Monitoring vulnerabilities

Before you begin

• Configure BMC Helix Automation Console in your system. For more information, see Setting up BMC Helix Automation Console.

• Configure the BMC Discovery connector in BMC Helix Automation Console. For more information, see Configuring the BMC Discovery connector.

• Enable the Vulnerabilities feature from the Configurations page in BMC Helix AIOps. For more information, see Enabling-the-AIOps-features.

To monitor all services

1. On the BMC Helix AIOps console, click Risks and then click Vulnerabilities to view the Top Impacted Services table.
   The services affected by vulnerabilities are filtered and displayed according to their Risk score. By default, only the top five services are displayed in the Top Impacted Services table.
2. Click View all to expand the list of services.
   
3. The following information is displayed:
   • Service name
   • Risk Score: The risk score is based on the CVSS score imported from BMC Helix Automation Console.
   • Critical Vulnerabilities: The number of vulnerabilities in the critical state that are affecting the service.
   • Impacted Assets: The number of assets related to the services that are impacted by critical vulnerabilities.
4. To investigate a service, click a service name. 
   The service details page is displayed, which helps you investigate a service. For more information, see To investigate vulnerabilities for an impacted service.

To monitor the workload of remediation owners

1. On the BMC Helix AIOps console, click Risks and then click Vulnerabilities to view the Top Remediation Owners table.
   The remediation owners are filtered and displayed according to the number of open vulnerabilities assigned to them. By default, only the top five remediation owners are displayed in the Top Remediation Owners table.
2. Click View all to expand the list of services.
3. The following information is displayed:
   • Remediation owner name: The user or user group that owns the vulnerability.
   • Assigned vulnerabilities: The number of vulnerabilities assigned to the remediation owner.
   • Impacted assets

To monitor all vulnerabilities

1. On the BMC Helix AIOps console, click Risks and then click Vulnerabilities to view the Top Vulnerabilities table.
   The vulnerabilities are filtered and displayed according to their Risk score. By default, only the top five vulnerabilities are displayed in the Top Vulnerabilities table.
2. Click View all to expand the list of vulnerabilities.
   
3. The following information is displayed:
   • Vulnerability name
   • CVE-ID
   • Risk Score
   • Severity: Severity level assigned by the scanner connector.
   • CVSS Score: The CVSS V3 score is assigned by the NIST NVD.
   • Impacted Assets: The number of assets impacted by the vulnerability.
   • First Reported: The date the vulnerability instance was first recorded.
   • Status of the vulnerability instance
     • Affected
     • Not Affected
     • Under Investigation
   • Categories: Categories assigned to the vulnerabilities according to their area of impact. The categories are displayed after you create and assign them to the vulnerabilities by using REST API. For more information, see Assigning categories to vulnerabilities by using REST API.

4. (Optional) Click and select the columns that you want to view in the Vulnerabilities section.
   The CVE IDs, Risk Score, Severity, CVSS Score, Impacted Assets, and First Reported columns are displayed by default. You cannot remove the Name column from the table.

5. To investigate a vulnerability, click its name.
   The vulnerability details page is displayed.

Where to go from here

Click a service or vulnerability name to investigate it further:

• To investigate vulnerabilities for an impacted service
• To investigate a vulnerability