Using SecOps Response

SecOps Response lets you use tools such as Qualys, Nessus, and Rapid7 to scan for vulnerabilities, import that information into SecOps Response, and then analyze, prioritize, and remediate the vulnerabilities. The analytic tools available in SecOps Response help align the actions of security and operations personnel who must maintain the integrity of your computing environment.

This topic provides a high-level description of the process for using SecOps Response. It contains the following sections:

See Demonstrating the SecOps Response process for walkthrough topics that demonstrate in more detail how to use SecOps Response to manage vulnerabilities.

Overview of the process

The process for using SecOps Response consists of the following steps.

TD Process

Prerequisites

SecOps Response supports connections to: 

  • BMC BladeLogic Server Automation 8.9.01 (Service Pack 1)
  • BMC BladeLogic Network Automation 8.9.01 (Service Pack 1)
  • Microsoft System Center Configuration Manager (SCCM) - the following versions:
    • Microsoft System Center 2017 Configuration Manager
      • Console version 5.0.8498.1700
      • Site version 5.0.8398.1000
    • Microsoft System Center 2016 Configuration Manager
      • Console version 5.0.8412.1313
      • Site version 5.0.8412.1000
    • Microsoft System Center 2012 Configuration Manager SP2
      • Console version 5.0.8239.1000
      • Site version 5.0.8239.1000
    • All supported versions of SCCM have the following additional requirements:

When you start using SecOps Response

The following table provides a brief description of the tasks needed to start using SecOps Response.

Task Related documentation
Logging on. Logging on

You must specify service level agreements (SLAs) for each vulnerability severity level. You can also specify a warning period after which vulnerabilities are classified as nearly exceeding SLAs.

Providing service level agreement information

SecOps Response process

The following table provides a brief description of tasks required to use SecOps Response and links to related documentation.

Task Related documentation

Import scan files ( SecOps Response > Import).

The Scan Import page lets you import scan files that were created using a vulnerability management system, such as Qualys, Nessus, or Rapid7. During a scan file import, assets that are included in the scan file are automatically mapped to endpoints.  

Importing scan files

Map assets ( SecOps Response > Assets).

The Assets page lets you map assets that are included in a vulnerability scan to endpoints. You can map assets one by one or you can automatically map assets.

Mapping assets to endpoints

Map vulnerabilities ( SecOps Response > Vulnerabilities).

The Vulnerabilities page lets you map vulnerabilities identified in a vulnerability scan to remediation content. You can map vulnerabilities one by one or you can automatically map vulnerabilities.

Here is what you can use for remediation content:

  • BSA—Any type of depot content, including patches, BLPackages, software packages, component templates and NSH scripts.
  • BNA—Only corrective actions associated with network rules
  • SCCM—Software updates, applications, and application packages  
Mapping vulnerabilities to remediation content

View vulnerability data on the Security Dashboard ( SecOps Response > Security Dashboard).

This dashboard provides visual tools to help security personnel assess the vulnerabilities affecting their computing environment, spot trends, and project days needed to close all vulnerabilities. Operations personnel can also use this dashboard.

Security Dashboard

View vulnerability data on the Operator Dashboard ( SecOps Response > Operator Dashboard).

The Operator Dashboard provides visual tools to identify vulnerabilities on endpoints that require the highest priority remediation and then launch remediation actions for those endpoints.

If you are connected to BMC Discovery, you can also use this dashboard to identify servers that are not included in scans. These unscanned servers are sometimes called blind spots.

 Operator Dashboard

Launch remediation operations ( SecOps Response > Operator Dashboard > Remediate).

After using the Operator Dashboard to filter vulnerability information, you can launch the Remediation operation wizard, which guides you through the process of configuring operations that can remediate the vulnerabilities you select.

Here is what the Remediation operation can do to correct vulnerabilities:

  • BSA—Generate Patching, Deploy, and NSH Script operations
  • BNA—Perform corrective actions associated with network rules
  • SCCM—Generate Software Update, Application, or Application Package operations

Creating a Remediation operation for BMC Server Automation

Creating a Remediation operation for BMC Network Automation

Creating a Remediation operation for SCCM

Manage operations on the Home page

When you run the Remediation operation wizard, it can generate one or more operations to remediate vulnerabilities. Those operations are listed on the Home page of SecOps Response. From there you can execute operations, obtain information about operation results, and delete operations.

Managing operations

View results of operations

From the home page you can display detailed information about results of individual operations. When viewing results, the tools available vary depending on the type of operation.

Viewing and using results of operations

Monitor long-running operations

Some actions in SecOps Response can take many minutes to complete. Use the Activity Status page to check on long-running actions.

 Monitoring the status of long-running activities

Related videos

Description Video

This video demonstrates how to use SecOps Response to map server assets and vulnerabilities detected in a vulnerability scan to the servers and remediation content you are managing with BMC BladeLogic Server Automation or SCCM.

This video continues the remediation management process for BMC BladeLogic Server Automation. It shows how to use SecOps Response to generate remediation operations for vulnerabilities detected in a vulnerability scan. 

This video continues the remediation management process for SCCM. It shows how to use SecOps Response to generate remediation operations for vulnerabilities detected in a vulnerability scan. 

This walkthrough demonstrates how to use SecOps Response with BMC Discovery to enable blind spot detection and filter vulnerabilities on dashboards by application.

Was this page helpful? Yes No Submitting... Thank you

Comments