Investigating vulnerabilities

As an operator or a site reliability engineer (SRE), you can view vulnerabilities and the services and assets affected by them and perform the following actions:

  • Investigate a service affected by critical vulnerabilities.
  • Investigate a vulnerability's details and the impacted services and assets.
  • View the vulnerability summary, the suggested best action recommendations, and the remediation script generated by BMC HelixGPT.

Related topics

Roles-and-permissions

Managing-risks

To investigate vulnerabilities for an impacted service

  1. On the BMC Helix AIOps console, click Risks and then click Vulnerabilities.

  2. From the Top Impacted Services table, click a service to open the Service Details page and view the following details:
    Vuln_Service details_251.png
    • Risk Score
    • Number of critical vulnerabilities
    • Impacted assets
  3. In the vulnerabilities section, view the following information:
    • Vulnerability name
    • CVE ID
    • Severity
    • CVSS Score: The CVSS V3 score is assigned by the NIST NVD.
    • Impacted assets
  4. Continue with To investigate a vulnerability.

To investigate a vulnerability

  1. On the BMC Helix AIOps console, click Risks and then click Vulnerabilities.
  2. From the Top Vulnerabilities table, click a vulnerability to open the Vulnerability Details page and view the following details:
    Vulnerability_details_251.png
    • If BMC HelixGPT is enabled:
      • A human-readable AI-generated summary of the vulnerability.
      • Best action recommendations, a list of suggested steps that can be used to remediate the vulnerability. Additionally, a BMC HelixGPT-driven wizard offers a remediation automation code to accomplish individual steps on different platforms such as Ansible or TrueSight Server Automation.
    • Severity
    • CVE-ID
    • CVSS Score: The CVSS V3 score is assigned by the NIST NVD.
    • Impacted services
    • Impacted assets
  3. In the impacted assets section, view the following information
    • Asset name
    • Operating system
    • Remediation owner
    • SLA
  4. Continue with To view best action recommendations.

To view best action recommendations for remediation

Best action recommendations are available if BMC HelixGPT is enabled. To enable BMC HelixGPT, contact BMC Support.

  1. On the Vulnerability details page, review the AI-generated summary (short problem statement, brief summary, and detailed problem context) of the selected vulnerability.
    Vuln summary_251.png
  2. The Select OS field is populated with the operating systems linked to the affected assets. If multiple operating systems are listed in the field, select the appropriate operating system and version, and click Generate remediation.
    The recommended steps to remediate the vulnerability are displayed.
    Generate remediation_251.png
  3. (If available) Click Code wizard.
    1. BMC HelixGPT generates a code that can be used to run the recommended steps.
      For some manual steps, the Code wizard option is not available. 
    2. Select your preferred remediation target, such as Ansible or Powershell, and the code is displayed based on your selection.
      Code wizard_251.png
  4. Click Copy to Clipboard and use the code in your existing script to run the recommended remediation steps.
  5. Close the code wizard.

  6. Click Create change request to open a Change Request form in BMC Helix IT Service Management. Enter the relevant details and submit the change request for approval. For more information, see Creating a change request.

    Important

    To be able to create a change request, make sure that you have installed, subscribed, and configured BMC Helix ITSM as an administrator. For more information, see Setting up and going live.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*