Working with assets

This topic provides instructions on viewing the following types of assets:

• Assets with missing patches
• Assets identified in vulnerability scans performed by scanner connectors
• Assets discovered through integration with BMC Discovery

It also provides step-by-step instructions on performing various actions on these assets. 

Asset type	Description	Working with assets
Managed asset	The Managed Assets page shows a list of assets with missing patches and other details that are available in TrueSight Server Automation. On the Managed Assets page, you can add tags to the assets. To enter tag information, you can either export the asset data to a CSV file or click Import Tags to download a CSV template. Later, you upload the updated CSV file back in Automation Console.	Overview To view and export managed assets To import tags To remove tags To perform an advanced search for managed assets
Scanned assets	The Scanned Assets tab shows a list of assets imported from a vulnerability scan file, their mapping to endpoints in an endpoint manager, and the number of vulnerabilities identified for each asset.	To view and export assets from a vulnerability scan To map and unmap scanned assets To import tags To remove tags To perform an advanced search for scanned assets
Discovered assets	The Discovered Assets tab displays the assets discovered by BMC Discovery. You configure the BMC Discovery connector to make sure that unmanaged, unscanned, and the total number of discovered assets are sent to Automation Console. If you change the BMC Discovery endpoint in the connector later, the data discovered from the previous BMC Discovery instance is also retained.  The total number of assets for each category appears at the top of the page. You can perform a basic or advanced search using filters to look for specific data.	To view assets from BMC Discovery To perform an advanced search for Discovered assets

Managed assets

The Managed Assets tab displays the list of assets with missing patches. When patch policies identify missing patches on assets, these assets and their details appear on the Managed Assets tab. Missing patches are identified only for assets with Windows or Linux operating systems (Red Hat Enterprise Linux, SuSE, Oracle Enterprise Linux, and CentOS only).

Overview of Managed assets

On the Assets > Managed Assets tab, the total number of assets appears next to the tab title.

The page displays the following asset details:

• Asset Name—Unique asset name
• IP Address—IP address associated with the asset
• Remediation Tool—The endpoint manager against which the asset is mapped.
• Operating System/Device Vendor—The names of all the installed operating systems as retrieved directly from the configured TrueSight Server Automation endpoint manager OR the names of the vendor of the asset as retrieved directly from the configured TrueSight Network Automation endpoint manager. The column name and values are displayed according to the configured endpoint manager.
• Missing Patches—The number of missing patches
• Compliance Violations—The number of compliance violations
• Operating System Vendor/Device Type—The names of all the available operating system vendors as retrieved directly from the configured TrueSight Server Automation endpoint manager OR the device type as retrieved directly from the configured TrueSight Network Automation endpoint manager. The column name and values are displayed according to the configured endpoint manager.
• Tags
  To show tags as additional columns on the Managed Assets page, click Display Tags, select a tag, and click Apply. The new tag appears as a column. For example, if you have added a Location tag to the managed assets, after you select it, a new Location column appears, showing the location for each asset.

To search for managed assets

You can enter the host name, IP address, or operating system, and click Search, or use the Advanced filter option to filter assets.

• Click Advanced filter and select the required filters, and click Done. You can select multiple search criteria from the following options: 
  • Asset
  • Managed Asset Tag
  • Operating System/Device Vendor—The values are displayed according to the configured endpoint manager, TrueSight Server Automation or TrueSight Network Automation.
  • Operating System Vendor/Device Type—The values are displayed according to the configured endpoint manager, TrueSight Server Automation or TrueSight Network Automation.
  • Remediation Tool
  • Risk Owner
  • Risk Score
  • Unique Missing Patch

To export managed assets data

On the Assets > Managed Assets tab, click Export and enter a name to save the results in a CSV file. 

If you filter data using the advanced filter options and then export, then the filtered data appears in the CSV file. 

To view the unique missing patches

 To view the list of unique missing patches for any asset, perform the following steps:

1. Click the link against any asset in the Missing Patches column. 
   The Missing Patches page shows the unique missing patches along with their patch age, severity, classification, and CVE IDs for the particular asset. 
2. Click Clear Filters to view all unique missing patches across all assets. 
   To view more information about the missing patches, see Working-with-risks.

