This topic provides an overview of the enhancements in version 3.1 of TrueSight Vulnerability Management.
Vulnerability Management now supports the operator-initiated Change Automation for the following endpoint managers:
TrueSight Server Automation
- TrueSight Network Automation
- Microsoft System Center Configuration Manager (SCCM)
In earlier versions, endpoint managers are responsible for creating and tracking the change ticket in the change management system (such as BMC Remedy IT Service Management). In version 3.1, Vulnerability Management creates and tracks the change request, thus eliminating the dependency on the endpoint managers. For more information about Change Automation, see Change Automation.
Integration with the Nessus scanner
Vulnerability Management version 3.1 supports direct integration with the Nessus scanner. This integration allows you to download and import vulnerability scans from the Nessus server automatically, without any need for exporting the scans from Nessus or manually importing the scans into Vulnerability Management. After successful import, assets and vulnerabilities are mapped automatically. For more information, see Integrating with Nessus scanner.
Vulnerability Management version 3.1 supports the use of public key infrastructure (PKI) to authenticate users who present the common access card (CAC) or who have imported a valid client certificate into their browser. To enable PKI authentication, you need to configure Vulnerability Management.
After PKI is enabled, when you log onto Vulnerability Management, you only need to choose a Vulnerability Management site that is configured for PKI and enter a PIN if your certificate requires one. No user ID and password are necessary.
Configuring Data Refresh interval
In version 3.1, you can configure the interval at which vulnerability data of an endpoint manager should be regularly updated in Vulnerability Management. The default interval is 60 minutes. For more information, see Configuring a Data Refresh profile.
Support for version 6.8.0 of Elasticsearch
Vulnerability Management version 3.1 uses Elasticsearch version 6.8.0, which supports authentication by default, hence your Elasticsearch deployment is secured. You can disable the authentication if needed. For more information, see Configuring authentication for Elasticsearch.
Third-party software support
Vulnerability Management version 3.1 is bundled with the following third-party software:
- AdoptOpenJDK 11.0.2+9
- Apache Tomcat web server 9.0.19
- Alpine Linux 3.9.2
Product requirements and compatibility
This section lists the endpoint manager requirements and other BMC product requirements with which Vulnerability Management is integrated.
Endpoint manager requirements
When connecting TrueSight Vulnerability Management to TrueSight Server Automation, TrueSight Network Automation, or SCCM, the following versions of endpoint managers are supported.
|Endpoint manager||Supported versions|
|TrueSight Server Automation|
|TrueSight Network Automation|
|SCCM||Microsoft System Center 2017 Configuration Manager|
Compatibility with other BMC products
Some features of Vulnerability Management version 3.1 work in conjunction with other BMC products and versions, as listed in the following table.
|TrueSight Orchestration Platform|
|TrueSight Orchestration Content|
|BMC Remedy IT Service Management|