Using the Vulnerability Dashboard
This topic describes the data shown on each widget and provides instructions to drill down to a widget to view additional metrics depending on your endpoint manager, TrueSight Server Automation or TrueSight Network Automation.Starting 21.02.01, TrueSight Automation Console also supports TrueSight Network Automation as an endpoint manager.
Viewing the Vulnerability Dashboard
Widgets on the dashboard display metrics about the assets and the vulnerabilities. You can drill down to a widget to view additional data related to the metrics. The dashboard data refreshes every time after you import a scan, map vulnerabilities, and run remediation operations to completion.
To view metrics based on any of the following options, select a filter, and click Apply:
- Operating System: The list of operating systems is populated dynamically depending upon the imported scan file.
Scan File: Lists the scan files imported in Automation Console
- Risk Score: A range of numeric values similar to severity.
- Risk Owner: Security group that owns the set of vulnerabilities.
Scan Policy, Risk Score, and Risk Owner filters are not applicable to the Vulnerability Trend widget.
Click Export at the top right corner to download the current dashboard metrics as a PDF file.
This widget shows the total number of vulnerabilities imported from a scan file in the Automation Console and their distribution. Vulnerabilities mapped to remediation content are displayed in the Mapped Vulnerabilities graph. Actionable Vulnerabilities graph shows the vulnerabilities that are mapped to remediation content plus the impacted assets mapped to endpoints in the endpoint manager.
To drill down for more information about the mapped vulnerabilities, click the bar graph. In the following image, the vulnerability names, CVE IDs, severity, and the number of impacted assets for mapped and unmapped vulnerabilities are displayed.
To drill down for more information about the actionable vulnerabilities, click the bar graph. In the following image, the vulnerability names, CVE IDs, severity, and the number of impacted assets for actionable and non-actionable vulnerabilities are displayed.
Remediating actionable vulnerabilities
When there are actionable vulnerabilities on the dashboard, the Remediation Action panel appears on top, which shows the number of vulnerabilities as seen in the following figure:
To create a remediation operation for the actionable vulnerabilities directly from the dashboard, do the following:
On the Remediation Action panel, click Remediate.
The Create Operation page appears.
Click <n> actionable vulnerabilities hyperlink.
Click the Actionable Vulnerabilities bar in the Actionable Vulnerabilities bar graph on the Vulnerabilities widget.
On the Actionable Vulnerabilities pop-up, click Remediate.
The Create Operation page appears.
- Continue to create an operation.
For details, see Working with operations.
Risk Distribution by Assets and Vulnerabilities
This widget shows the total number of assets and vulnerabilities as per the vulnerability severity levels. To view vulnerabilities as per the severity levels, click Vulnerabilities.
Assets and vulnerabilities with different severity levels are counted as belonging to the highest level.
For example, out of 100 assets, if 10 assets have vulnerabilities with a Critical, High, and Medium severity, those 10 assets appear in the Critical bracket. If 20 assets have vulnerabilities with a High and Low severity, those assets appear in the High bracket.
To view more information about assets or vulnerabilities based on their severity, click the bar graph and then click each severity level.
Click Vulnerabilities and then click the bar graph to view more information about the severity level.
In the following image, 23 assets are in the Critical state.
SLA Distribution by Assets and Vulnerabilities
This widget shows the number of assets and vulnerabilities based on the service level agreements (SLA).
To view vulnerabilities as per the service level agreements, click Vulnerabilities. Using this data, you can plan remediation steps based on your organizational standards.
If assets or vulnerabilities are approaching an SLA level, they appear in Approaching SLA. Assets with a severity level other than Critical appear in Exceeding SLA (Other). Assets or vulnerabilities that have reached a critical severity appear in the Exceeding SLA (Critical) graph.
To view the number of vulnerabilities for assets based on their SLA, click the bar graph, and then click any SLA level.
In the following image, 10 assets are in the Within SLA bracket.
Vulnerabilities by Stage
After you map vulnerabilities with remediation content, either automatically or manually, you create an operation to remediate the vulnerabilities. This widget shows the number of vulnerabilities for which an operation is created (Awaiting Execution) against the number of vulnerabilities where the operation is yet to be created (Awaiting Attention). It also shows the number of vulnerabilities for which remediation operations are created, and change request approval is pending (Awaiting Approval). In addition, it shows the number of vulnerabilities for which an exception is created (Marked as Exception).
To view more information, click the bar graph. Vulnerability name, CVE IDs, severity, and the number of impacted assets are displayed.
This widget shows a cumulative vulnerability remediation trend for the past thirteen weeks, which includes the total number of identified versus remediated vulnerabilities.
This graph also shows:
- Average Days Awaiting Attention: Average number of days since vulnerabilities are identified and not yet remediated.
- Average Days Awaiting Approval: Average number of days in which a remediation operation is created with a change integration, and the change request is not yet approved.
- Average Days Awaiting Execution: Average number of days in which a remediation operation is scheduled but not yet executed.
- Average Days to Close: Average number of days it takes from identifying a vulnerability to successfully remediating it.
To view more information, click the bar graph. The total number of vulnerabilities identified and remediated is displayed. You can also view these details:
- Vulnerability name
- Impacted assets
- Scan Age: Number of days since the vulnerability is identified in the scan file by a vulnerability management tool.
- CVE IDs
Vulnerabilities Trend data is refreshed every day at 12AM UTC.
Scan Policy, Risk Score, and Risk Owner filters are not applicable to the Vulnerability Trend widget. If you apply any of these filters, the widget data is not filtered and the widget displays the filters that are not applied.
Top 10 Vulnerabilities
This widget shows the top ten vulnerabilities and the impacted assets on which the vulnerabilities are identified. This metric also shows the SLA level for the vulnerabilities.
Click the Impacted Assets link to see the assets and their operating system for each vulnerability.
Top 10 Business Services at Risk
For the TrueSight Server Automation endpoint manager onlyThis widget shows the top ten business services or applications with a maximum number of vulnerabilities and the number of impacted assets.
BMC Discovery sends data about business services at risk to Automation Console.
Why do I not see the Top 10 Business Services at Risk?
To view this data, you must ensure that the BMC Discovery connector is configured. For more information, see Configuring the BMC Discovery connector.
Top 10 Risk Owners
This widget shows the number of vulnerabilities owned by top ten owners (security groups) and the number of impacted assets. This data gets refreshed every time a new scan file is imported, vulnerabilities are mapped, operations are created, and vulnerabilities are resolved.
To view more information, do the following:
- Click the link under Number of Vulnerabilities to view a list of vulnerabilities and their severity.
- Click the link under Impacted Assets to view the list of impacted assets.