3.0.01: Service Pack 1
This section contains an overview of the enhancements in version 3.0.01 of TrueSight Vulnerability Management.
Creating exceptions on vulnerabilities and assets
In version 3.0.01, you can add exceptions on vulnerabilities and assets to exclude assets from remediation in scenarios such as the following:
- You do not want certain vulnerabilities in your system to affect a set of assets because you plan to decommission those assets in the near future.
- You do not want certain vulnerabilities in your system to affect a set of assets for a particular duration and remediate those assets during the maintenance window.
You can choose to add an exception on the basis of asset names or tags. After you add an exception, those assets are no longer affected by the selected vulnerabilities. You can add exceptions manually or import them. Later, you can enable, disable, or delete them depending on your requirements. For more information, see Managing exceptions.
Mapping vulnerabilities for all imported security groups (Applicable for TrueSight Server Automation and TrueSight Network Automation)
In version 3.0, when a TrueSight Vulnerability Management user belonging to any security group performs mapping, vulnerabilities with CVE IDs under the security group context of the logged in user are auto-mapped and notification is shown to the user on the Activity Status page.
In version 3.0.01, vulnerabilities with CVE IDs under all imported security groups irrespective of the user (aligned to endpoint managers) are also mapped depending upon the following factors:
- Whether a security group has permission to access the remediation content
- Value of a property in the application.properties file
For more information, see Mapping vulnerabilities to remediation content.
Associating tags with a combination of vulnerability and asset
Earlier, you could associate a tag only with an asset. Now, you can associate a tag with a combination of vulnerability and asset as well. For more information, see Managing tags for vulnerabilities and assets.
Filtering scan files by IP address range
When importing scan files from third-party vendors, you can filter the scan files by the IP address range. You can specify a single IP address range or multiple ranges as the filter criterion. For more information, see Importing scan files.
New system service to start deployment types on system startup and to start and stop all deployment types
Starting from version 3.0.01, TrueSight Server Automation installs a new system service on the application, Elasticsearch, and database nodes. On system startup, this system service starts the services for these deployment types automatically.
In addition, you can use this system service to start and stop all of these deployment types using a single command. For example, if application and database are installed on the same computer, you can use this service to start and stop both of these deployment types using a single command. If application, Elasticsearch, and database are deployed on separate computers, this service identifies the deployment type installed and starts and stops the services for that deployment type. For more information, see Using the system service.
Requirements for integrating with endpoint managers and other BMC products
This section lists the requirements for the endpoint managers and other BMC products that TrueSight Server Automation integrates with.
Endpoint manager requirements
When connecting TrueSight Vulnerability Management version 3.0.01 to TrueSight Server Automation, TrueSight Network Automation, or SCCM, the following versions of endpoint managers are supported:
|Endpoint manager||Supported versions|
|TrueSight Server Automation|
(Formerly known as BMC Server Automation)
|TrueSight Network Automation|
(Formerly known as BMC Network Automation)
|SCCM||Microsoft System Center 2017 Configuration Manager|
Compatibility with other BMC products
Some features of TrueSight Vulnerability Management version 3.0.01 work in conjunction with other BMC products and versions, as listed in the following table:
Downloading, installing, and upgrading to the service pack
You can upgrade to the version 3.0.01 from version 3.0. For more information, see Upgrading.