Using the Vulnerability Dashboard


This topic provides instructions to view the vulnerability dashboard and the information each widget displays.

To view information about the missing patches, see Using-the-Patch-Dashboard.

Viewing the Vulnerability Dashboard

Widgets on the dashboard display metrics about the assets and the vulnerabilities. You can drill down to a widget to view additional data related to the metrics. The Dashboard data refreshes every time after you import a scan, map vulnerabilities, and run remediation operations to completion. 

To view metrics based on any of the following options, select a filter, and click Apply

  • Operating System
  • Severity
  • Scan File: Lists the scan files imported in BMC Helix Automation Console.  

Tip

Click PDF to download the current dashboard metrics as a PDF file.

Vulnerabilities

This widget shows the total number of vulnerabilities imported from a scan file in the BMC Helix Automation Console and their distribution. Vulnerabilities mapped to remediation content are displayed in the Mapped Vulnerabilities graph. Vulnerabilities mapped to remediation content and assets are displayed in the Actionable Vulnerabilities graph. 

To drill down for more information about the mapped vulnerabilities, click the bar graph. In the following image, the vulnerability names, CVE IDs, severity, and the number of impacted assets for mapped and unmapped vulnerabilities are displayed. 

Mapped_vulnerabilities pop-up.png

To drill down for more information about the actionable vulnerabilities, click the bar graph. In the following image, the vulnerability names, CVE IDs, severity, and the number of impacted assets for actionable and non-actionable vulnerabilities are displayed. 

Actionable vulnerabilities popup.png

Asset Distribution by SLA

This widget shows the number of assets with vulnerabilities based on their service level agreements (SLA). Using this data, you can plan remediation steps based on your organizational standards. 

If assets are approaching an SLA level, they appear in Approaching SLA. Assets with a severity level other than Critical appear in Exceeding SLA (Other). Assets that have reached a critical severity appear in the Exceeding SLA (Critical) graph. 

To view the number of vulnerabilities for assets based on their SLA, click the bar graph, and then click any SLA level to see the assets based on the SLAs. 

In the following image, 10 assets with vulnerabilities are in the Within SLA bracket.  

Asset Distribution by SLA_popup.png

Asset Distribution by Severity

This widget shows the total number of assets and their classification as per the vulnerability severity levels. Assets with vulnerabilities of different severity levels are counted as belonging to the highest level. 

For example, out of 100 assets, if 10 assets have vulnerabilities with a Critical, High, and Medium severity, those 10 assets appear in the Critical bracket. If 20 assets have vulnerabilities with a High and Low severity, those assets appear in the High bracket. 

To view more information about assets based on their severity, click the bar graph and then click each severity level. 

In the following image, 5 assets are in the Critical state. 

Asset Distribution by severity_popup.png

Vulnerability by Stage

After you map vulnerabilities with remediation content, either automatically or manually, you create an operation to remediate the vulnerabilities. This widget shows the number of vulnerabilities for which an operation is created (Awaiting Execution) against the number of vulnerabilities where the operation is yet to be created (Awaiting Attention). 

To view more information, click the bar graph. Vulnerability name, CVE IDs, severity, and the number of impacted assets are displayed. 

Vulnerabilities by Stage_popup.png

Remediation trend

This widget shows a cumulative vulnerability remediation trend for the last six weeks, which includes the total number of vulnerabilities against the vulnerabilities remediated on the assets. 

This graph also shows: 

  • Average Days Awaiting Attention: Average number of days since vulnerabilities are identified and not yet remediated. 
  • Average Days Awaiting Execution: Average number of days in which a remediation operation is scheduled but not yet executed. 
  • Average Days to Close: Average number of days it takes from identifying a vulnerability to successfully remediating it. 

To view more information, click the bar graph. The total number of vulnerabilities identified and remediated is displayed. You can also view these details:

  • Vulnerability name
  • Impacted assets
  • Scan Age: Number of days since the vulnerability is identified in the scan file by a vulnerability management tool. 
  • Severity
  • CVE IDs

Remediation Trend_popup.png

Top 10 Missing Vulnerabilities

This widget shows the top ten vulnerabilities and the impacted assets on which the vulnerabilities are identified. This metric also shows the SLA level for the vulnerabilities.

Click the Impacted Assets link to see the assets and their operating system for each vulnerability. 

Top 10 vulnerabilities_popup.png

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*