Walkthrough for Threat Director: Automatically importing vulnerability scan data
This walkthrough demonstrates how to set up a connection to a scanning utility such as Tenable SecurityCenter so you can automatically import scan results on a regular basis.
This topic includes the following sections:
The following video demonstrates how to use Threat Director (BladeLogic Portal 2.2.01 or later) to set up a scanner connection so you can automatically import scan results.
The first step when using Threat Director is to import scan data from a vulnerability scanning tool. In earlier releases, you had to import scan reports manually. Beginning in version 2.2.01, you can define a connection to a scanning utility and import scan results automatically on a regular basis.
Currently, the only scanning utility supported for automatic imports is Tenable SecurityCenter.
What do I need to get started?
- You must have a user ID that can access and use the administrative capabilities of BladeLogic Portal.
The user ID must be associated with a portal security group that has the Threat Director permission. For more information, see Managing portal security groups for BMC Server Automation.
- You must know the URL for a scanning mechanism such as Tenable Security Center. You must also have a user account with permissions to access and export scans.
- If you did not enable the automatic imports of scan data during installation, you must manually enable scan imports by modifying a configuration file.
Example (click to enlarge)
Set up a connection to a scanner.
Click Test Connection.
A message confirms whether the connection is valid. If it is valid, a list of existing scans populates the Scans to Import section. The list is highlighted at right.
Set a schedule for importing scan results:
Optionally, you can filter the scan data being imported. The filtering process is the same as when you import scan files manually. For filtering criteria you can use operating system, severity, and IP address range.
To set up filters, you can use the options highlighted at right, but in this walkthrough we are not filtering any data.
Specify that all new scan results should be imported by checking Select all and include new scans automatically.
If you select this option, all new scan results are imported according to the schedule you have specified.
Instead of importing all scan results, you can select specific scans from the Scans to Import list, and only results from those scans are imported according to the schedule you have specified.
Click Create Scanner Connection.
Wrapping it up
In this topic you set up a scanner connection and then defined a schedule for automatically importing scan results.
Where to go from here
If you want to learn more about automatically importing scan data, see Setting up a scanner connection.