×
 
 
  •  
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')

Unsupported content

   

This version of the product has reached end of support. The documentation is available for your convenience. However, you must be logged in to access it. You will not be able to leave comments.
BMC BladeLogic Portal 2.2 ... Using Using Vulnerability Manager

Mapping vulnerabilities to remediation content - Vulnerability Manager

The Vulnerabilities page lets you map vulnerabilities identified in a vulnerability scan to remediation content available in BMC Server Automation or BMC Network Automation. For BSA, remediation content can be any type of BladeLogic depot content, such as BLPackages, software packages, or NSH scripts. For BNA, remediation content must be a rule that is used to enforce a configuration best practice.

The vulnerabilities that are imported from a scan include information for multiple operating systems—assuming you have permissions to manage multiple operating systems in the system where you performed the scan. In fact, a single vulnerability can apply to multiple operating systems.

The page provides the following capabilities:

Automatically mapping vulnerabilities

The Vulnerabilities page lets you automatically map vulnerabilities to remediation content that can be used to correct the vulnerability. Auto-mapping is based on Common Vulnerability and Exposure (CVE) number included in metadata for both the vulnerability and the remediation content.

  • For BMC Server Automation: Auto-mapping attempts to match the CVE number in a vulnerability to a CVE number associated with a patch. 
  • For BMC Network Automation: Auto-mapping attempts to match the CVE number in a vulnerability to a CVE number associated with a rule used to enforce configuration best practices. 

Notes

  • A vulnerability can be associated with multiple CVEs. Auto-mapping can potentially map remediation content to one or more of those CVEs while one or more CVE may remain unmapped. In this situation, an icon  flags the vulnerability as partially mapped. To determine which CVEs are mapped, display information about the remediation content by clicking the entry in the Remediation column. A pop-up window lists which CVEs are mapped and not mapped.

  • For BMC Server Automation, during auto-mapping, a vulnerability can potentially be mapped to the same patch in multiple patch catalogs. When this occurs, the vulnerability may not appear in the list of Actionable Vulnerabilities on the Operator Dashboard, depending on the following conditions:

    • If the same patch is included in multiple patch catalogs and each catalog is used for a different operating system, the portal can infer when a mapping constitutes an Actionable Vulnerability.
    • If the same patch is included in multiple patch catalogs and there are multiple patch catalogs for the same operating system (for example, one catalog for each version of the OS), then the portal cannot determine what patch should be used for remediation purposes. In this situation, auto-mapping will create mappings to multiple patch catalogs, but the mappings will require additional user input. To resolve these situations, scan the list of mapped vulnerabilities to find vulnerabilities where multiple remediation content items have been mapped. Click on any entry in the Remediation column to see how target rules have been defined. Entries requiring additional input will have target rules that include the phrase Value_Required. Use the manual mapping procedure described below and modify the target rules to replace instances of Value_Required with the appropriate target information.

To perform auto-mapping

  1. If you want to completely re-map all vulnerabilities, select Update existing mappings.
    If you do not select this option, an auto-map attempts to map only unmapped vulnerabilities. Selecting this option discards existing auto-mappings and attempts to auto-map all vulnerabilities except for existing manual mappings, which are not affected by this option.
    A full auto-mapping can take a considerable amount of time. If you are confident that your existing mappings are accurate, BMC recommends that you do not select this option and instead perform an incremental auto-mapping. 
  2. Click Auto-map at top right. A message tells you that mapping has occurred.
    Vulnerabilities that are auto-mapped are marked with a  icon in the Auto-mapped  column at far left.

Manually mapping vulnerabilities to remediation actions

After you perform automatic mapping, some vulnerabilities may remain unmapped. For these, you can perform a manual mapping procedure.

For BSA, you can only perform manual mapping for one vulnerability at a time. If you want to map the same remediation content to multiple vulnerabilities, you must perform the following procedure for each vulnerability that requires manual mapping.

For BNA, you can map multiple network rules to the same vulnerability. For example, this may be necessary when a vulnerability has been identified in a network scan, but the vulnerability applies to many different models of the same device. To correct the vulnerability, a rule must be defined to deploy an different operating systems. Because there are many device models, each with its own operating system, many rules are necessary. If you map multiple network rules to the same vulnerability, when the vulnerability is remediated, the proper network rule can be applied to the appropriate device model.

  1. In the list of vulnerabilities, select a vulnerability that requires mapping.  
    If necessary, use the filtering capability at the top of each column. For example, you might want to filter by severity level so you can map vulnerabilities with the highest severity first. 
  2. At right, select Actions > Map.
    The Map Remediation to Vulnerability page opens. For BSA, this page consists of tabs you can use to search for remediation packages. For BNA, there is only one tab.

  3. Depending on whether you are connected to BSA or BNA, perform one of the following steps:

    • BSA only: Use the Browse and Search tabs to find the remediation package that you want to map to the selected vulnerability. 

      Perform a simple text search to find depot content.

      1. Enter a text string in the Search text box and click Search
        Your text is matched against the names of any depot content.
        Results of a search return the first 100 items.

