Walkthrough for Threat Director: Automatically importing vulnerability scan data

This walkthrough demonstrates how to set up a connection to a scanning utility such as Tenable SecurityCenter so you can automatically import scan results on a regular basis.

This topic includes the following sections:


The following video demonstrates how to use Threat Director (BladeLogic Portal 2.2.01 or later) to set up a scanner connection so you can automatically import scan results.

 https://youtu.be/7pln8tFNLZs

Introduction

The first step when using Threat Director is to import scan data from a vulnerability scanning tool. In earlier releases, you had to import scan reports manually. Beginning in version 2.2.01, you can define a connection to a scanning utility and import scan results automatically on a regular basis.

Currently, the only scanning utility supported for automatic imports is Tenable SecurityCenter.

What do I need to get started?

  • You must have a user ID that can access and use the administrative capabilities of BladeLogic Portal. 
    The user ID must be associated with a portal security group that has the Threat Director permission. For more information, see Managing portal security groups for BMC Server Automation.
  • You must know the URL for a scanning mechanism such as Tenable Security Center. You must also have a user account with permissions to access and export scans. 
  • If you did not enable the automatic imports of scan data during installation, you must manually enable scan imports by modifying a configuration file. 
 

Procedure

Example (click to enlarge) 

1

Set up a connection to a scanner.

  1. As an Administrator, select your user name (at upper right) and then select Administration.
  2. Click the Scanner Connections tab.
  3. Click the Add a new Scanner Connection icon.
  4. Provide the following information:
    Connection URL—URL for the scanning utility, using a format such as https://ScanningCenter  or  https://10.0.0.10.
    Username—A user account with access to scans and permission to export them.
    Password—Password for the user account.

2

Click Test Connection

A message confirms whether the connection is valid. If it is valid, a list of existing scans populates the Scans to Import section. The list is highlighted at right.

3

Set a schedule for importing scan results:

  1. Under Import Configuration, for Start At, specify a time when you want to import scan results. In this example we select 1:00 AM.
  2. Select your time zone.
  3. For Frequency, specify how often you want to import scan results. In this example, we specify every 7 days.

4

Optionally, you can filter the scan data being imported. The filtering process is the same as when you import scan files manually. For filtering criteria you can use operating system, severity, and IP address range.

To set up filters, you can use the options highlighted at right, but in this walkthrough we are not filtering any data.

5

Specify that all new scan results should be imported by checking Select all and include new scans automatically.

If you select this option, all new scan results are imported according to the schedule you have specified.

Instead of importing all scan results, you can select specific scans from the Scans to Import list, and only results from those scans are imported according to the schedule you have specified.

6

Click Create Scanner Connection.

Wrapping it up

In this topic you set up a scanner connection and then defined a schedule for automatically importing scan results.

Where to go from here

If you want to learn more about automatically importing scan data, see Setting up a scanner connection.


Was this page helpful? Yes No Submitting... Thank you

Comments