Walkthrough: Mapping vulnerability scan results to your environment

Obtain the results of a vulnerability scan in XML format. The vulnerability scan should be created using a vulnerability scanning product such as Qualys or Nessus. Optionally, you can limit the scan to a particular asset group—that is a particular group of servers you manage.

Using BladeLogic Portal, import the scan file exported from the vulnerability scanning product and automatically map assets in the scan to servers managed in BladeLogic. Auto-mapping matches the IP address and domain name server (DNS) of servers in the vulnerability scan to servers managed by BMC Server Automation.

1. Select Vulnerability Manager > Import.
2. For Select Vendor, choose the type of vulnerability management system used to create the scan file you want to import.
3. For Scan Report, click Browse and navigate to a scan file you want to import. The file must be in an XML format. Note that exports from Nessus have a file ending of .nessus.
4. Select the file and click Import Scan.

For hosts that remain unmapped after auto-mapping, perform a manual mapping procedure.

1. Select Vulnerability Manager > Assets to display a list of servers. 
2. Select hosts that require mapping.
   If necessary, use the filtering capability at the top of each column to find the hosts you want to select. For example, if you are looking for unmapped servers with names that include the string "aus," filter for unmapped servers in the column at far left and enter aus in the filter box at the top of the Scan Host column.
3. At top right, click the Actions menu and select Map.
   The Map Endpoint to Scanned Hosts page opens. It provides two tabs: Selected Scanned Hosts and Endpoints. The hosts you selected in the previous step are listed on the Selected Scanned Hosts tab.

Select hosts that need mapping.

When you click Map, the hosts you selected appear on the Map Endpoint to Scanned Hosts page.

4

Select a host managed by BSA that should map to a host in the vulnerability scan.

1. Select a host on the Selected Scanned Hosts tab and click the Endpoints tab. 

2. Use the text search or browse capabilities on this tab to find the server to be mapped.
   Click here to display a page that describes search and browse capabilities. 

3. Select the server to map to the host you selected on the Selected Scanned Hosts tab and click Save.
   A message says that mapping has occurred. The Assets page shows the name and IP address of the mapped server in BMC Server Automation.
   In some situations you may need to map multiple scanned hosts to a single server managed in BladeLogic. Or, you may need to map a single scanned hosts to multiple BladeLogic servers. See Assets for details.
   
4. Use the same procedure to map additional servers.

Select host to map and then click Endpoints tab to find a server.

Assets page shows name and IP address of mapped server.

5

Display the list of vulnerabilities in the vulnerability scan that can be mapped to remediation actions in BladeLogic. Then perform auto-mapping, which matches any vulnerabilities that can be corrected by patches with patches that already exist in BladeLogic patch catalogs.

1. Select Vulnerability Manager > Vulnerabilities to display a list of vulnerabilities. 
2. Click Auto-map to perform an automatic mapping of vulnerabilities identified in the vulnerability scan to patches in BladeLogic patch catalogs.

6

For vulnerabilities that remain unmapped after auto-mapping, perform a manual mapping procedure. You can match vulnerabilities to any type of depot content that can be used for remediation, such as BLPackages, software packages, and NSH scripts.

1. Select a vulnerability that requires mapping.
   If necessary, use the filtering capability at the top of each column to find vulnerabilities. For example, you can filter by severity. Or, if you are looking for a particular CVE number, use the filter at the top of the Reference ID column and enter a few characters from the CVE number.

2. At right, click the Actions menu in the highlighted row and select Map.
   The Map Remediation to Vulnerability page opens. It provides Search and Browse tabs.

Using the Search and Browse tabs, select a remediation package.
Click here to see a page with detailed instructions for using search and browse capabilities.

Define rules that apply when you later deploy the remediation content to target servers. This capability is typically used to deploy one remediation content item to a certain type of target, such as Windows servers, and another type of remediation content to another type of target, such as Red Hat servers.

1. Click Use Target Rules.
   A set of options appear that you can use to establish rules for deploying the remediation content.
2. Select Any or All to specify whether all the criteria you establish must be met for deployment or any one of the criteria is sufficient.
   In this example, we select All. 
3. For OS, enter text that identifies the OS type. For example, we enter Windows.
4. Click Add Criteria.
   A new row appears for defining another criteria. 
5. In the first field, select OS Platform. In the last field, enter a text string that identifies the platform. We enter x86_64 to indicate this package should be deployed to 64-bit systems.
6. To set another set of target rules, select another remediation content item and click . Then, repeat the previous steps to define a new set of target rules for the selected content.

Click Save.

A message says that mapping has occurred The Vulnerabilities page shows the remediation content that was selected and the type of remediation, such as a patch or BLPackage. If you have a long list of vulnerabilities, use the Remediation Type filter and the Mapping Status filter (at the top of the page) to find the vulnerability you just mapped. 

Repeat the same procedure to map additional vulnerabilities to remediation packages.