Walkthrough: Mapping vulnerability scan results to your environment
This walkthrough demonstrates how to map the assets and vulnerabilities in a vulnerability scan to the servers you are managing with BladeLogic Portal and BMC Server Automation and remediation content set up in BSA. This mapping process is a prerequisite before you can use the portal to correct any vulnerabilities revealed in the scan.
The same process can be used to map assets in a scan file to network devices managed with BMC Network Automation and then map network vulnerabilities in the scan file to remediation content in the form of rules defined in BNA.
This topic includes the following sections:
The video at right demonstrates the process described in this walkthrough. It was created with BladeLogic Portal 2.0. If you are using a later version of BladeLogic Portal, you may detect some differences in the interface.
Introduction
This walkthrough describes how to associate servers included in a vulnerability scan to servers managed with BladeLogic Portal and BMC Server Automation. It also describes how to associate vulnerabilities identified in the vulnerability scan to remediation content that can be deployed to correct the vulnerability. This process of associating—or mapping—must occur before you can perform any remediation based on a vulnerability scan. The same process can also be used to map network vulnerabilities.
BladeLogic Portal can perform an automatic mapping of servers based on their IP address and domain name server (DNS). However, after auto-mapping some servers may remain unmapped. When that occurs, you can manually find servers in your managed environment and associate them with servers in the vulnerability scan.
BladeLogic Portal can also perform an automatic mapping of vulnerabilities to patches in the BMC Server Automation patch catalogs. Mapping is based on the Common Vulnerabilities and Exposures (CVE) number. However, only patches can be auto-mapped. Other types of vulnerabilities require a manual mapping procedure.
After servers and vulnerabilities are mapped, you can examine the SecOps Dashboard - Vulnerability Manager and create a Remediation operation that corrects vulnerabilities.
What do I need to get started?
- A user ID that lets you access and use BladeLogic Portal.
The user ID must be associated with a portal security group that has the necessary permissions to perform vulnerability management procedures. For more information, see Managing portal security groups. - Results of a vulnerability scan in an XML format that can be imported into BladeLogic Portal.
If you have access to a vulnerability management system, such as Qualys or Nessus, you can export the results to XML. Alternatively, you need someone with permissions to perform a vulnerability management scan and export the results to XML so you can import them into BladeLogic Portal.
How to map vulnerability scan results
Procedure | Example screen | |
---|---|---|
1 | Obtain the results of a vulnerability scan in XML format. The vulnerability scan should be created using a vulnerability scanning product such as Qualys or Nessus. Optionally, you can limit the scan to a particular asset group—that is a particular group of servers you manage. Tip In Qualys, from the Vulnerability Management Dashboard, you can launch a scan by clicking New Scan and providing information that defines the scan. | |
2 | Using BladeLogic Portal, import the scan file exported from the vulnerability scanning product and automatically map assets in the scan to servers managed in BladeLogic. Auto-mapping matches the IP address and domain name server (DNS) of servers in the vulnerability scan to servers managed by BMC Server Automation.
| |
3
| For hosts that remain unmapped after auto-mapping, perform a manual mapping procedure.
| Select hosts that need mapping. When you click Map, the hosts you selected appear on the Map Endpoint to Scanned Hosts page. |
4 | Select a host managed by BSA that should map to a host in the vulnerability scan.
| Select host to map and then click Endpoints tab to find a server. Assets page shows name and IP address of mapped server. |
5 | Display the list of vulnerabilities in the vulnerability scan that can be mapped to remediation actions in BladeLogic. Then perform auto-mapping, which matches any vulnerabilities that can be corrected by patches with patches that already exist in BladeLogic patch catalogs.
| |
6 | For vulnerabilities that remain unmapped after auto-mapping, perform a manual mapping procedure. You can match vulnerabilities to any type of depot content that can be used for remediation, such as BLPackages, software packages, and NSH scripts.
| |
7 | Using the Search and Browse tabs, select a remediation package. | |
8 | Define rules that apply when you later deploy the remediation content to target servers. This capability is typically used to deploy one remediation content item to a certain type of target, such as Windows servers, and another type of remediation content to another type of target, such as Red Hat servers.
| |
9 | Click Save. A message says that mapping has occurred The Vulnerabilities page shows the remediation content that was selected and the type of remediation, such as a patch or BLPackage. If you have a long list of vulnerabilities, use the Remediation Type filter and the Mapping Status filter (at the top of the page) to find the vulnerability you just mapped. Repeat the same procedure to map additional vulnerabilities to remediation packages. |
Wrapping it up
In this topic you used BladeLogic Portal to perform all the preliminary mapping necessary to remediate vulnerabilities detected by an external vulnerability management system, such as Qualys or Nessus.
Where to go from here
After all necessary mapping is complete, you can examine the SecOps Dashboard and and create a Remediation operation that correct vulnerabilities. The next walkthrough describes that process.
Comments
Log in or register to comment.