Monitoring vulnerabilities

As an operator or site reliability engineer (SRE), you can monitor vulnerabilities to:

Assess and prioritize the risks associated with the security vulnerabilities affecting a service.
Derive actionable insights by viewing all services, vulnerabilities, and remediation owners.

To learn more about risks in BMC Helix AIOps, see Risks-overview.

Before you begin

Configure BMC Helix Automation Console in your system. For more information, see Setting up BMC Helix Automation Console.
(Optional) Deploy BMC Helix Automation Console components as containers in your on-premises environment. For more information, see BMC Helix IT Operations Management deployment (ITOM on-prem deployment link).
Configure the BMC Discovery connector in BMC Helix Automation Console. For more information, see Configuring the BMC Discovery connector.
Enable the Vulnerabilities feature from the Configurations page in BMC Helix AIOps. For more information, see Enabling-the-AIOps-features.
Assign additional permissions to the Vulnerability Manager in BMC Helix Portal. For more information, see Vulnerability Manager permissions.

To monitor all services

On the BMC Helix AIOps console, click Risks and then click Vulnerabilities to view the Top Impacted Services table.
The services affected by vulnerabilities are filtered and displayed according to their Risk score. By default, only the top five services are displayed in the Top Impacted Services table.
Click View all to expand the list of services.
The following information is displayed:
- Service name
- Risk Score: The risk score is based on the service criticality and the CVSS score imported from BMC Helix Automation Console.
- Critical Vulnerabilities: The number of vulnerabilities in the critical state that are affecting the service.
- Impacted Assets: The number of assets related to the services that are impacted by critical vulnerabilities.
To investigate a service, click a service name.
The service details page is displayed, which helps you investigate a service. For more information, see To investigate vulnerabilities for an impacted service.

Important

In version 25.1, BMC Helix AIOps only displays child services associated with a host name that are affected by vulnerabilities.

To monitor the workload of remediation owners

On the BMC Helix AIOps console, click Risks and then click Vulnerabilities to view the Top Remediation Owners table.
The remediation owners are filtered and displayed according to the number of open vulnerabilities assigned to them. By default, only the top five remediation owners are displayed in the Top Remediation Owners table.
Click View all to expand the list of services.
The following information is displayed:
- Remediation owner name: The user or user group that owns the vulnerability.
- Assigned vulnerabilities: The number of vulnerabilities assigned to the remediation owner.
- Impacted assets

To monitor all vulnerabilities

On the BMC Helix AIOps console, click Risks and then click Vulnerabilities to view the Top Vulnerabilities table.
The vulnerabilities are filtered and displayed according to their Risk score. By default, only the top five vulnerabilities are displayed in the Top Vulnerabilities table.
Click View all to expand the list of vulnerabilities.
The following information is displayed:
- Vulnerability name
- CVE-ID
- Risk Score: The risk score is based on the service criticality and the CVSS score imported from BMC Helix Automation Console.
- Severity: Severity level assigned by the scanner connector.
- CVSS Score: The CVSS V3 score is assigned by the NIST NVD.
- Impacted Assets: The number of assets impacted by the vulnerability.
- First Reported: The date the vulnerability instance was first recorded.
- Status of the vulnerability instance
  - Affected
  - Not Affected
  - Under Investigation
- Categories: Categories assigned to the vulnerabilities according to their area of impact. These categories are created by using the REST API. For more information, see Assigning categories to vulnerabilities by using REST API.
To assign a category to a vulnerability or to update an assigned category from the UI, perform the following steps:
1. Click the Action menu against the vulnerability and select Update Category.
2. Select the required categories in the Update Category window. You can select up to four categories.
3. Click Save.
  You can assign multiple categories to a vulnerability. You can also assign categories to vulnerabilities by using the REST API. For more information, see Assigning categories to vulnerabilities by using REST API.
(Optional) Click and select the columns that you want to view in the Vulnerabilities section.
The CVE IDs, Risk Score, Severity, CVSS Score, Impacted Assets, and First Reported columns are displayed by default. You cannot remove the Name column from the table.
To investigate a vulnerability, click its name.
The vulnerability details page is displayed.

Where to go from here

Click a service or vulnerability name to investigate it further: