Documentation update To provide a better user experience, we have now created a separate documentation space for BMC Helix Automation Console (previously called BMC Helix Vulnerability Management). Users of BMC Helix Automation Console can find the latest documentation at BMC Helix Automation Console..

Configuring the BMC Discovery connector

BMC Discovery connector establishes a connection with BMC Discovery to find all the assets in a network. BMC discovery obtains information about the assets even if they are not enrolled in the endpoint manager, TrueSight Server Automation. As an administrator, when you integrate BMC Helix Automation Console or TrueSight Automation Console with BMC Discovery, you can identify which assets in your environment are not included in vulnerability scans. These are blind spots, and they represent potential security risks. The blind spot assets appear on the Discovered Assets page. This helps to ensure that the discovered assets are scanned for missing patches, compliances, and vulnerabilities.

Important

Discovery integration is supported with TrueSight Server Automation endpoints only.

Important

When you edit the connector configuration, ensure that the server belongs to the Load Balancer setup or the Disaster Recovery setup in the same environment as the existing connector host. If you specify a new server outside of the Load Balancer setup or the Disaster Recovery setup, the existing data is duplicated leading to confusion and mismanagement.

Before you begin

Before running the connector, ensure that the connector is installed and run on Windows or Linux operating systems that match the following criteria:

  • AdoptOpenJDK Runtime Environment 18.9 (build 11.0.7+10) is installed on the connector host

  • Port requirement as below - 

    Port

    Protocol

    From

    To

    Notes

    443

    HTTPS

    Connector

    Discovery Server

    Outbound

    open and usable port on connector VM

    HTTPS

    Discovery Server 

    Connector

    Inbound

Configuring the BMC Discovery connector

After installing TrueSight Automation Console, BMC Discovery connector is available for configuration on the Connectors page.

To configure the connector, do these steps: 

  1. Log on to TrueSight Automation Console using the Server Automation profile and user. 
  2. Go to the Briefcase.pngbriefcase menu on the top right, and click Connectors.
  3. On the Manage Connectors page, click theimage2020-7-7_13-33-33.pngoption against BMC Discovery Connector and click Edit.
  4. On the Update a Connector page, provide the following details: 
    1. Enter the endpoint URL, in an FQDN format, with the port number where BMC Discovery is available.
      Example: https://<DISCOVERY_FQDN>:443
    2. Select one of the authentication type: 
      • Token Based: Provide the token.
      • User Credential Based: Enter a username and password required to log on to BMC Discovery. 
        If using a user credential based approach, a service account is created for this integration.
        After entering the password, click Save.
    3. Select one of the Business Service Configuration option: 
      • Create Business Services for all Business Application Instances. Select to import all business services from Discovery.

      • Create Business Service based on Subgroup name where manual Group name is: Provide a group name created in Discovery endpoint. For example, if you want business service based on the manual group named ProdLinux::AIX from the discovery endpoint, then specify ProdLinux. This will list only AIX business service in Automation Console. You can provide multiple comma-separated group names. For example, ProdLinux, ProdWindows
        Note: Make sure that the user belongs to the API access group.
        For information about creating groups in BMC Helix Discovery, see Creating manual groups. For more information about Business Services, Business Applications, see Start anywhere application modeling

    4. In the Collection Mode area, specify the data collection interval.
    5. By default, the time interval is 60 minutes. Minimum acceptable is 5 minutes and maximum is 10080 minutes.
    6. In the Share with area, add a list of security groups that can access the Discovered Assets page. Example: ITManagers, PatchingUser
    7. In the Exclude IPs/Hosts/Range area, add a list of hosts/IPs/range (only IPv4) for which resources are not be fetched from Discovery. (The list should be comma-separated and may consist of hosts/IPs/IPv4 range combinations. For example, 192.168.1.100,abc.xyz.com,192.168.10.100-192.168.10.200).
      Limitation:- If you provide similar IPv4 ranges, the last range is considered.
      Example:- 10.12.11.100-10.12.11.200,10.12.11.150-10.12.11.200
      In this case, the last range 10.12.11.150-10.12.11.200 will be considered for exclusion.
      image2022-11-14_17-7-53.png
  1. Save the changes.
  2. Clickimage2020-7-7_13-33-33.png> Enable to run the connector with the new changes.

Enabling debug mode

BMC recommends that you do not modify any other configuration files available in the /config directory. However, you can enable the debug mode on the connector to obtain detailed logging information.

Do this:

  1. Press CTRL+C twice to stop the connector, if its already running

  2. Go to <ConnectorLocation>/config, open the collector.properties file, set  the following parameter to debug, save the file

    ######## ADVANCED CONFIGURATION #########
    config.log_level=debug
  3. Restart the connector.

Where to go next?

Now that you have successfully configured the connector and added a service account, based on the data refresh cycle configured in the service account, the assets appear in Automation Console, under Assets > Discovered Assets page. To view discovered assets, see, Working-with-assets.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*