Investigating vulnerabilities

As a vulnerability manager, you can view vulnerabilities and the services and assets impacted by them, and perform the following actions:

Investigate a service affected by vulnerabilities.
Investigate a vulnerability's details and the impacted services and assets.
View the vulnerability summary, the suggested best action recommendations, and the remediation script generated by BMC HelixGPT.

Learn how to use BMC HelixGPT Vulnerability Resolver to investigate vulnerabilities impacting services in the following video (2:01):

Watch the YouTube video about how to investigate vulnerabilities by using Vulnerability Resolver

Learn how to use BMC HelixGPT Vulnerability Resolver to get recommendations to remediate vulnerabilities in the following video (1:45):

Watch the YouTube video about how to use Vulnerability Resolver to generate best action recommendations to remediate vulnerabilities

To investigate vulnerabilities for an impacted service

You can view the details of services impacted by vulnerabilities, assess the risks associated with these vulnerabilities, and quickly prioritize remediation.

On the BMC Helix AIOps console, click Risks and then click Vulnerabilities.
In the Top Impacted Services table, click a service to open the Service Details page and view the following details:
- Risk Score: The risk score is based on the highest service criticality and the highest CVSS score of the vulnerabilities impacting the service. If a service is impacted by child services, the displayed risk score reflects the highest score among them.
- Number of critical vulnerabilities
- Impacted assets
- Service owner
- Impacting child services: Number of child services impacting the risk score of the parent service.
  Click to view the following details of the child services:
  - Severity
  - Risk score
  - Number of critical vulnerabilities
  - Number of impacted assets
  - Criticality
    Click against the child service to navigate to its details page.
In the vulnerabilities section, view the following information:
- Vulnerability name
- CVE ID
- Severity
- CVSS Score: The CVSS V3 score is assigned by the NIST NVD.
- Impacted assets: Click to view the details of impacted assets.
  - Asset name
  - Operating system
  - Version: The version of the operating system
  - Remediation owner
  - SLA Status: The assets are listed in order of SLA status criticality, with the assets exceeding the SLA listed first. The SLA is calculated according to the date when the vulnerability is first reported by the scanner.
  - Status: The status of the vulnerability impacting the asset
    - Affected
    - Not Affected
    - Under Investigation
    - Fixed
  - Source of the vulnerability instance
    Information
    Important
    You can filter the list of impacted assets by entering the host name of a specific asset in the search box.
- First Reported: The date the vulnerability instance was first recorded.
- Status: The aggregated status of all the assets that are impacted by the vulnerability.
  - Affected
  - Not Affected
  - Under Investigation
  - Fixed
- Categories: Categories assigned to the vulnerabilities according to their area of impact.
  - Categories can be created and assigned by using the REST API. For more information, see Assigning categories to vulnerabilities by using REST API.
  - You can leverage BMC HelixGPT to automatically assign categories to newly ingested vulnerabilities that do not already have a category. For more information, see Risks overview.
    - The Categories column header has the information icon by default, indicating that automatic categorization is not enabled.
    - If automatic categorization is enabled, the Categories column header has the BMC HelixGPT sparkles , indicating
    - that the assigned categories are AI-generated.
    - If a category is manually assigned or updated, a manual edit icon appears next to the assigned category to indicate user intervention.
      Information
      Important
      To enable BMC HelixGPT, contact BMC Helix Support. BMC Helix Support will enable the feature flag to trigger automatic assignment of categories to vulnerabilities.
To assign a category to a vulnerability or to update an assigned category from the UI, perform the following steps:
1. Click Action menu against the vulnerability and select Update Categories.
2. Select the required categories in the Update Categories window.
  You can select up to four categories.
3. Click Save.
  You can assign multiple categories to a vulnerability.
(Optional) Click Show/Hide Columns and select the columns that you want to view in the Vulnerabilities section.
The CVE IDs, Severity, CVSS Score, Impacted Assets, and First Reported columns are displayed by default. You cannot remove the Vulnerability Name column from the table.
Continue with To investigate a vulnerability.

To investigate a vulnerability

The vulnerability manager can view vulnerability details, such as the vulnerability summary, the CVSS score, and the number of impacted assets, and can assess the risks associated with these vulnerabilities to quickly prioritize remediation.

