Using SecOps Response
SecOps Response lets you use tools such as Qualys, Nessus, and Rapid7 to scan for vulnerabilities, import that information into SecOps Response, and then analyze, prioritize, and remediate the vulnerabilities. The analytic tools available in SecOps Response help align the actions of security and operations personnel who must maintain the integrity of your computing environment.
This topic provides a high-level description of the process for using SecOps Response. It contains the following sections:
See Demonstrating the SecOps Response process for walkthrough topics that demonstrate in more detail how to use SecOps Response to manage vulnerabilities.
Overview of the process
The process for using SecOps Response consists of the following steps.
SecOps Response supports connections to:
- BMC BladeLogic Server Automation 8.9.01 (Service Pack 1)
- BMC BladeLogic Network Automation 8.9.01 (Service Pack 1)
- Microsoft System Center Configuration Manager (SCCM) - the following versions:
- Microsoft System Center 2017 Configuration Manager
- Console version 5.0.8498.1700
- Site version 5.0.8398.1000
- Microsoft System Center 2016 Configuration Manager
- Console version 5.0.8412.1313
- Site version 5.0.8412.1000
- Microsoft System Center 2012 Configuration Manager SP2
- Console version 5.0.8239.1000
- Site version 5.0.8239.1000
- All supported versions of SCCM have the following additional requirements:
- Powershell 4.0 or later must be installed
- Server Cmdlet library must be installed on the SCCM server (version 5.0.8373.1189 or later)
Obtain the Cmdlet library from https://www.microsoft.com/en-us/download/details.aspx?id=46681.
- SCCM server and Active Directory server must reside within the same domain
- Microsoft System Center 2017 Configuration Manager
When you start using SecOps Response
The following table provides a brief description of the tasks needed to start using SecOps Response.
|Logging on.||Logging on|
You must specify service level agreements (SLAs) for each vulnerability severity level. You can also specify a warning period after which vulnerabilities are classified as nearly exceeding SLAs.
|Providing service level agreement information|
SecOps Response process
The following table provides a brief description of tasks required to use SecOps Response and links to related documentation.
Import scan files ( SecOps Response > Import).
The Scan Import page lets you import scan files that were created using a vulnerability management system, such as Qualys, Nessus, or Rapid7. During a scan file import, assets that are included in the scan file are automatically mapped to endpoints.
|Importing scan files|
Map assets ( SecOps Response > Assets).
The Assets page lets you map assets that are included in a vulnerability scan to endpoints. You can map assets one by one or you can automatically map assets.
|Mapping assets to endpoints|
Map vulnerabilities ( SecOps Response > Vulnerabilities).
The Vulnerabilities page lets you map vulnerabilities identified in a vulnerability scan to remediation content. You can map vulnerabilities one by one or you can automatically map vulnerabilities.
Here is what you can use for remediation content:
|Mapping vulnerabilities to remediation content|
View vulnerability data on the Security Dashboard ( SecOps Response > Security Dashboard).
This dashboard provides visual tools to help security personnel assess the vulnerabilities affecting their computing environment, spot trends, and project days needed to close all vulnerabilities. Operations personnel can also use this dashboard.
View vulnerability data on the Operator Dashboard ( SecOps Response > Operator Dashboard).
The Operator Dashboard provides visual tools to identify vulnerabilities on endpoints that require the highest priority remediation and then launch remediation actions for those endpoints.
If you are connected to BMC Discovery, you can also use this dashboard to identify servers that are not included in scans. These unscanned servers are sometimes called blind spots.
Launch remediation operations ( SecOps Response > Operator Dashboard > Remediate).
After using the Operator Dashboard to filter vulnerability information, you can launch the Remediation operation wizard, which guides you through the process of configuring operations that can remediate the vulnerabilities you select.
Here is what the Remediation operation can do to correct vulnerabilities:
Manage operations on the Home page
When you run the Remediation operation wizard, it can generate one or more operations to remediate vulnerabilities. Those operations are listed on the Home page of SecOps Response. From there you can execute operations, obtain information about operation results, and delete operations.
View results of operations
From the home page you can display detailed information about results of individual operations. When viewing results, the tools available vary depending on the type of operation.
|Viewing and using results of operations|
Monitor long-running operations
Some actions in SecOps Response can take many minutes to complete. Use the Activity Status page to check on long-running actions.
|Monitoring the status of long-running activities|
This video demonstrates how to use SecOps Response to map server assets and vulnerabilities detected in a vulnerability scan to the servers and remediation content you are managing with BMC BladeLogic Server Automation or SCCM.
This video continues the remediation management process for BMC BladeLogic Server Automation. It shows how to use SecOps Response to generate remediation operations for vulnerabilities detected in a vulnerability scan.
This video continues the remediation management process for SCCM. It shows how to use SecOps Response to generate remediation operations for vulnerabilities detected in a vulnerability scan.
This walkthrough demonstrates how to use SecOps Response with BMC Discovery to enable blind spot detection and filter vulnerabilities on dashboards by application.