Unsupported content This version of the product has reached end of support. The documentation is available for your convenience. However, you must be logged in to access it. You will not be able to leave comments.

Map Remediation to Vulnerability

The Map Remediation to Vulnerability page lets you map one or more remediation content items to a vulnerability selected on the Vulnerabilties page. For BMC Server Automation, remediation content can be any type of depot content, such as a BLPackage, software package, patch, or NSH script. For BMC Network Automation, remediation content must be a rule that enforces configuration best practices.

This page describes the following capabilities:

Defining target rules - BSA only

When managing vulnerabilities in BMC Server Automation, you may want to map multiple remediation content items to the same vulnerability. Typically, this is necessary when different content is required for different operating systems and architectures. On this page you can set up target rules that limit where remediation content is deployed. Content can only be deployed to targets that satisfy the rules you establish. For example, you can specify that content is only deployed to 64-bit Windows operating systems. You can set up multiple sets of target rules, one set for each remediation content item you select.

  1. Click Use Target Rules.
    A set of options appear that establish rules for deploying the package.
    TargetRules1.gif 
  2. In the row defining the rule, for the first field select any of the following:
    • OS–For example, Windows.
    • OS Platform–For example, x86_64.
    • OS Version–For example, 2008 R2.
    • OS Release–For example, 6.1
    • OS Vendor–For example, Microsoft.
  3. In the last field in the row, enter text as a criteria. Evaluation is based on whether a field contains the string you entered.
    For example, if you are specifying the Windows operating system, enter a string such as win. When evaluating targets, if the OS name contains the string win, the package is deployed there. 
  4. To add another rule, click Add Criteria. A new row appears. Use its fields to define an additional rule.
  5. Select the remediation package that should be deployed to targets according to the rules you have set up.

  6. To define another set of target rules for another remediation package, click AddTargetSet.gif. Then, repeat the previous steps.
    For example, the second set of target rules might apply to Red Hat targets (that is, OS contains RHEL). 

    Note

    To remove a set of target rules, click the X on the tab containing those rules.
    RemoveTargetSet.gif 

Selecting remediation packages - BSA only

Use this page to select one or more remediation content items that map to a vulnerability you selected on the Vulnerabilities page. 

If you select more than one BSA remediation content item, you must define target rules that determine which item is deployed during remediation. 

Use the Browse and Search tabs to find the remediation content that you want to map to the selected vulnerability. When you find a remediation content item, select it and click Save.

Perform a simple text search to find depot content.

  1. Enter a text string in the Search text box and click Search Search.gif
    Your text is matched against the names of any depot content.
    Results of a search return the first 100 items.
    SearchDepotContent.gif
     
  2. Optionally, use the filters at left to refine your search. In the example below, notice how the search filtered for BLPackages produces 2 results while the search shown above produces 37.
    SearchDepotContentFiltered.gif
  3. Select an entry in the list of depot content.

Browse through depot folders to find content.

The Browse capability only shows deployable content such as NSH scripts, BLPackages, component templates, and so forth. It does not let you browse for patches and patch catalogs.

  1. Select the Browse tab. A list of folders appears at left. 
  2. Navigate to the folder containing the depot content you want.  
    BrowseForServers.gif

    As you traverse folders, a trail of "bread crumbs" appears above the Folder list. You can select any name in the bread crumbs to display the contents of that folder.
  3. Select an item in the list of depot content.

Selecting remediation packages - BNA only

Use this page to select one or more BNA remediation content items that map to a vulnerability you selected on the Vulnerabilities page. The only type of remediation content that is available are rules for which corrective actions and grammars have been defined in BMC Network Automation.

When you find a remediation content item, select it and click Save.

To find BNA rules:

  1. Enter a text string in the Search text box and click Search Search.gif
    Results of a search return the first 100 items.
    SearchBNA Content.gif
  2. Select one or more items in the list.
    BNAContentSelected.gif
  3. If necessary, you can repeat the previous steps to continue selecting additional rules that should be mapped to the vulnerability.

 

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*