Using
TrueSight Vulnerability Management lets you use tools such as Qualys, Nessus, and Rapid7 to scan for vulnerabilities, import that information into TrueSight Vulnerability Management, and then analyze, prioritize, and remediate the vulnerabilities. The analytic tools available in TrueSight Vulnerability Management help align the actions of security and operations personnel who must maintain the integrity of your computing environment.
This topic provides a high-level description of the process for using TrueSight Vulnerability Management. It contains the following sections:
See Use cases for walkthrough topics that demonstrate in more detail how to use TrueSight Vulnerability Management to manage vulnerabilities.
Overview of the process
The process for using TrueSight Vulnerability Management consists of the following steps.
Prerequisites
When connecting TrueSight Vulnerability Management to TrueSight Server Automation, TrueSight Network Automation, or SCCM, the following versions of endpoint managers are supported.
| Endpoint manager | Supported versions |
|---|---|
| TrueSight Server Automation | |
| TrueSight Network Automation | |
| SCCM | Microsoft System Center 2017 Configuration Manager
|
When you start using TrueSight Vulnerability Management
The following table provides a brief description of the tasks needed to start using TrueSight Vulnerability Management.
Important
Starting from version 3.0.01, services for all three deployment types, database, Elasticsearch, and application, are started automatically when you restart the nodes.
| Task | Related documentation |
|---|---|
| Log on | Accessing the interface |
Set up connectors. During installation of TrueSight Vulnerability Management, all connectors (except SCCM) are installed and you need to configure at least one of the system connectors. After installation, you can configure them to leverage them for vulnerability management. | Setting up connectors |
You must specify service level agreements (SLAs) for each vulnerability severity level. You can also specify a warning period after which vulnerabilities are classified as nearly exceeding SLAs. | Providing service level agreement information |
TrueSight Vulnerability Management process
The following table provides a brief description of tasks required to use TrueSight Vulnerability Management and links to related documentation.
| Task | Related documentation |
|---|---|
Import scan files ( TrueSight Vulnerability Management > Import). The Scan Import page lets you import scan files that were created using a vulnerability management system, such as Qualys, Nessus, or Rapid7. During a scan file import, assets that are included in the scan file are automatically mapped to endpoints. | Importing scan files |
Map assets ( TrueSight Vulnerability Management > Assets). The Assets page lets you map assets that are included in a vulnerability scan to endpoints. You can map assets one by one or you can automatically map assets. | Mapping assets to endpoints |
Map vulnerabilities ( TrueSight Vulnerability Management > Vulnerabilities). The Vulnerabilities page lets you map vulnerabilities identified in a vulnerability scan to remediation content. You can map vulnerabilities one by one or you can automatically map vulnerabilities. Here is what you can use for remediation content:
| Mapping vulnerabilities to remediation content |
Integrate with Nessus scanner Integration with the Nessus scanner lets you download and import vulnerability scans automatically, without any need for exporting the scans from Nessus or manually importing the scans into TrueSight Vulnerability Management. After the scans are downloaded and imported, assets and vulnerabilities are auto mapped automatically. | Integrating with Nessus scanner |
View vulnerability data on the Security Dashboard ( TrueSight Vulnerability Management > Security Dashboard). This dashboard provides visual tools to help security personnel assess the vulnerabilities affecting their computing environment, spot trends, and project days needed to close all vulnerabilities. Operations personnel can also use this dashboard.
| |
View vulnerability data on the Operator Dashboard ( TrueSight Vulnerability Management > Operator Dashboard). The Operator Dashboard provides visual tools to identify vulnerabilities on endpoints that require the highest priority remediation and then launch remediation actions for those endpoints. If you are connected to BMC Discovery, you can also use this dashboard to identify servers that are not included in scans. These unscanned servers are sometimes called blind spots.
| Operator Dashboard |
Launch remediation operations ( TrueSight Vulnerability Management > Operator Dashboard > Remediate). After using the Operator Dashboard to filter vulnerability information, you can launch the Remediation operation wizard, which guides you through the process of configuring operations that can remediate the vulnerabilities you select. Here is what the Remediation operation can do to correct vulnerabilities:
| Creating a Remediation operation for TrueSight Server Automation Creating a Remediation operation for TrueSight Network Automation |
Execute the Change Automation use case When operational changes are implemented, administrators need to document and track these changes in a change management system. To automate this change tracking process, a Request For Change (RFC) is automatically created in the change management system, whenever an endpoint administrator initiates a Remediation operation in Vulnerability Management that requires approval. After the change is approved in Change Management, the corresponding job is scheduled for execution in the endpoint manager. | Change Automation |
Manage operations on the Home page When you run the Remediation operation wizard, it can generate one or more operations to remediate vulnerabilities. Those operations are listed on the Home page of TrueSight Vulnerability Management. From there you can execute operations, obtain information about operation results, and delete operations. | Managing operations |
View results of operations From the home page you can display detailed information about results of individual operations. When viewing results, the tools available vary depending on the type of operation. | Using results of operations |
Monitor long-running operations Some actions in TrueSight Vulnerability Management can take many minutes to complete. Use the Activity Status page to check on long-running actions. | Monitoring the status of long-running activities |
Related videos
| Description | Video |
|---|---|
This video demonstrates how to use TrueSight Vulnerability Management to map server assets and vulnerabilities detected in a vulnerability scan to the servers and remediation content you are managing with TrueSight Server Automation or SCCM. | |
This video continues the remediation management process for TrueSight Server Automation. It shows how to use TrueSight Vulnerability Management to generate remediation operations for vulnerabilities detected in a vulnerability scan. | |
This video continues the remediation management process for SCCM. It shows how to use TrueSight Vulnerability Management to generate remediation operations for vulnerabilities detected in a vulnerability scan. | |
This video demonstrates how to use TrueSight Vulnerability Management with BMC Discovery to enable blind spot detection and filter vulnerabilities on dashboards by application. |
Comments
Log in or register to comment.