Skip to Content

Vulnerability Classification Agent

Related topics and videos

AI agents in BMC HelixGPT

Monitoring vulnerabilities

A vulnerability is a flaw in a system that can compromise security, and many new, critical vulnerabilities affect services daily. IT personnel often face challenges in understanding, categorizing, and prioritizing these risks due to the complex nature of the vulnerabilities and a lack of the required security expertise. 

Vulnerability Classification Agent is an AI-powered agent that analyzes the details of a newly ingested vulnerability without an assigned category. It determines the most appropriate category or, if none is suitable, the agent can create a new category and assign it automatically. It simplifies vulnerability categorization and helps you achieve the following goals:

  • Reduce manual effort
  • Improve categorization accuracy
  • Make sure that vulnerabilities are routed to the appropriate remediation teams

Scenario

Scenario

Sofia, a DevOps Engineer at Apex Global IT, uses BMC Helix Vulnerability Resolver to monitor the vulnerabilities impacting her organization's services.

She successfully completes a Rapid7 scan of the assets and generates a report of all the vulnerability instances ingested into BMC Helix Automation Console. These vulnerability instances are also reflected on the Risks Vulnerabilities page in BMC Helix AIOps.

As she has enabled auto-categorization, she observes that newly ingested vulnerabilities without categories are automatically categorized by the Vulnerability Classification agent.

Now, she only has to review the assigned categories and update only those that need modification.

Sofia can rely on BMC HelixGPT to reduce the time and manual effort required for assigning categories, reduce errors caused due to manual assignment, and make sure vulnerabilities are instantly routed to the right remediation team.

User roles and permissions

Make sure that you have the following roles and permissions to configure and use the Vulnerability Classification agent:

ProductRoleDescriptionReference
BMC Helix AIOpsVulnerability ManagerBy default, vulnerability managers have access to the Vulnerability Classification agent.Roles and permissions

Supported models

Model nameProviderHost
HelixGPT-v7BMC Helix
  • Microsoft Azure ML
  • Google Cloud Project Vertex AI

For more information, see Models in BMC HelixGPT.

​Before you begin

Make sure that you have the appropriate license for using the following products:

ProductLicenses required (SaaS)Licenses required (on-premises)
BMC Helix AIOps (includes the BMC HelixGPT for AIOps service)BMC Helix AIOps & ObservabilityBMC Helix IT Operations Management on-premises - License entitlements
BMC Helix Automation ConsoleBMC Helix Automation Console serviceBMC Helix IT Operations Management on-premises - License entitlements

To set up the Vulnerability Classification agent

Perform the following tasks to set up the Vulnerability Classification agent:

ProductTaskDescriptionReference
BMC Helix AIOpsConfigure the agent in BMC Helix Agent Studio.Add the Model ID to the configuration settings of the Vulnerability Classification agent.Configuring settings to use the AI-powered capabilities in BMC Helix AIOps
BMC Helix AIOpsVerify the Vulnerability Classification agent functionality.Verify whether the Vulnerability Classification agent is working as expected after completing the configuration tasks.Investigating vulnerabilities

Where to go from here

The following table describes the tasks that you can perform on the dashboards generated by using the Vulnerability Classification agent:

TaskReference
View the vulnerabilities impacting servicesMonitoring vulnerabilities

View detailed information

  • Details of impacted services
  • Details of the vulnerability
Investigate vulnerabilities

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

BMC HelixGPT 25.4