Skip to Content

Monitoring vulnerabilities

As a vulnerability manager, you can monitor vulnerabilities to: 

  • Assess and prioritize the risks associated with the security vulnerabilities affecting a service.
  • Derive actionable insights by viewing all services, vulnerabilities, and remediation owners.

To learn more about risks in BMC Helix AIOps, see Risks overview.

Related topics

Roles and permissions

Managing risks

Working with risks

Before you begin

  • Configure BMC Helix Automation Console in your system. For more information, see Setting up BMC Helix Automation Console.
  • Configure the BMC Discovery connector in BMC Helix Automation Console. For more information, see Configuring the BMC Discovery connector.
  • Enable the Vulnerabilities feature from the Configurations page in BMC Helix AIOps. For more information, see Enabling the AIOps features.
  • Assign additional permissions to the Vulnerability Manager in BMC Helix Portal. For more information, see Vulnerability Manager permissions.
  • Contact BMC Helix Support to enable the following BMC HelixGPT-powered features:
    • Automatic assignment of categories to vulnerabilities
    • Generation of vulnerability summaries and best action recommendations for remediation

           For more information, see Agentic AI capabilities in BMC Helix AIOps.

To monitor all services

  1. On the BMC Helix AIOps console, click Risks and then click Vulnerabilities to view the Top Impacted Services table.
    The services affected by vulnerabilities are filtered and displayed according to their Risk score. By default, only the top five services are displayed in the Top Impacted Services table.
  2. Click View all to expand the list of services.
    All Impacted Services_252.png
  3. View the following information:
    • Service name
    • Risk Score—The risk score is based on the service criticality and the CVSS score imported from BMC Helix Automation Console.
    • Critical Vulnerabilities—The number of vulnerabilities in the critical state that are affecting the service.
    • Impacted Assets—The number of assets related to the services that are impacted by critical vulnerabilities.
  4. To investigate a service, click a service name. 
    The service details page is displayed, which helps you investigate a service. For more information, see To investigate vulnerabilities for an impacted service.
Information
Important

BMC Helix AIOpsonly displays child services associated with a host name that are affected by vulnerabilities.

To monitor the workload of remediation owners

  1. On the BMC Helix AIOps console, click Risks and then click Vulnerabilities to view the Top Remediation Owners table.
    The remediation owners are filtered and displayed according to the number of open vulnerabilities assigned to them. By default, only the top five remediation owners are displayed in the Top Remediation Owners table.
  2. Click View all to expand the list of services.All Remediation Owners_251.png
  3. The following information is displayed:
    • Remediation owner name—The user or user group that owns the vulnerability.
    • Assigned vulnerabilities—The number of vulnerabilities assigned to the remediation owner.
    • Impacted assets

To monitor all vulnerabilities

  1. On the BMC Helix AIOps console, click Risks and then click Vulnerabilities to view the Top Vulnerabilities table.
    The vulnerabilities are filtered and displayed according to their Risk score. By default, only the top five vulnerabilities are displayed in the Top Vulnerabilities table.
  2. Click View all to expand the list of vulnerabilities.
    All Open Vulnerabilities_261
  3. View the following information:
    FieldDescription
    Vulnerability nameThe name of the vulnerability.
    CVE-IDA unique code to identify publicly known vulnerabilities.
    Risk ScoreThe risk score is based on the highest service criticality and the highest CVSS score of the vulnerabilities impacting the service. If a service is impacted by child services, the displayed risk score reflects the highest score among them.
    Automation

    The value indicates whether any remediation is mapped against the vulnerability instance. Any impacted assets without mapped automations are indicated by a hyphen '-' in the Automations column.

    Click to view the following details of available remediations:

    • Asset name—Name of the impacted asset
    • Remediation Tool—Source of the remediation operations mapped to the impacted asset
    • Remediation content type—This could be a patch, MSI package, action, or rule.
    • Remediation—The name of the content of the remediation operation

    For information about how to plan automations for remediating vulnerability instances, see Plan automations.

    SeveritySeverity level assigned by the scanner connector.
    CVSS ScoreThe CVSS V3 score is assigned by the NIST NVD.
    Impacted AssetsThe number of assets impacted by the vulnerability.
    First ReportedThe date the vulnerability instance was first recorded.
    StatusStatus of the vulnerability instance. The following statuses are available:
    • Affected
    • Not Affected
    • Under Investigation
    CategoriesCategories assigned to the vulnerabilities according to their area of impact. 
    The following options are available for creating and assigning categories to vulnerabilities:
    • Categories can be created and assigned by using the REST API. For more information, see Assigning categories to vulnerabilities by using REST API.
    • You can leverage BMC HelixGPT to automatically assign categories to newly ingested vulnerabilities that do not already have a category. For more information, see Risks overview.
      • The Categories column header has the information icon info_icon.png by default, indicating that automatic categorization is not enabled.
      • If automatic categorization is enabled, the Categories column header has the BMC HelixGPT sparkles AI categories.png , indicating that the assigned categories are AI-generated.
      • If a category is manually assigned or updated, a manual edit icon Manual categories.png appears next to the assigned category to indicate user intervention.
        AI_Manual_Categories_254.png

    Important: To enable BMC HelixGPT, contact BMC Helix Support. BMC Helix Support will enable the feature flag to trigger automatic assignment of categories to vulnerabilities.

  4. (Optional) To assign a category to a vulnerability or to update an assigned category from the UI, perform the following steps:

    1. Click the Action menu Action_icon.pngagainst the vulnerability and select Update Categories.
    2. Select the required categories in the Update Categories window.
      You can select up to four categories.
    3. Click Save.
      You can assign multiple categories to a vulnerability. 
      Update category_253.gif

  5. (Optional) Click Show/Hide Columns Dynamic cols_25101.pngand select the columns that you want to view in the Vulnerabilities section.
    The CVE IDs, Risk Score, Severity, CVSS Score, Impacted Assets, and First Reported columns are displayed by default. You cannot remove the Name column from the table.

Where to go from here

Click a service or vulnerability name to investigate it further:

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

BMC Helix AIOps 26.1