Using

TrueSight Vulnerability Management lets you use tools such as Qualys, Nessus, and Rapid7 to scan for vulnerabilities, import that information into TrueSight Vulnerability Management, and then analyze, prioritize, and remediate the vulnerabilities. The analytic tools available in TrueSight Vulnerability Management help align the actions of security and operations personnel who must maintain the integrity of your computing environment.

This topic provides a high-level description of the process for using TrueSight Vulnerability Management. It contains the following sections:

See Use cases for walkthrough topics that demonstrate in more detail how to use TrueSight Vulnerability Management to manage vulnerabilities.

Overview of the process

The process for using TrueSight Vulnerability Management consists of the following steps.

TD Process

Prerequisites

When connecting TrueSight Vulnerability Management to TrueSight Server Automation, TrueSight Network Automation, or SCCM, the following versions of endpoint managers are supported.


Endpoint managerSupported versions
TrueSight Server Automation
(Formerly known as BMC Server Automation)

Product version 3.0.01, 3.0.01.001:

8.9.04 
8.9.03
 
8.9.02

Product version 3.0:

8.9.03 
8.9.02
8.9.01

TrueSight Network Automation
(Formerly known as BMC Network Automation)

Product version 3.0.01, 3.0.01.001:

8.9.04
8.9.03

8.9.02

Product version 3.0:

8.9.038.9.02
8.9.01

SCCMMicrosoft System Center 2017 Configuration Manager
  • Console version 5.0.8498.1700
  • Site version 5.0.8498.1000
  • Microsoft System Center 2016 Configuration Manager
    • Console version 5.0.8412.1313
    • Site version 5.0.8412.1000
  • Microsoft System Center 2012 Configuration Manager SP2
    • Console version 5.0.8239.1000
    • Site version 5.0.8239.1000
  • All supported versions of SCCM have the following additional requirements:

When you start using TrueSight Vulnerability Management

The following table provides a brief description of the tasks needed to start using TrueSight Vulnerability Management.

Important

Starting from version 3.0.01, services for all three deployment types, database, Elasticsearch, and application, are started automatically when you restart the nodes. In version 3.0, you need to start the services manually using the following command after each restart: python truesight-sm.py start --deployment <deploymentType>. See Managing product services for more information.


TaskRelated documentation
Log onAccessing the interface

Set up connectors. During installation of TrueSight Vulnerability Management, all connectors (except SCCM) are installed and you need to configure at least one of the system connectors. After installation, you can configure them to leverage them for vulnerability management.

Setting up connectors

You must specify service level agreements (SLAs) for each vulnerability severity level. You can also specify a warning period after which vulnerabilities are classified as nearly exceeding SLAs.

Providing service level agreement information

TrueSight Vulnerability Management process

The following table provides a brief description of tasks required to use TrueSight Vulnerability Management and links to related documentation.

TaskRelated documentation

Import scan files ( TrueSight Vulnerability Management > Import).

The Scan Import page lets you import scan files that were created using a vulnerability management system, such as Qualys, Nessus, or Rapid7. During a scan file import, assets that are included in the scan file are automatically mapped to endpoints.  

Importing scan files

Map assets ( TrueSight Vulnerability Management > Assets).

The Assets page lets you map assets that are included in a vulnerability scan to endpoints. You can map assets one by one or you can automatically map assets.

Mapping assets to endpoints

Map vulnerabilities ( TrueSight Vulnerability Management > Vulnerabilities).

The Vulnerabilities page lets you map vulnerabilities identified in a vulnerability scan to remediation content. You can map vulnerabilities one by one or you can automatically map vulnerabilities.

Here is what you can use for remediation content:

  • TrueSight Server Automation—Any type of depot content, including patches, BLPackages, software packages, component templates and NSH scripts.
  • TrueSight Network Automation—Only corrective actions associated with network rules
  • SCCM—Software updates, applications, and application packages  
Mapping vulnerabilities to remediation content

View vulnerability data on the Security Dashboard ( TrueSight Vulnerability Management > Security Dashboard).

This dashboard provides visual tools to help security personnel assess the vulnerabilities affecting their computing environment, spot trends, and project days needed to close all vulnerabilities. Operations personnel can also use this dashboard.

Security Dashboard

View vulnerability data on the Operator Dashboard ( TrueSight Vulnerability Management > Operator Dashboard).

The Operator Dashboard provides visual tools to identify vulnerabilities on endpoints that require the highest priority remediation and then launch remediation actions for those endpoints.

If you are connected to BMC Discovery, you can also use this dashboard to identify servers that are not included in scans. These unscanned servers are sometimes called blind spots.

 Operator Dashboard

Launch remediation operations ( TrueSight Vulnerability Management > Operator Dashboard > Remediate).

After using the Operator Dashboard to filter vulnerability information, you can launch the Remediation operation wizard, which guides you through the process of configuring operations that can remediate the vulnerabilities you select.

Here is what the Remediation operation can do to correct vulnerabilities:

  • TrueSight Server Automation—Generate Patching, Deploy, and NSH Script operations
  • TrueSight Network Automation—Perform corrective actions associated with network rules
  • SCCM—Generate Software Update, Application, or Application Package operations

Creating a Remediation operation for TrueSight Server Automation

Creating a Remediation operation for TrueSight Network Automation

Creating a Remediation operation for SCCM

Manage operations on the Home page

When you run the Remediation operation wizard, it can generate one or more operations to remediate vulnerabilities. Those operations are listed on the Home page of TrueSight Vulnerability Management. From there you can execute operations, obtain information about operation results, and delete operations.

Managing operations

View results of operations

From the home page you can display detailed information about results of individual operations. When viewing results, the tools available vary depending on the type of operation.

Using results of operations

Monitor long-running operations

Some actions in TrueSight Vulnerability Management can take many minutes to complete. Use the Activity Status page to check on long-running actions.

 Monitoring the status of long-running activities

 Related videos

DescriptionVideo

This video demonstrates how to use TrueSight Vulnerability Management to map server assets and vulnerabilities detected in a vulnerability scan to the servers and remediation content you are managing with TrueSight Server Automation or SCCM.

 https://youtu.be/sUJQVcn4810

This video continues the remediation management process for TrueSight Server Automation. It shows how to use TrueSight Vulnerability Management to generate remediation operations for vulnerabilities detected in a vulnerability scan. 


https://youtu.be/RKmCHqfFXt4

This video continues the remediation management process for SCCM. It shows how to use TrueSight Vulnerability Management to generate remediation operations for vulnerabilities detected in a vulnerability scan. 


https://youtu.be/4_TyLaEQ3hU

This walkthrough demonstrates how to use TrueSight Vulnerability Management with BMC Discovery to enable blind spot detection and filter vulnerabilities on dashboards by application.

 https://youtu.be/crEearlVHr8


Was this page helpful? Yes No Submitting... Thank you

Comments