Working with assets

The Assets page in the application lists the managed, scanned, and discovered assets depending on the endpoint manager, TrueSight Server Automation or TrueSight Network Automation.

The following sections provide instructions on viewing and exporting a list of assets (servers or network devices) depending on the endpoint manager, TrueSight Server Automation or TrueSight Network Automation.  TrueSight Automation Console also supports TrueSight Network Automation as an endpoint manager.

It also provides instructions on mapping assets to endpoints in the endpoint manager and adding tags. 

Asset type

Description

Working with assets

Managed asset

For TrueSight Server Automation, the Managed Assets page shows a list of assets that are available in TrueSight Server Automation. When patch policies identify missing patches on assets, the assets with missing patches and other details appear on the Managed Assets page. Missing patches are identified only for assets with Windows or Linux operating systems (Red Hat Enterprise Linux, SuSE, Oracle Enterprise Linux, and CentOS only).

For TrueSight Server Automation, the Managed Assets page shows a list of assets that are available in TrueSight Network Automation. When you configure the TrueSight Network Automation connector, the network devices in the connected Network Automation instance appear on the Managed Assets page. When you add a device in Network Automation, the asset appears in Automation Console after the data collection interval specified in the connector.

On the Managed Assets page, you can add tags to the assets. To enter tag information, you export the assets data to a CSV file or click Import Tags to download a CSV template. Later, you upload the updated CSV file back in Automation Console. 

Scanned assets

The Scanned Assets tab shows a list of assets imported from a vulnerability scan file, their mapping to endpoints in an endpoint manager (TrueSight Server Automation or TrueSight Network Automation), and the number of vulnerabilities identified for each asset. 

After you import a vulnerability scan file in Automation Console, assets are automatically mapped to endpoints managed by the endpoint manager. During auto-mapping, Automation Console matches the FQDN or hostname and then the IP address of an asset in a scan to the endpoint. Vulnerabilities are not automatically mapped to the remediation content unless assets are mapped to the endpoints. If an asset is decommissioned in the endpoint manager and an operation is not created for remediating missing patches or vulnerabilities, the asset gets unmapped in Automation Console. The asset status in Automation Console appears as Manually Unmapped. If the asset is recommissioned in Server Automation, the asset does not get automatically mapped again. You can always manually map the asset in Automation Console.

Automation Console may not always correctly auto-map all the endpoints because the firewalls, load balancers, and proxies can cause discrepancies in mapping. You can manually map each unmapped asset to a single endpoint only. If you map an asset to an endpoint, which is already mapped, the existing mapping is overwritten and the asset is mapped to the new endpoint. 

On the Scanned Assets page, you can add tags to the assets. To enter tag information, you export the assets data to a CSV file or click Import Tags to download a CSV template. Later, you upload the updated CSV file back in Automation Console. In addition to the existing filters, tags provide another criterion to select a particular asset or a group of assets while creating a vulnerability remediation operation.

Discovered assets

Currently, Automation Console supports integration with BMC Discovery for the TrueSight Server Automation endpoint manager only.The Discovered Assets tab shows the assets that are discovered by BMC Discovery. You configure the BMC Discovery connector to ensure that unmanaged, unscanned, and a total number of discovered assets are sent to Automation Console. If you change the BMC Discovery endpoint in the connector later, the data discovered from the previous BMC Discovery instance is also retained. 

The total number of assets for each category appears at the top of the page. You can perform a basic or advanced search using filters to look for specific data. 


To view and export managed assets

On the Assets > Managed Assets page, view the following details:

  • The total number of assets appears near the tab title. 
  • (For TrueSight Server Automation) Host name, IP address, operating system, number of unique missing patches, and number of compliance violations for an asset. 
  • (For TrueSight Network Automation) Host name, IP address, device vendor, and device type for an asset. 
  • To search for an asset, enter a search term, and click Search button.png.  Depending on the endpoint manager, you can search using the host name, IP address, or operating system (TrueSight Server Automation) and host name, IP address, or device name (TrueSight Network Automation).

For TrueSight Server Automation only

To view the list of unique missing patches for any asset, do the following:

  1. Click the link against any asset in the Missing Patches column. 
    The Risks > Missing Patches page shows the unique missing patches, patch age, severity, classification, and CVE IDs for each missing patch for the particular asset. 
  2. Click Clear Filters to view all unique missing patches across all assets. 
    To view more information about the missing patches, see Working-with-risks.


