Investigating vulnerabilities

As an operator or a site reliability engineer (SRE), you can view vulnerabilities and the services and assets affected by them and perform the following actions:

  • Investigate a service affected by vulnerabilities.
  • Investigate a vulnerability's details and the impacted services and assets.
  • View the vulnerability summary, the suggested best action recommendations, and the remediation script generated by BMC HelixGPT.

Learn how to use BMC HelixGPT Vulnerability Resolver to investigate vulnerabilities impacting services in the following video (2:01):

icon_play.pngWatch the YouTube video about how to investigate vulnerabilities by using Vulnerability Resolver

Learn how to use BMC HelixGPT Vulnerability Resolver to get recommendations to remediate vulnerabilities in the following video (1:45):


icon_play.pngWatch the YouTube video about how to use Vulnerability Resolver to generate best action recommendations to remediate vulnerabilities

Related topics

Roles and permissions

Managing risks

To investigate vulnerabilities for an impacted service

An operator or an SRE can view the details of services impacted by vulnerabilities, assess the risks associated with these vulnerabilities, and quickly prioritize remediation.

  1. On the BMC Helix AIOps console, click Risks and then click Vulnerabilities.
  2. In the Top Impacted Services table, click a service to open the Service Details page and view the following details:Vuln_Service details_253.png
    • Risk Score: The risk score is based on the service criticality and the CVSS score imported from BMC Helix Automation Console.
    • Number of critical vulnerabilities
    • Impacted assets
  3. In the vulnerabilities section, view the following information:
    • Vulnerability name
    • CVE ID
    • Severity
    • CVSS Score: The CVSS V3 score is assigned by the NIST NVD.
    • Impacted assets: Click to view the details of impacted assets.Service_details_impacted_assets_253.png
      • Asset name
      • Operating system
      • Version: The version of the operating system
      • Remediation owner
      • SLA Status: The assets are listed in the order of SLA status criticality, with the assets exceeding the SLA listed first.
      • Status: The status of the vulnerability impacting the asset
        • Affected
        • Not Affected
        • Under Investigation
        • Fixed

      • Source of the vulnerability instance

        Important

        You can filter the list of impacted assets by entering the host name of a specific asset in the search box.

    • First Reported: The date the vulnerability instance was first recorded. 
    • Status: The aggregated status of all the assets that are impacted by the vulnerability.
      • Affected
      • Not Affected
      • Under Investigation
      • Fixed
    • Categories: Categories assigned to the vulnerabilities according to their area of impact. These categories are created by using the REST API. For more information, see Assigning categories to vulnerabilities by using REST API.

  4. To assign a category to a vulnerability or to update an assigned category from the UI, perform the following steps:

    1. Click the Action menu Action menu icon.png against the vulnerability and select Update Category.
    2. Select the required categories in the Update Category window. You can select up to four categories.
    3. Click Save.
      You can assign multiple categories to a vulnerability. You can also assign categories to vulnerabilities by using the REST API. For more information, see Assigning categories to vulnerabilities by using REST API.
      Update category_253.gif
  5. (Optional) Click Dynamic cols_25101.pngand select the columns that you want to view in the Vulnerabilities section.
    The CVE IDs, Severity, CVSS Score, Impacted Assets, and First Reported columns are displayed by default. You cannot remove the Vulnerability Name column from the table.
  6. Continue with To investigate a vulnerability.

To investigate a vulnerability

An operator or an SRE can view vulnerability details, such as the vulnerability summary, the CVSS score, and the number of impacted assets, and can assess the risks associated with these vulnerabilities to quickly prioritize remediation.

  1. On the BMC Helix AIOps console, click Risks and then click Vulnerabilities.
  2. From the Top Vulnerabilities table, click a vulnerability to open the Vulnerability Details page and view the following details:Vulnerability_details_253.png
    • If BMC HelixGPT is enabled, the following details are displayed:
      • A human-readable AI-generated summary of the vulnerability.
      • Best action recommendations, which is a list of suggested steps that can be used to remediate the vulnerability. Additionally, a BMC HelixGPT-driven wizard offers remediation automation code to accomplish individual steps on different platforms such as Ansible or TrueSight Server Automation.
    • Severity
    • CVE-ID
    • CVSS Score: The CVSS V3 score is assigned by the NIST NVD.
    • Impacted services
    • Risk Score: The risk score is based on the service criticality and the CVSS score imported from BMC Helix Automation Console.
    • Impacted assets
    • First Reported: The date the vulnerability instance was first recorded. 
    • Categories: Categories assigned to the vulnerability according to its area of impact.

  3. In the impacted assets section, you can view the following information:

    • Asset name
    • Operating system
    • Remediation owner
    • SLA Status: The assets are listed in order of SLA status criticality, with the assets exceeding the SLA listed first.
    • Status: The aggregated status of all the assets impacted by the vulnerability
      • Affected
      • Not Affected
      • Under Investigation
      • Fixed
    • Source of the vulnerability instance

  4. To update the status of the impacted assets, perform the following steps:

    1. Select the required assets, click the Action menu Action menu icon.png at the top right-hand side of the Impacted Assets list, and select Update Status.

    2. (Optional) To update the status of a single asset, click the Action menu Action menu icon.png against the asset name and select Update Status.

    3. Select the required status in the Update Vulnerability Status window. 

    4. Click Save.

      If you click the checkbox against Asset Name, it selects all the impacted assets listed on the page. Any impacted assets listed on subsequent pages are not selected.

      Update status_253.gif

    5. (Optional) Click Dynamic cols_25101.pngand select the columns that you want to view in the Impacted Assets section.
      The Operating System, Remediation Owner, and SLA Status columns are displayed by default. You cannot remove the Asset Name column from the table.
    6. Continue with To view best action recommendations.

To generate best action recommendations for remediation

Best action recommendations are available if BMC HelixGPT is enabled. To enable BMC HelixGPT, contact BMC Support.

  1. On the Vulnerability details page, review the AI-generated summary (short problem statement, brief summary, and detailed problem context) of the selected vulnerability.
    Vuln summary_253.png
  2. In the Select OS field, select the appropriate operating system and then select the version.
    The Select OS field is populated with the operating systems linked to the affected assets. If multiple operating systems are listed in the field, select the appropriate operating system and version. The impacted assets are filtered according to your selection, and the Generate Remediation button is activated.
    Select OS_version_253
  3. Click Generate Remediation.
    The recommended steps to remediate the vulnerability are displayed.
    Generate remediation_252.png
  4. (If available) Click Code wizard.
    For some manual steps, the Code wizard option is not available.
  5. Select your preferred remediation target, such as Ansible or PowerShell. The code is displayed based on your selection.
    BMC HelixGPT     generates a code that can be used to run the recommended steps.
    Code wizard_253.png
    ​​​​​
  6. (Optional) Click Save to save the code to use later.
  7. Click Copy to clipboard and use the code in your existing script to run the recommended remediation steps.
  8. Close the code wizard.
    The Generate remediation button is relabelled as Regenerate remediation. When you click it, BMC HelixGPT generates a new set of best action recommendations and a new remediation script.
  9. Click icon_info.png to view details about the generated code, such as the selected remediation target, the name of the user who saved the code, and the date and time when the code was saved.

  10. Click Create change request to open a Change Request form in BMC Helix IT Service Management; enter the relevant details; and submit the change request for approval.
    For more information, see Creating a change request.

    Important

    To be able to create a change request, as an administrator, install, subscribe to, and configure BMC Helix ITSM. For more information, see Setting up and going live.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*