Use case: Remediating vulnerabilities

This topic provides instructions on how to identify and remediate vulnerabilities. 

What do I need to get started?

  • A user account with privileges to access either BMC Helix Automation Console or TrueSight Automation Console. 
    You do not require administrative privileges for this use case. 
  • An administrator must have imported patch catalogs from TrueSight Server Automation.
  • An administrator must have defined Service Level Agreement deadlines and warning thresholds. 
  • Results of a vulnerability scan in a supported file format. 
    For details about the vulnerability scanning tools and supported formats, see Working-with-scans.

How to identify and remediate?

This topic describes the steps to identify and remediate vulnerabilities.

1. Import a vulnerability scan results file. 

For details, see Working-with-scans.

2. View asset details, and if required, manually map each asset. 

After you import a scan file, assets are automatically mapped to endpoints in the endpoint manager, and the results appear on the Assets > Scanned Assets page and on the Vulnerability Dashboard

On the Scanned Assets page, you can view these results: 

  • Assets imported from a scan, automatically mapped to endpoints
  • Number of vulnerabilities identified for each asset
  • Host name, IP address, and operating system of each asset
  • Vulnerability management scanning system that has scanned the assets

If assets are not mapped automatically, manually map each asset.

For details, see Working-with-assets.

The Vulnerability Dashboard provides a graphical view of the assets and vulnerabilities imported from a scan file. On the dashboard, you can view these results: 

  • Total number of vulnerabilities and number of mapped and actionable vulnerabilities
  • Number of impacted assets by Service Level Agreement levels
  • Number of impacted assets by risk score
  • Number of vulnerabilities by their remediation stages and created exceptions
  • Vulnerability remediation trend for the last thirteen weeks
  • Top 10 identified vulnerabilities and the number of impacted assets for every single vulnerability
  • Top 10 business services with the maximum number of vulnerabilities and the impacted assets
  • Top 10 owners with the number of vulnerabilities and the impacted assets

The following figure shows the asset and vulnerability data on the Vulnerability Dashboard

Use case_Vul Dashboard.png

For details, see Using-the-Vulnerability-Dashboard

3. View vulnerability results, and if required, manually map each vulnerability with remediation content.

After you import a scan file, vulnerabilities are automatically mapped to remediation content, which includes patches, NSH scripts, or deploy jobs. The results appear on the Risks > Vulnerabilities page.  

On the Vulnerabilities page, you can view these results for each vulnerability: 

  • Vulnerability name, ID, source, and severity
  • CVE IDs associated with vulnerabilities
  • Mapping status, whether mapped or unmapped, with remediation content
  • Remediation content
  • Number of impacted assets for each vulnerability

If vulnerabilities are not mapped to remediation content automatically, manually map each vulnerability. 

For details, see Working-with-risks

4. Create an operation to remediate vulnerabilities. 

For details, see Working-with-operations


 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*