Scanned assets

The Scanned Assets tab displays a list of assets imported from a vulnerability scan file, along with their mapping to endpoints in the configured endpoint manager and the number of vulnerabilities identified for each asset. 

Overview of scanned assets

On the Assets > Scanned Assets page, the total number of assets imported from a scan appears next to the tab title.

The page displays the following asset details:

• Asset Name
• IP Address
• Status
• Source
• Remediation Tool
• Operating System
• Vulnerability
• Tags
  To show tags as additional columns on the Scanned Assets page, click Display Tags, select a tag, and click Apply. The new tag appears as a column. For example, if you have added a Location tag to the scanned assets, after you select it, a new Location column appears, showing the location for each asset.

To view the vulnerabilities mapped against an asset

To view a list of vulnerabilities identified for an asset, perform the following steps: 

1. Click the link against any asset in the Vulnerability column.
   The Vulnerabilities page shows the vulnerabilities and their details. 
2. Click Clear Filters to view all vulnerabilities imported from the latest scan. 
   To view more information about vulnerabilities, see Working-with-risks.

To search for scanned assets

You can enter an asset or host name or IP address, and click Search, or use the Advanced filter option to filter assets.

• Click Advanced filter and select the required filters, and click Done. You can select multiple search criteria from the following options: 
  • Asset
  • Operating System
  • Remediation Tool
  • Risk Owner
  • Risk Score
  • Scanned Asset Tag
  • Source
  • Status
  • Vulnerability Nam

    Information

    • When you select the Operating System filter, the list of operating systems is populated dynamically depending upon the imported scan file.
    • When you select the Asset, Operating System, Risk Owner, Risk Score, Status, and Vulnerability Name filters, you can click Select all to select all the sub-criteria, and click Clear all to clear your selection.
    • The selected Advanced filters are retained in the following scenarios:
      • If you navigate to different pages on the Automation Console during an active session.
      • If you access the Automation Console on a duplicate tab in the same browser during an active session.
    • The selected Advanced filters are not retained in the following scenarios: 
      • If you access the Automation Console by using a different browser during an active session.
      • If you log out of the Automation Console and log in again using the same browser.
      • If you log out of the Automation Console and log in again using a different browser.

• Click Clear Filters to go back and view unfiltered data. 

To export scanned assets data with vulnerabilities

On the Assets > Scanned Assets page, click Export and enter a name to save the results in a CSV file. 

If you filter data using the advanced search options and then export, the filtered data appears in the CSV file.

To map and unmap scanned assets

After you import a vulnerability scan file into BMC Helix Automation Console, assets are automatically mapped to endpoints managed by the endpoint manager or Remediation Tool. During auto‑mapping, BMC Helix Automation Console first matches an asset’s FQDN or hostname, and then its IP address, to identify the corresponding endpoint. Vulnerabilities are mapped to remediation content only after the asset is successfully mapped.

If an asset is decommissioned in the endpoint manager and no remediation operation is created for its missing patches or vulnerabilities, the asset becomes unmapped in Automation Console, and its status appears as Manually Unmapped. When the asset is later recommissioned, it is not automatically mapped again and must be manually mapped.

Auto‑mapping may occasionally fail because firewalls, load balancers, or proxies can create discrepancies in identifying endpoints. You can manually map each unmapped asset to only one endpoint. If you map an asset to an endpoint that is already mapped, the existing mapping is replaced with the new one.

To manually map scanned assets the Assets > Scanned Assets page, perform the following steps: 

1. Select an asset and click Map.
2. The Remediation tool is selected according the the endpoint manager configured in your system.
3. Select an endpoint and save changes.
   You can use the Operating System or Operating System Vendor filters to select the endpoints. The asset status changes to 'Mapped', and the mapped endpoint appears under the asset's host name.

To manually remove mapping, select one or more assets with the status Mapped and click Remove Mapping. You cannot remove mapping for assets for which a remediation operation is created and scheduled. 

To import tags for managed and scanned assets

On the Managed Assets or the Scanned Assets page, perform the following steps:

1. Click Import Tags and either download the CSV template or download the assets data in a CSV format.
2. (Optional) To download filtered data, perform an advanced search and then click Export to obtain the asset data in a CSV file. 

