Detecting blind spots by using BMC Discovery

For an IT Operations team it is essential to manage and keep track of the status of all the assets in their environment. BMC Discovery obtains information about all the assets from TrueSight Server Automation.

The statuses of these discovered assets could fall under any of the following categories:

managed and scanned
unmanaged and unscanned
managed but unscanned

Using Automation Console you can manage these assets to ensure that they do not represent a blind spot in TrueSight Server Automation which could be a potential risk for security breaches.

Configuring-the-BMC-Discovery-connector

Working-with-scans

Working-with-assets

Working-with-patch-policies

Scenario

An organization, ABC Limited, uses BMC Discovery to manage all the assets that are enrolled in TrueSight Server Automation. Otto Operator, an IT Operator in ABC Limited, is responsible for managing and having all the assets in his organization managed and scanned in TrueSight Server Automation. To accomplish this, he configures the BMC Discovery Connector in the Automation Console. Automation Console fetches information about the servers even if they are not enrolled in TrueSight Server Automation and displays the data on the Discovered Assets page in Automation Console.

Otto Operator now analyzes the information on the Discovered Assets page, and if there are unmanaged and unscanned assets, he performs the following tasks:

Status	Action
Unmanaged	Map the asset in TrueSight Server Automation, see Working-with-assets
Unscanned	Execute a patch policy job to remediate missing patch, see Working-with-patch-policies

Benefits of blind spot detection

Detecting blind spots (unmanaged and unscanned assets) in TrueSight Server Automation helps to perform the following operations on:

Unmanaged Assets: to enroll them in TrueSight Server Automation, so that they can be accounted as managed assets
Unscanned Assets: to scan and execute remediation actions for missing patches and vulnerabilities

Workflow for blind spot detection

How to view and handle the detected blind spots?

This topic describes the steps to identify and handle blind spots.

Configure the Discovery connector, see Configuring-the-BMC-Discovery-connector.
Import a vulnerability scan results file. For more details, see Working-with-scans.
The scanned results appear in the Discovered Assets tab.
1. Total Discovered Assets: Total number of discovered assets by BMC Discovery. (Except excluded resources based on provided Exclude IPs/Hosts/Range list).
2. Unmanaged Assets: Total number of assets that are found by BMC Discovery and are not mapped to endpoints in TrueSight Server Automation.
3. Unscanned Assets: Total number of assets, either discovered, or mapped in Server Automation, but not yet scanned for vulnerabilities.
  
  For example, from the above image, we see that there are 5 discovered assets. Of the 5 discovered assets, 4 are unmanaged, and 3 are unscanned. So, of the 4 unmanaged assets, 1 has been scanned but is yet to be managed. This means that there are 4 blind spots in your environment, for which you must enroll 4 unmanaged assets in TrueSight Server Automation and perform a scan for 3 assets.
From the list of blind spot servers detected, you can determine whether they need to be included in vulnerability scans/patch flow.
Manually map the unscanned assets to your endpoint, TrueSight Server Automation for them to be accounted as Managed Assets for remediation and patching actions. For more details, see Working-with-assets.

Results

By configuring the BMC Discovery connector in the Automation Console, you realize the following benefits:

View information of all the assets in your TrueSight Server Automation endpoint
Map unmanaged assets to the end point so that they can be accounted as managed assets
Execute patch policy scan jobs for unscanned assets to check the status of the patches installed and perform remediation operations if required