On the BMC Helix AIOps console, click Risks and then click Vulnerabilities.
From the Top Vulnerabilities table, click a vulnerability to open the Vulnerability Details page and view the following details:
- If BMC HelixGPT is enabled, the following details are displayed:
  - A human-readable AI-generated summary of the vulnerability.
  - Best action recommendations, which is a list of suggested steps that can be used to remediate the vulnerability. Additionally, a BMC HelixGPT-driven wizard offers remediation automation code to accomplish individual steps on different platforms such as Ansible or TrueSight Server Automation.
- Severity
- CVE-ID
- CVSS Score: The CVSS V3 score is assigned by the NIST NVD.
- Impacted services
- Risk Score: The risk score is based on the highest service criticality and the highest CVSS score of the vulnerabilities impacting the service. If a service is impacted by child services, the displayed risk score reflects the highest score among them.
- Impacted assets
- First Reported: The date the vulnerability instance was first recorded.
- Categories: Categories assigned to the vulnerabilities according to their area of impact.
  - Categories can be created and assigned by using the REST API. For more information, see Assigning categories to vulnerabilities by using REST API.
  - You can leverage BMC HelixGPT to automatically assign categories to newly ingested vulnerabilities that do not already have a category. For more information, see Risks overview.
    - The Categories column header has the information icon by default, indicating that automatic categorization is not enabled.
    - If automatic categorization is enabled, the Categories column header has the BMC HelixGPT sparkles , indicating that the assigned categories are AI-generated.
    - If a category is manually assigned or updated, a manual edit icon appears next to the assigned category to indicate user intervention.
      Information
      Important
      To enable BMC HelixGPT, contact BMC Helix Support. BMC Helix Support will enable the feature flag to trigger automatic assignment of categories to vulnerabilities.
In the impacted assets section, you can view the following information:
- Asset name: The assets that are impacted by the vulnerability.
- Operating system
- Version
- Remediation owner
- SLA Status: The assets are listed in order of SLA status criticality, with the assets exceeding the SLA listed first. The SLA is calculated according to the date when the vulnerability is first reported by the scanner.
- Status: The aggregated status of all the assets impacted by the vulnerability
  - Affected
  - Not Affected
  - Under Investigation
  - Fixed
- Source of the vulnerability instance
- Services: The names of all the services that are impacted by the vulnerability.
- Tag: Scanned asset tags imported from BMC Helix Automation Console. Asset tags are unique identifiers, such as RFID tags, QR codes, or barcodes, attached to physical assets that allow users to identify and track assets within the system. For more information, see To import tags for managed and scanned assets.
(Optional) Click Advanced filter to filter the list of impacted assets according to the following criteria:
- Asset name: The assets that are impacted by the vulnerability.
- Services: The services impacted by the vulnerability.
- Status: The status of the assets impacted by the vulnerability.
  - Affected
  - Not Affected
  - Under Investigation
- Tags: Scanned asset tags imported from BMC Helix Automation Console.
  You can enter a term in the search bar to filter the criteria, and then select the required values.
To update the status of the impacted assets, perform the following steps:
1. Select the required assets, click the Action menu at the top right-hand side of the Impacted Assets list, and select Update Status.
2. (Optional) To update the status of a single asset, click Action menu against the asset name, and select Update Status.
3. In the Update Vulnerability Instance Status window, select the required status.
4. Click Save.
  Information
  Important
  If you click the checkbox against Asset Name, it selects all the impacted assets listed on the page. Any impacted assets listed on subsequent pages are not selected.
(Optional) Click and select the columns that you want to view in the Impacted Assets section.
The Operating System, Remediation Owner, and SLA Status columns are displayed by default. You cannot remove the Asset Name column from the table.
Continue with To view best action recommendations.

To generate best action recommendations for remediating vulnerabilities

As a vulnerability manager, make sure that you contact BMC Helix Support to enable BMC HelixGPT to trigger the generation of best action recommendations for vulnerability remediation.

On the Vulnerability details page, review the AI-generated summary (short problem statement, brief summary, and detailed problem context) of the selected vulnerability.
In the Select OS field, select the appropriate operating system and then select the version.
The Select OS field is populated with the operating systems linked to the affected assets. If multiple operating systems are listed in the field, select the appropriate operating system and version. The impacted assets are filtered according to your selection, and the Generate Remediation button is activated.
Click Generate Remediation.
The recommended steps to remediate the vulnerability are displayed.
(If available) Click Code wizard.
For some manual steps, the Code wizard option is not available.
Select your preferred remediation target, such as Ansible or PowerShell. The code is displayed based on your selection.
BMC HelixGPT generates a code that can be used to run the recommended steps.
(Optional) Click Edit to update the code according to your requirements.
Click Save to save the updated code.
Click Copy to clipboard and use the code in your existing script to run the recommended remediation steps.
Close the code wizard.
The Generate remediation button is relabelled as Regenerate remediation. When you click it, BMC HelixGPT generates a new set of best action recommendations and a new remediation script for the same OS and version selected by you.
Click Code Information to view details about the generated code, such as the selected remediation target, the name of the user who saved the code, and the date and time when the code was saved.
Click Create change request to open a Change Request form in BMC Helix IT Service Management; enter the relevant details; and submit the change request for approval.
For more information, see Creating a change request.
Warning
Important
To be able to create a change request, as an administrator, install, subscribe to, and configure BMC Helix ITSM. For more information, see Setting up and going live.