3. If you use the exported CSV file, in the Tags column, add tag keys and values to be associated with the assets, in a key: value format. 
   OR
   If you use the CSV template, provide asset data such as the asset ID, scanned host name, IP address, and then add tag keys and values in a key: value format. 
   For example, the CSV template is in the following format, in which you provide the asset data and tags:  

   Asset ID	Scanned Hostname	Scanned IP Address	Tags
   <asset_name>	<host name>	<IP_address>	LOCATION: Pune; OWNER: Admin
   <asset_name>	<host name>	<IP_address>	LOCATION: USA; OS: Redhat Linux

   Information

   Best practices for adding tags

   • To add more than one key:value pair, use a semi-colon separated list.
   • You can add more than one value for a particular key in a key:value pair format.
     Example: LOCATION: Pune; LOCATION: Austin
   • Every time you import tags for assets, the previous values are overwritten based on the latest CSV file.
   • You can import up to 10000 key:value pairs through a CSV file.
4. Attach the updated CSV file, and then click Import.
5. Click Display Tags and select the tags that you want to be displayed on the Managed Assets or Scanned Assets page. 
   Tagging for scanned and managed assets is handled separately. 

To remove tags

To remove a tag, remove its value from key: value pair(s) in the exported CSV file, and then import the same file again in Automation Console. For example, to remove the tag LOCATION: Pune, remove Pune and import the CSV file again.

Discovered assets

The Discovered Assets tab displays the assets discovered by BMC Discovery. You configure the BMC Discovery connector to make sure that unmanaged, unscanned, and the total number of discovered assets are sent to Automation Console.

Overview of Discovered assets

On the Assets > Discovered Assets page, the total number of assets discovered by BMC Discovery appears next to the tab title.

The page displays the following asset details:

• The key performance indicators (KPIs) show the following information: 
  • Total Discovered Assets: Total number of discovered assets by BMC Discovery. (Except excluded resources based on provided Exclude IPs/Hosts/Range list).
  • Unmanaged Assets: Total number of assets that are found by BMC Discovery, but are not mapped to endpoints in TrueSight Server Automation.

  • Unscanned Assets: Total number of assets, either discovered, or mapped in Server Automation, but not yet scanned for vulnerabilities. If an auto-mapped asset is unmapped from the Scanned Assets page, it gets counted in the Unscanned Assets. 

• To view the details of the assets for a particular KPI, click the KPI link. 
  For example, if you click Total Discovered Assets, all assets discovered by BMC Discovery appear in the list. This excludes any resources based on the provided Exclude IPs, Hosts, or Range list.
  • Asset name
  • IP address
  • Operating system
  • Service
  • End of Life: Date signifying the end of life of the asset
  • End of Support: Date signifying the end of support for the asset
• If you want to remove an asset, remove it first from TrueSight Server Automation and then from BMC Discovery. This change gets reflected in Automation Console based on the Data Refresh Cycle configured on the Configuration > Service Account page. Services affecting such assets are also removed from Automation Console.
• If you delete an asset from BMC Discovery, which is not managed in Automation Console but is available only in BMC Discovery, the services at risk for the asset are not removed and the data remains unchanged in the Top 10 Business Services at Risk widget on the dashboard.

To search for Discovered assets

You can enter a host name, IP address, or operating system of the asset and click Search, or use the Advanced filter option to filter assets.

• Click Advanced filter and select the required filters, and click Done. You can select multiple search criteria from the following options:
  • Asset
  • Service
  • Operating System

    Information

    Important

    • When you select the Operating System and Operating System Vendor filters, the lists of operating systems and operating system vendors are retrieved directly from the endpoint manager.
    • The selected Advanced filters are retained in the following scenarios:
      • If you navigate to different pages on the Automation Console during an active session.
      • If you access the Automation Console on a duplicate tab in the same browser during an active session.
    • The selected Advanced filters are not retained in the following scenarios: 
      • If you access the Automation Console by using a different browser during an active session.
      • If you log out of the Automation Console and log in again using the same browser.
      • If you log out of the Automation Console and log in again using a different browser.
• Click Clear Filters to go back and view unfiltered data.