Using BMC Discovery to detect blind spots and filter for applications
This use case demonstrates how to use TrueSight Vulnerability Management with BMC Discovery to perform two activities:
- Enable blind spot detection
- Filter vulnerabilities on dashboards by application
This topic includes the following sections:
The following video demonstrates how to use TrueSight Vulnerability Management with BMC Discovery.
When you integrate TrueSight Vulnerability Management with BMC Discovery, you can identify which servers in your environment are not included in vulnerability scans. These are blind spots, and they represent potential security risks. Using TrueSight Vulnerability Management, you can generate a list of blind spot servers so you can then determine whether they need to be included in vulnerability scans.
Because BMC Discovery can determine which applications are being used in a server environment, you can use that information to filter Operator Dashboard results by application. For example, you might want to limit the dashboard to vulnerabilities related to Apache Tomcat or Microsoft IIS. When you filter information in this way, you can perform remediation operations aimed at particular types of applications.
What do I need to get started?
- BMC Discovery must already be connected to TrueSight Vulnerability Management. You can only use BMC Discovery in conjunction with TrueSight Server Automation.
Identifying blind spots
In this use case, we generate a list of servers not included in vulnerability scans. These servers are potential blind spots.
Example (click to enlarge)
Select TrueSight Vulnerability Management > Operator Dashboard.
At upper left, note the value of Unscanned, which shows the number of servers that were detected using BMC Discovery but were not included in the scan file information currently displayed. Unscanned servers are blind spots in the server environment and potential security risks.
|2||Export a list of unscanned servers by clicking Export at upper right. The file that is exported is named vulnerability-asset-export.zip.|
Extract the contents of the ZIP file and then open the file called unscanned-asset-export-1.csv. The file is in CSV format, so it can be opened in a spreadsheet.
You can examine the contents of the spreadsheet and determine which servers are blind spots and should be added to vulnerability scans to ensure that you are not missing security threats. The list of server names is on the left.
Filtering on dashboards by application
In this use case, we filter information on a dashboard based on vulnerabilities associated with a particular software application.
Example (click to enlarge)
Select TrueSight Vulnerability Management > Operator Dashboard to display the Operator Dashboard.
First, notice how many unique servers have vulnerabilities and how many unique vulnerabilities are present. In this example we see 28 unique assets with 417 unique vulnerabilities.
We're going to filter out everything except vulnerabilities related to Microsoft IIS.
|3||Click Apply Filters (at right).|
Now the DashboaΩrd shows vulnerabilities for 1 unique asset and 137 unique vulnerabilities.
At this point, you might want to use the list of Actionable Vulnerabilities to launch remediation actions on the three servers. To do so, click Remediate, which launches a wizard that lets you define operations to correct the actionable vulnerabilities.
Wrapping it up
In this topic you exported a list of blind spot servers—that is, servers in your environment that were not included in your vulnerability scans. Then, you filtered information on the Operator Dashboard using application information made available from BMC Discovery.
Where to go from here
If you want to learn more about creating operations to correct actionable vulnerabilities, see Creating a Remediation operation.