20.08 enhancements

Enhanced connector configuration experience in TrueSight Automation Console

In earlier versions, after installing the product, an administrator would configure the TrueSight Orchestration and BMC Discovery connectors using the REST API. In this release, after installing TrueSight Automation Console, an administrator can configure those connectors using the new Manage Connectors page. 

The TrueSight Server Automation connector is configured during installation and appears in the Running state on the Manage Connectors page. You can update the Server Automation host details, service account, or data refresh interval by editing the connector. Therefore, the Administration > Service Account page is not required anymore and has been removed from this release. 

For more information, see Managing-connectors.

Collecting diagnostic information in TrueSight Automation Console

You can now collect diagnostic information such as logs and configuration files for the TrueSight Automation Console (on-premises) services in a zipped file by running a command using the Stack Manager. For this, a zip library must be created on the host where the application is installed. 

For more information, see Collecting-diagnostic-information. 

Remediating missing patches and vulnerabilities from the dashboard

You can now create a remediation operation for missing patches directly from the Patch Dashboard page. After filtering the data for a patch policy, you can click Remediate to open the Create Operation page. 

The Remediate option is also available when you drill down to the Patch Compliance widget and select a policy. 

For details, see Using-the-Patch-Dashboard.

For all actionable vulnerabilities, you can now create a remediation operation directly from the Vulnerability Dashboard page. The Remediate option takes you to the Create Operation page with selected actionable vulnerabilities. You can also filter and choose more vulnerabilities while creating the operation. 

The Remediate option is also available when you drill down to the Vulnerabilities widget to view the Actionable Vulnerabilities. 

For details, see Using-the-Vulnerability-Dashboard.

Dashboard enhancements

The Patch and Vulnerability Dashboard are enhanced with the following enhancements. 

Patch Dashboard enhancements

The following image shows the enhancements in the Patch Dashboard:

1. New Risk Score and Risk Owner filters – Filters data on the dashboard. 
2. New Missing Patches by Stage widget – Shows the total number of missing patches by stage. If an operation is created for the missing patches, the different stages are Awaiting Execution, Awaiting Attention, and Awaiting Approval. 
3. New Top 10 Business Services at Risk widget – Shows the top 10 business services or applications with the maximum number of missing patches and impacted assets.
   You see this information only if the BMC Discovery connector is configured.
4. New Top 10 Risk Owners widget – Shows the number of missing patches that are owned by the top ten security groups and the impacted assets.
5. The Remediation Trend widget – Shows a trend for the past 13 weeks. In earlier versions, this widget showed data for the past six weeks. A new Average Days Awaiting Approval graph shows data for the average number of days for which a change request is pending approval for a patch operation. 
6. The Asset Distribution by Severity widget – This is renamed to Asset Distribution by Risk Score.

For details, see Using-the-Patch-Dashboard.

Vulnerability Dashboard enhancements

The following image shows the enhancements in the Vulnerability Dashboard:

1. New Marked as Exception stage on the Vulnerabilities by Stage widget – Shows the number of vulnerabilities for which an exception is created.
2. New Top 10 Risk Owners widget – Shows the number of vulnerabilities that are owned by the top ten security groups and the impacted assets.
3. The Remediation Trend widget – Shows a trend for the past 13 weeks. In earlier versions, this widget showed data for the past six weeks. 

For details, see Using the Vulnerability Dashboard.

Support for auto-import of scan files from Nessus

Typically, you export a scan file from any of the supported vulnerability scanning systems, and then import the scan file in Automation Console. With this release, you can automate the process of exporting scan files from Nessus and importing them in to Automation Console, by integrating with TrueSight Orchestration.

For details, see Use-case-Automatically-importing-vulnerability-scan-files.

Exceptions for vulnerabilities

You can now create exceptions to exclude vulnerabilities on assets for a selected period. When you create a remediation operation, vulnerabilities that are a part of an exception are not displayed. Creating exceptions lets you exclude a set of vulnerabilities for a particular duration, and then remediate them later. This ensures that an operation is not created for these vulnerabilities due to human error. Exceptions can also be created when assets are going to be decommissioned, and hence can be left out of the remediation process. 

Administrators can create exceptions and operators can only view the details of the exceptions created in their environment. 

For details, see Working with exceptions.

Enriching scanned asset information using tags

On the Scanned Assets page, you can now add tags to the assets imported from a vulnerability scan file. While creating a vulnerability remediation operation, you can also choose assets based on the tags. For details, see Working-with-assets. 

Support for vulnerability management for additional operating systems

You can now import scanned asset data for the following operating systems in addition to Microsoft Windows and Red Hat Enterprise Linux:

• IBM AIX
• HP-UX
• Solaris
• CentOS
• SuSE
• Ubuntu
• Debian
• Oracle Enterprise Linux (OEL)

You can create vulnerability operations for assets with the newly supported operating systems only if the remediation content type is NSH script or BLpackageDeploy.

Noise reduction for missing patches and vulnerabilities

If the vulnerabilities and missing patches affect the same assets, and if the remediation content is common to both, then the vulnerability remediation operation also remediates the missing patches. This saves time and effort and ensures that the number of risks is reduced. 

For details, see Operations.

Filters for Risk Score, Risk Owner, and Risk Tags

A risk score is a range of numeric values, similar to severity, which you can change for the risks identified on the assets. A risk owner is the security group who owns vulnerabilities or missing patches. By default, the risk owner is the security group who has imported a scan file (for vulnerabilities) or created a patch policy (for missing patches).

The Risk Owner and Risk Score filters are available as advanced search filters on the following pages :

• Assets > Managed Assets
• Assets > Scanned Assets
• Risks > Missing Patches
• Risks > Vulnerabilities
• Operation for vulnerabilities: Select vulnerabilities using these filters. 
• Patch Dashboard
• Vulnerability Dashboard

The Risk Tag filter is available as an advanced search filter on the following pages:

• Risks > Missing Patches
• Risks > Vulnerabilities
• Operation for vulnerabilities: Select vulnerabilities using this filter.

You can modify or update the risk score, risk owner, and risk tags using the API endpoint: PATCH/api/v1/violations. 

For details, see Using-REST-API.

REST API updates

With this release, the following changes are made to the REST APIs:

• A REST API request expires after 15 minutes. After this, you must generate the authentication token again.
• The Login APIs are changed from the previous release. If you have used these APIs for any automated tasks, update your code as per the latest APIs.

For more information, see Using-REST-API.

User experience enhancements

This release also provides several changes to the existing features that improve your experience with the product: