Investigating vulnerabilities

As an operator or a site reliability engineer (SRE), you can view vulnerabilities and the services and assets affected by them and perform the following actions:

  • Investigate a service affected by vulnerabilities.
  • Investigate a vulnerability's details and the impacted services and assets.
  • View the vulnerability summary, the suggested best action recommendations, and the remediation script generated by BMC HelixGPT.

Related topics

Roles and permissions

Managing risks

To investigate vulnerabilities for an impacted service

An operator or a site reliability engineer (SRE) can view the details of services impacted by vulnerabilities, assess the risks associated with these vulnerabilities, and quickly prioritize remediation.

  1. On the BMC Helix AIOps console, click Risks and then click Vulnerabilities.
  2. In the Top Impacted Services table, click a service to open the Service Details page and view the following details:Vuln_Service details_252.png
    • Risk Score
    • Number of critical vulnerabilities
    • Impacted assets
  3. In the vulnerabilities section, view the following information:
    • Vulnerability name
    • CVE ID
    • Severity
    • CVSS Score: The CVSS V3 score is assigned by the NIST NVD.
    • Impacted assets: Click to view the details of impacted assets.Service_details_impacted_assets_252.png
      • Asset name
      • Operating system
      • Remediation owner
      • SLA Status: The assets are listed in the order of SLA status criticality, with the assets exceeding the SLA listed first.
      • Status: The status of the vulnerability impacting the asset
        • Affected
        • Not Affected
        • Under Investigation

      • Source of the vulnerability instance

        Important

        You can filter the list of impacted assets by entering the host name of a specific asset in the search box.

    • First Reported: The date the vulnerability instance was first recorded. 
    • Status: The aggregated status of all the assets that are impacted by the vulnerability.
      • Affected
      • Not Affected
      • Under Investigation
    • Categories: Assign categories to the vulnerabilities according to their area of impact. The categories are displayed after you create and assign them to the vulnerabilities by using REST API. For more information, see Assigning categories to vulnerabilities by using REST API.
  4. (Optional) Click Dynamic cols_25101.pngand select the columns that you want to view in the Vulnerabilities section.
    The CVE IDs, Severity, CVSS Score, Impacted Assets, and First Reported columns are displayed by default. You cannot remove the Vulnerability Name column from the table.
  5. Continue with To investigate a vulnerability.

To investigate a vulnerability

An operator or a site reliability engineer (SRE) can view vulnerability details, such as the vulnerability summary, the CVSS score, and the number of impacted assets, and can assess the risks associated with these vulnerabilities to quickly prioritize remediation.

  1. On the BMC Helix AIOps console, click Risks and then click Vulnerabilities.
  2. From the Top Vulnerabilities table, click a vulnerability to open the Vulnerability Details page and view the following details:Vulnerability_details_252.png
    • If BMC HelixGPT is enabled, the following details are displayed:
      • A human-readable AI-generated summary of the vulnerability.
      • Best action recommendations, which is a list of suggested steps that can be used to remediate the vulnerability. Additionally, a BMC HelixGPT-driven wizard offers remediation automation code to accomplish individual steps on different platforms such as Ansible or .
    • Severity
    • CVE-ID
    • CVSS Score: The CVSS V3 score is assigned by the NIST NVD.
    • Impacted services
    • Risk Score
    • Impacted assets
    • First Reported: The date the vulnerability instance was first recorded. 
    • Categories: Categories assigned to the vulnerability according to its area of impact. The categories are displayed after you create and assign them to the vulnerabilities by using REST API. For more information, see Assigning categories to vulnerabilities by using REST API.
  3. In the impacted assets section, you can view the following information
    • Asset name
    • Operating system
    • Remediation owner
    • SLA Status: The assets are listed in order of SLA status criticality, with the assets exceeding the SLA listed first.
    • Status: The aggregated status of all the assets impacted by the vulnerability
      • Affected
      • Not Affected
      • Under Investigation
    • Source of the vulnerability instance
  4. (Optional) Click Dynamic cols_25101.pngand select the columns that you want to view in the Impacted Assets section.
    The Operating System, Remediation Owner, and SLA Status columns are displayed by default. You cannot remove the Asset Name column from the table.
  5. Continue with To view best action recommendations.

To generate best action recommendations for remediation

Best action recommendations are available if BMC HelixGPT is enabled. To enable BMC HelixGPT, contact BMC Support.

  1. On the Vulnerability details page, review the AI-generated summary (short problem statement, brief summary, and detailed problem context) of the selected vulnerability.
    Vuln summary_252.png
  2. In the Select OS field, select the appropriate operating system and version and click Generate Remediation.
    The Select OS field is populated with the operating systems linked to the affected assets. If multiple operating systems are listed in the field, select the appropriate operating system and version.
    The recommended steps to remediate the vulnerability are displayed.
    Generate remediation_252.png
  3. (If available) Click Code wizard.
    For some manual steps, the Code wizard option is not available.
  4. Select your preferred remediation target, such as Ansible or Powershell. The code is displayed based on your selection.
    BMC HelixGPT     generates a code that can be used to run the recommended steps.
    Code wizard_252.png
    ​​​​​
  5. Click Copy to clipboard and use the code in your existing script to run the recommended remediation steps.
  6. Close the code wizard.

  7. Click Create change request to open a Change Request form in ; enter the relevant details; and submit the change request for approval.
    For more information, see Creating a change request.

    Important

    To be able to create a change request, as an administrator, install, subscribe to, and configure BMC Helix ITSM. For more information, see Setting up and going live.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*