path and should not include a host name. For example, \shared\folder\location.
  • Access denied—The shared folder does not have the correct permissions. It must be provide read/write permissions to everyone or it must provide read/write permissions specifically to the user who has logged into SecOps Response.

Authentication for SCCM

The only authentication method that is supported for SCCM is its default authentication mechanism–that is, Active Directory.

Changes to collections in SCCM may require remapping

If you have already mapped assets to devices managed with SCCM but the contents of a device collection are changed within SCCM, then a new device collection is shown in the Device Collections filter on the Operator Dashboard. In this situation, you must unmap and remap assets to ensure the correct data is available before you attempt to run a Remedation operation.

Emails generated by SecOps Response are classified as spam

During the registration and onboarding, emails generated by SecOps Response may be marked as spam by your email service. Emails are also generated if you change your password.

To avoid this problem, use the filters on your email service and specify amazonses.com as a safe sender. Although the emails appear to come from bmc.com, they originate in the cloud from amazones.com.

Filtering of search results can make it appear as though no results are returned

When you are searching for anything other than servers, only the first 100 results are returned from BSA to SecOps Response. If you have applied search filters, they may potentially exclude all 100 results, making it appear as though there are no results.

To confirm that you do have search results, temporarily clear filters.

Note that there are no restrictions to the number of results returned when searching for servers.

Internet Explorer 11 experiences random timeouts

At random moments an Internet Explorer 11 browser can fail to navigate and instead sends you back to the login page. A message says that the session has timed out.

To work around the problem:

  1. Use Internet Explorer's security settings to add the SecOps Response host as a trusted site.
  2. Keep the Enable Protected Mode option unchecked.

Internet Explorer not supported for onboarding

Although features of SecOps Response support Internet Explorer, the onboarding platform does not.

Firefox truncating tooltips

When using the Firefox browser, tooltips should be able to display 256 characters but you may see the browser truncate the tooltip to approximately 65 characters.

Dashboards showing inconsistent data for closed vulnerabilities

The following inconsistencies can occur when data is reported on the SecOps Response dashboards:

 

  • When a server is unmapped, vulnerabilities associated with that server that have been remediated continue to show up as closed.
  • When a vulnerability has been remediated but afterwards the vulnerability is excluded, data for that vulnerability continues to appear in the Closed stage even though the corresponding CVE number no longer seems to be included in the dashboard's data.
Was this page helpful? Yes No Submitting... Thank you

Comments