Unsupported content This version of the product has reached end of support. The documentation is available for your convenience. However, you must be logged in to access it. You will not be able to leave comments.

Using Vulnerability Manager

This topic introduces the tasks you must perform when you use the portal to import vulnerability scan reports from a vulnerability management system, such as Qualys, and then use those reports to correct the vulnerabilities. To facilitate this process, BladeLogic Portal provides a capability out of the box called Vulnerability Manager.

Threat Director, a licensed add-on to BladeLogic Portal, gives you the same capabilities as Vulnerability Manager along with additional analytic tools used to help align the actions of security and operations personnel who must maintain the integrity of computing environments.

This topic contains the following sections:

Prerequisites

  • BladeLogic Portal 2.2 or later must be installed.
  • Although some capabilities of BladeLogic Portal allow connections to multiple sites, Vulnerability Manager only supports a connection to a single BMC Server Automation site.

Vulnerability Manager process

This section breaks down the Vulnerability Manager process into a series of steps, as described in the following table.

Tip

Use Ctrl-click to access the documentation cited in the table below so the related topics appear in new tabs. Displaying information in separate tabs makes it easier to keep this high-level procedure visible.

Task

Related documentation

Import a vulnerability scan report file in XML format that was generated by a vulnerability management system. During import, assets (that is, servers) identified in the scan report are automatically mapped to servers managed in your BMC BladeLogic Server Automation system.

If some assets were not automatically mapped during import, use the Assets page to manually map assets to servers managed in your BMC BladeLogic Server Automation system.

Note: This page also lets you enrolls mapped servers in Threat Director

Map vulnerabilities identified in the scan report to remediation content stored in your BladeLogic system.

Use the SecOps Dashboard to view summary and detailed information about servers and vulnerabilities. Use filters to restrict the information displayed on the dashboard, and then launch the Remediation operation wizard.

Select the remediation actions to be performed and configure the operations that are going to run to correct vulnerabilities.

For additional overview information that introduces the use of vulnerability scan reports to correct vulnerabilities, see:

Both topics listed above include videos.

The following BMC Communities video (7:50) explains the challenges business hope to solve using Threat Director and Vulnerability Manager (known in earlier releases as Vulnerability Management or SecOps). The video also provides an overview of the process for remediating vulnerabilities. The video uses BladeLogic Portal 2.0

icon-play2x.png https://youtu.be/2dKy_nNHXvA

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*