To export managed assets data

On the Assets > Managed Assets page, click Export and enter a name to save the results in a CSV file. 

If you filter data using the advanced filter options and then export, then the filtered data appears in the CSV file. 

Back to top ↑

To view and export assets from a vulnerability scan

On the Assets > Scanned Assets page, view the following details: 

  • Total number of assets imported from a scan appears near the tab title.
  • Asset name, IP address, status, source, operating system, and vulnerabilities identified for each asset. 

scanned_assets.png

To view a list of vulnerabilities identified for an asset, do the following: 

  1. Click the link against any asset in the Vulnerability column.
    The Risks > Vulnerabilities page shows the vulnerabilities and their details. 
  2. Click Clear Filters to view all vulnerabilities imported from the latest scan. 
    To view more information about vulnerabilities, see Working-with-risks.

To search for an asset, enter an asset or host name or IP address, and click Search

To show tags as additional columns on the Scanned Assets page, click Display Tags, select a tag and click Apply. The new tag appears as a column.
For example, if you have added a Location tag to the scanned assets, after you choose it, a new Location column which shows the location for each asset appears. 

To export scanned assets data with vulnerabilities

On the Assets > Scanned Assets page, click Export and enter a name to save the results in a CSV file. 

If you filter data using the advanced search options and then export, filtered data appears in the CSV file.

Back to top ↑ 

To map and unmap scanned assets

On the Assets > Scanned Assets page, do the following: 

  1. Select an asset and click Map.
  2. Select an endpoint and save changes.
    You can use the Operating System or Operating System Vendor filters to select the endpoints. The asset status changes to Mapped and the mapped endpoint appears under the asset host name.

To remove mapping, select one or more assets with the status as Mapped, and click Remove Mapping. You cannot remove mapping for assets for which a remediation operation is created and scheduled. 

Back to top ↑

To import tags for managed and scanned assets

On the Assets > Managed Assets or the Assets > Scanned Assets page, do the following:

  1. Click Import Tags and either download the CSV template, or download the assets data in a CSV format.
    If you want to download filtered data, perform an advanced search and then click Export to get the assets data in a CSV file. 

  2. If using the exported CSV file, in the Tags column, add tag keys and values to be associated with the assets, in a key:value format. 
    OR
    If using the CSV template, provide asset data such as the asset ID, scanned host name, IP address and then add tag keys and values, in a key:value format. 
    For example, the CSV template is in the following format, in which you provide the asset data and tags:  

    Asset ID

    Scanned Hostname

    Scanned IP Address 

    Tags

    <asset_name>

    <host name>

    <IP_address>

    LOCATION: Pune; OWNER: Admin

    <asset_name>

    <host name>

    <IP_address>

    LOCATION: USA; OS: Redhat Linux

    Best practices for adding tags

    • To add more than one key:value pair, use a semi-colon separated list.
    • You can add more than one value for a particular key in a key:value pair format.
      Example: LOCATION: Pune; LOCATION: Austin
    • Every time you import tags for assets, the previous values are overwritten based on the latest CSV file.
    • You can import up to 10000 key:value pairs through a CSV file.
  3. Attach the updated CSV file, and then click Import.
  4. Click Display Tags and select the tags that you want to be displayed on the Managed Assets or Scanned Assets page. 
    Tagging for scanned and managed assets is handled separately. 

Back to top ↑

To remove tags

To remove a tag, remove its value from key:value pair(s) in the exported CSV file, and then import the same file again in Automation Console. For example, to remove the tag LOCATION: Pune, remove Pune and import the CSV file again.

Back to top ↑ 

To view assets from BMC Discovery

You can view discovered assets for TrueSight Server Automation endpoint manager only. On the Assets > Discovered Assets page, view the following details:

  • The key performance indicators (KPIs) show the following information: 
    • Total Discovered Assets: Total number of discovered assets by BMC Discovery. (Except excluded resources based on provided Exclude IPs/Hosts/Range list).
    • Unmanaged Assets: Total number of assets that are found by BMC Discovery, but are not mapped to endpoints in TrueSight Server Automation.
    • Unscanned Assets: Total number of assets, either discovered, or mapped in Server Automation, but not yet scanned for vulnerabilities. 
  • To view all assets for a category, click the KPI link. 
    For example, if you click Total Discovered Assets, all assets discovered by BMC Discovery appear in the list (Except excluded resources based on provided Exclude IPs/Hosts/Range list).
  • Host name, IP address, operating system, and business services for the assets. 
  • To search for an asset, enter a search term, and click Search.
    You can search using the host name, IP address, or operating system of the asset. 
  • If you want to remove an asset, remove it first from TrueSight Server Automation and then from BMC Discovery. This change gets reflected in Automation Console based on the Data Refresh Cycle configured on the Configuration > Service Account page. Business services affecting such assets are also removed from Automation Console.
  • If you delete an asset from BMC Discovery, which is not managed in Automation Console but is available only in BMC Discovery, the business services at risk for the asset are not removed and the data remains unchanged in the Top 10 Business Services at Risk widget on the dashboard.

To view discovered assets

  • Log in as a member of either the BLAdmins security group or a security group configured for the Discovery Connector. 
  • Configure the BMC Discovery connector after installation. 

For more information, see Configuring-the-BMC-Discovery-connector.

Back to top ↑

To perform an advanced search for managed assets

On the Assets > Managed Assets page, do the following: 

  1. Click Advanced filter and choose one or more of the following options:

    • For TrueSight Server Automation:

      • Asset
      • Asset Tag
      • Operating System
      • Operating System Vendor
      • Risk Owner
      • Risk Score
      • Unique Missing Patch

      Important

      When you select the Asset, Operating System, Operating System Vendor, Risk Owner, Risk Score, and Unique Missing Patch filters, you can click Select all to select all the sub-criteria, and click Clear all to clear your selection.

    • For TrueSight Network Automation:

      • Asset
      • Device Types
      • Device Vendors
      • Risk Owner
      • Risk Score

      Important

      • The selected Advanced filters are retained in the following scenarios:
        • If you navigate to different pages on the Automation Console during an active session.
        • If you access the Automation Console on a duplicate tab in the same browser during an active session.
      • The selected Advanced filters are not retained in the following scenarios: 
        • If you access the Automation Console by using a different browser during an active session.
        • If you log out of the Automation Console and log in again using the same browser.
        • If you log out of the Automation Console and log in again using a different browser.
  2. Click Clear filters to view unfiltered data. 

Back to top ↑

To perform an advanced search for scanned assets

On the Assets > Scanned Assets page, do the following: 

  1. Click Advanced Search and choose one or more of the following options:

    • Asset
    • Asset Tag
    • Operating System
    • Risk Owner
    • Risk Score
    • Source
    • Status
    • Vulnerability Name

    When you select the Operating System filter, the list of operating systems is populated dynamically depending upon the imported scan file. 

    Important

    • When you select the Asset, Operating System, Risk Owner, Risk Score, Status, and Vulnerability Name filters, you can click Select all to select all the sub-criteria, and click Clear all to clear your selection.
    • The selected Advanced filters are retained in the following scenarios:
      • If you navigate to different pages on the Automation Console during an active session.
      • If you access the Automation Console on a duplicate tab in the same browser during an active session.
    • The selected Advanced filters are not retained in the following scenarios: 
      • If you access the Automation Console by using a different browser during an active session.
      • If you log out of the Automation Console and log in again using the same browser.
      • If you log out of the Automation Console and log in again using a different browser.
  2. Click Clear Filters to go back and view unfiltered data. 

Back to top ↑

To perform an advanced search for Discovered assets

On the Assets > Discovered Assets page, do the following: 

  1. Click Advanced Search and choose one or more of the following options:
    • Asset
    • Business Service

    • Operating System

      Important

      • You can click Select all to select all the sub-criteria, and click Clear all to clear your selection.
      • The selected Advanced filters are retained in the following scenarios:
        • If you navigate to different pages on the Automation Console during an active session.
        • If you access the Automation Console on a duplicate tab in the same browser during an active session.
      • The selected Advanced filters are not retained in the following scenarios: 
        • If you access the Automation Console by using a different browser during an active session.
        • If you log out of the Automation Console and log in again using the same browser.
        • If you log out of the Automation Console and log in again using a different browser.
  2. Click Clear Filters to go back and view unfiltered data. 

Important

When you apply the advanced filter on the Managed Assets or Scanned Assets pages, the associated assets are filtered. However, the violation count that is displayed in the Vulnerability, Missing Patches, and Compliance Violations columns is not affected.

Back to top ↑


 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*