Documentation update To provide a better user experience, we have now created a separate documentation space for Helix Vulnerability Management. Users of Helix Vulnerability Management (includes BMC Helix Automation Console) can find the latest documentation at BMC Helix Vulnerability Management.

Risks

Risks refer to missing patches and vulnerabilities that are identified on assets.

Missing patches

When patch policies identify missing patches on assets, details about the missing patches are displayed on the Missing Patches page under Risks. Missing patches are identified only for assets with Windows or Linux operating systems.

Vulnerabilities

You can import scan results for vulnerabilities that are scanned by the scanning systems such as Nessus, Qualys, and Rapid7. When you import the results in TrueSight Automation Console,vulnerabilities get mapped to the remediation content automatically, or you may need to map them manually. Imported vulnerabilities are displayed on the Vulnerabilities page under Risks. 

You can also import scan results on assets with operating systems other than Windows and Linux. The supported operating systems are AIX, HP-UX, Solaris, CentOS, SUSE, Ubuntu, Debian, and OEL. You can create remediation operations for other OS only if the remediation content type is BLPackage and NSH script. 

Operations to remediate vulnerabilities can only be created if vulnerabilities are mapped to appropriate remediation content. 


Auto-mapping process

When you import a scan file, vulnerabilities get automatically mapped to remediation content (patches only) if both of these conditions are fulfilled: 

  • Assets in the scan file are either automatically or manually mapped to endpoints in the endpoint manager, TrueSight Server Automation. 
  • Patch catalogs that contain remediation for Common Vulnerability and Exposure (CVE) numbers associated with the vulnerabilities are already imported in Automation Console.
    If you import a patch catalog after importing the scan file, vulnerabilities are not automatically mapped. 

By default, Automation Console attempts to match the CVE ID of a vulnerability to a CVE ID associated with a bulletin or errata in a catalog imported in Automation Console. During auto-mapping, if a vulnerability with a CVE ID is mapped to patch catalogs of two different operating systems, and that same vulnerability is reported on the assets of different operating systems too, then Automation Console maps the remediation content to both the assets automatically. 

On the Risks > Vulnerabilities page, the vulnerability status shows the remediation content mapping status. Consult the following table to understand the scenarios for each status. 

Vulnerability Status

Scenario

Action required

Auto-mapped

There is a one-to-one mapping between CVE IDs and remediation content.

For example, each CVE ID is mapped to one remediation content.

None.

Remediation operation can be created with no changes required in the mapping.

Partially Mapped

Multiple CVE IDs for a vulnerability, but remediation content is mapped only for a few CVE IDs.

If an operation is created, this vulnerability is partially remediated and no longer appears in the Vulnerabilities list. Such a vulnerability still appears in the next scan. 

None.

Remediation operation can be created. However, vulnerability is partially remediated for the CVE IDs for which the remediation content is available.

Partially Mapped (Action Required)

One CVE ID is mapped to more than one remediation content.

Yes.

Remove the current mapping and manually map the vulnerability to the appropriate remediation content. After mapping the status changes to Mapped.

Now, a remediation operation can be created.

Unmapped

Vulnerability is not mapped to any remediation content.

This can happen if assets are not mapped to endpoints in the endpoint manager or patch catalogs are not imported in Automation Console.

Yes.

Manually map the vulnerability to an appropriate remediation content.

See Manual mapping process.

Manual mapping process

If some of vulnerabilities remain unmapped during import or during auto-mapping of new vulnerabilities, you can manually map them to remediation content. You can perform manual mapping for only one vulnerability at a time. 

When mapping manually, the remediation content can be of the following types:

  • BLPackages
  • Network Shell (NSH) scripts
  • Patches
  • Installshield packages
  • Microsoft Installer (MSI) packages
  • Operating system service packs
  • Red Hat packages
  • Custom software

Where to go from here

To view missing patches and vulnerabilities, and map vulnerabilities to remediation content, see Working-with-risks.

 

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*