         
      2. Optionally, use the filters at left to refine your search. In the example below, notice how the search filtered for BLPackages produces 2 results while the search shown above produces 37.
      3. Select an entry in the list of depot content.

      Browse through depot folders to find content.

      The Browse capability only shows deployable content such as NSH scripts, BLPackages, component templates, and so forth. It does not let you browse for patches and patch catalogs.

      1. Select the Browse tab. A list of folders appears at left. 

      2. Navigate to the folder containing the depot content you want.  

         
        As you traverse folders, a trail of "bread crumbs" appears above the Folder list. You can select any name in the bread crumbs to display the contents of that folder.

      3. Select an item in the list of depot content.

    • BNA only: Use the search capability to find one or more rules that you want to map to the selected vulnerability.

      To find BNA rules:

      1. Enter a text string in the Search text box and click Search
        Results of a search return the first 100 items.
      2. Select one or more items in the list.
      3. If necessary, you can repeat the previous steps to continue selecting additional rules that should be mapped to the vulnerability.

       

  4. BSA only: If you are mapping multiple remediation packages to a vulnerability, define target rules that determine the types of targets where the package should be deployed.
    Typically, target rules specify different packages for different operating systems and architectures.

    1. Click Use Target Rules.
      A set of options appear that establish rules for deploying the package.
       
    2. In the row defining the rule, for the first field select any of the following:
      • OS–For example, Windows.
      • OS Platform–For example, x86_64.
      • OS Version–For example, 2008 R2.
      • OS Release–For example, 6.1
      • OS Vendor–For example, Microsoft.
    3. In the last field in the row, enter text as a criteria. Evaluation is based on whether a field contains the string you entered.
      For example, if you are specifying the Windows operating system, enter a string such as win. When evaluating targets, if the OS name contains the string win, the package is deployed there. 
    4. To add another rule, click Add Criteria. A new row appears. Use its fields to define an additional rule.
    5. Select the remediation package that should be deployed to targets according to the rules you have set up.

    6. To define another set of target rules for another remediation package, click . Then, repeat the previous steps.
      For example, the second set of target rules might apply to Red Hat targets (that is, OS contains RHEL). 

      Note

      To remove a set of target rules, click the X on the tab containing those rules.
       

     

  5. Click Save.
    The remediation content items you select are mapped to the vulnerability you originally selected. 

Removing mapping for a vulnerability

Use this procedure to remove mapping after a vulnerability has been mapped to remediation content.

  1. Select the vulnerability that has been previously mapped. 
  2. At right, select Actions > Remove Mapping.

Excluding a vulnerability

You can exclude a vulnerability, which means the vulnerability is not included in dashboard data, remediation operations, or any statistics on vulnerabilities.

When you exclude a vulnerability, the Vulnerabilities page continues to list the item in a gray font to distinguish it from other vulnerabilities.

  1. Select a vulnerability. 
  2. At right, select Actions > Exclude. A dialog asks for confirmation.

Showing details about a vulnerability

Click the name of any vulnerability to display more information, including its severity level, CVEs that are included, links to the related vendor (such as the Red Hat Network), and possibly links to the patches that can be deployed to fix the vulnerability.

Showing details about a remediation

After remediation content has been mapped to a vulnerability, you can click the name of the remediation to display a pop-up window containing more information. If an entry provides information for multiple remediations, the pop-up window lists information for each remediation. For BSA, the information includes the type of content (such as a patch or BLPackage), the path to the file, and any target rules that are defined for deploying the package. For BNA, the information may include the name of any rule sets and links to fixes for CVEs. 
 

Sorting data in columns

Sort columns of data on this page by clicking on column headers.

Filtering data in columns

Using the text boxes at the top of each column, enter any number of characters. As you enter characters, the list narrows its results to show only items with data in that column that includes the text string you have entered. Clear all text from the search box to show all items. You can enter data in multiple columns to show only results that match all criteria.

Some columns provide a list of choices that you can select. The columns are filtered to show only the values you select.

Filtering by security group

If your user ID is assigned to multiple security groups, you can filter the vulnerabilities displayed by selecting an option from the Security Groups filter at the top of the page. The page shows only vulnerabilities to which that security group has access.

Filtering by mapping status

You can filter the vulnerabilities displayed with the Mapping Status filter at the top of the page. The options are Mapped, Not Mapped, or All.

Filtering by exclusion status

You can filter the vulnerabilities displayed with the Exclusion Status filter at the top of the page. When you exclude a vulnerability, it is not included in dashboard data, remediation operations, or any statistics on vulnerabilities. The filtering options are Excluded, Included, or All.

Where to go next

SecOps Dashboard - Vulnerability Manager

Was this page helpful? Yes No Submitting... Thank you
Last modified by Fran Coughlin on Aug 05, 2016

Comments

Log in or register to comment.

Mapping assets to servers - Vulnerability Manager
SecOps Dashboard - Vulnerability Manager
© Copyright 2014 - 2018 BMC Software, Inc. © Copyright 2014-2018 BMC Software, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2024 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.