Unsupported content This version of the product has reached end of support. The documentation is available for your convenience. However, you must be logged in to access it. You will not be able to leave comments.

Using BMC Discovery to detect blind spots and filter for applications


This use case demonstrates how to use TrueSight Vulnerability Management with BMC Discovery to perform two activities:

  • Enable blind spot detection
  • Filter vulnerabilities on dashboards by application

This topic includes the following sections:

The following video demonstrates how to use TrueSight Vulnerability Management with BMC Discovery.

icon-play.pnghttps://youtu.be/crEearlVHr8

Introduction

When you integrate TrueSight Vulnerability Management with BMC Discovery, you can identify which servers in your environment are not included in vulnerability scans. These are blind spots, and they represent potential security risks. Using TrueSight Vulnerability Management, you can generate a list of blind spot servers so you can then determine whether they need to be included in vulnerability scans.

Because BMC Discovery can determine which applications are being used in a server environment, you can use that information to filter Operator Dashboard results by application. For example, you might want to limit the dashboard to vulnerabilities related to Apache Tomcat or Microsoft IIS. When you filter information in this way, you can perform remediation operations aimed at particular types of applications.

What do I need to get started?

  • BMC Discovery must already be connected to TrueSight Vulnerability Management. You can only use BMC Discovery in conjunction with TrueSight Server Automation.

Identifying blind spots

In this use case, we generate a list of servers not included in vulnerability scans. These servers are potential blind spots.

 

Procedure

Example (click to enlarge) 

1

Select TrueSight Vulnerability Management > Operator Dashboard.

At upper left, note the value of Unscanned, which shows the number of servers that were detected using BMC Discovery but were not included in the scan file information currently displayed. Unscanned servers are blind spots in the server environment and potential security risks.

 

 

OperatorDashboardUnscanned.png

2

Export a list of unscanned servers by clicking Export at upper right. The file that is exported is named vulnerability-asset-export.zip.

ExportButton.png

3

Extract the contents of the ZIP file and then open the file called unscanned-asset-export-1.csv. The file is in CSV format, so it can be opened in a spreadsheet.

You can examine the contents of the spreadsheet and determine which servers are blind spots and should be added to vulnerability scans to ensure that you are not missing security threats. The list of server names is on the left.

BlindSpotSpreadsheet.gif

Filtering on dashboards by application

In this use case, we filter information on a dashboard based on vulnerabilities associated with a particular software application.

 

Procedure

Example (click to enlarge) 

1

Select TrueSight Vulnerability Management > Operator Dashboard to display the Operator Dashboard.

First, notice how many unique servers have vulnerabilities and how many unique vulnerabilities are present. In this example we see 28 unique assets with 417 unique vulnerabilities.

 

 

UniqueVulns.png

2

We're going to filter out everything except vulnerabilities related to Microsoft IIS.

  1. Select Software Instance.
  2. Scroll down and select the type of application for which vulnerability information should be displayed. In this example, we select two instances of Microsoft IIS.

 

FilterByIIS.gif

3

Click Apply Filters (at right).

ApplyFilters.png

4

Now the DashboaΩrd shows vulnerabilities for 1 unique asset and 137 unique vulnerabilities.

FilteredVulns.png

5

At this point, you might want to use the list of Actionable Vulnerabilities to launch remediation actions on the three servers. To do so, click Remediate, which launches a wizard that lets you define operations to correct the actionable vulnerabilities.

ActionableVulns.png

Wrapping it up

In this topic you exported a list of blind spot servers—that is, servers in your environment that were not included in your vulnerability scans. Then, you filtered information on the Operator Dashboard using application information made available from BMC Discovery.

Where to go from here

If you want to learn more about creating operations to correct actionable vulnerabilities, see Creating-a-Remediation-operation.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*