Vulnerability Classification
A vulnerability is a flaw in a system that can compromise security, and many new, critical vulnerabilities affect services daily. IT personnel often face challenges in understanding, categorizing, and prioritizing these risks due to the complex nature of the vulnerabilities and a lack of the required security expertise.
Vulnerability Classification Agent is an AI-powered agent that analyzes the details of a newly ingested vulnerability without an assigned category. It determines the most appropriate category or, if none is suitable, the agent can create a new category and assign it automatically. It simplifies vulnerability categorization and helps you achieve the following goals:
- Reduce manual effort
- Improve categorization accuracy
- Make sure that vulnerabilities are routed to the appropriate remediation teams
Vulnerability Classification capabilities
Vulnerability Classification provides the following capabilities:
- Assign categories to newly ingested vulnerabilities
- Create new categories and assign them to newly ingested vulnerabilities
Scenario
Agent type, skills, and prompts
- Agent type:
Vulnerability Classification Agent: Creates and assigns categories to newly ingested vulnerabilities to make sure that vulnerabilities are routed to the appropriate remediation teams - Out-of-the-box skill: No
- