Documentation update To provide a better user experience, we have now created a separate documentation space for BMC Helix Automation Console (previously called BMC Helix Vulnerability Management). Users of BMC Helix Automation Console can find the latest documentation at BMC Helix Automation Console..

Use case: Remediating vulnerabilities

This topic provides instructions on how to identify and remediate vulnerabilities. 

What do I need to get started?

  • A user account with privileges to access either BMC Helix Automation Console or TrueSight Automation Console. 
    You do not require administrative privileges for this use case. 
  • An administrator must have imported patch catalogs from TrueSight Server Automation.
  • An administrator must have defined Service Level Agreement deadlines and warning thresholds. 
  • Results of a vulnerability scan in a supported file format. 
    For details about the vulnerability scanning tools and supported formats, see Scans.

How to identify and remediate?

This topic describes the steps to identify and remediate vulnerabilities.

1. Import a vulnerability scan results file. 

For details, see Working-with-scans.

2. View asset details, and if required, manually map each asset. 

After you import a scan file, assets are automatically mapped to endpoints in the endpoint manager, and the results appear on the Assets > Scanned Assets page and on the Vulnerability Dashboard

On the Scanned Assets page, you can view these results: 

  • Assets imported from a scan, automatically mapped to endpoints
  • Number of vulnerabilities identified for each asset
  • Host name, IP address, and operating system of each asset
  • Vulnerability management scanning system that has scanned the assets

If assets are not mapped automatically, manually map each asset.

For details, see Working-with-assets.

The Vulnerability Dashboard provides a graphical view of the assets and vulnerabilities imported from a scan file. On the dashboard, you can view these results: 

  • Total number of vulnerabilities and number of mapped and actionable vulnerabilities
  • Number of impacted assets by Service Level Agreement levels
  • Number of impacted assets by risk score
  • Number of vulnerabilities by their remediation stages and created exceptions
  • Vulnerability remediation trend for the last thirteen weeks
  • Top 10 identified vulnerabilities and the number of impacted assets for every single vulnerability
  • Top 10 business services with the maximum number of vulnerabilities and the impacted assets
  • Top 10 owners with the number of vulnerabilities and the impacted assets

The following figure shows the asset and vulnerability data on the Vulnerability Dashboard

Use case_Vul Dashboard.png

For details, see Using-the-Vulnerability-Dashboard

3. View vulnerability results, and if required, manually map each vulnerability with remediation content.

After you import a scan file, vulnerabilities are automatically mapped to remediation content, which includes patches, NSH scripts, or deploy jobs. The results appear on the Risks > Vulnerabilities page.  

On the Vulnerabilities page, you can view these results for each vulnerability: 

  • Vulnerability name, ID, source, and severity
  • CVE IDs associated with vulnerabilities
  • Mapping status, whether mapped or unmapped, with remediation content
  • Remediation content
  • Number of impacted assets for each vulnerability

If vulnerabilities are not mapped to remediation content automatically, manually map each vulnerability. 

For details, see Working-with-risks

4. Create an operation to remediate vulnerabilities. 

For details, see Working-with-operations


 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*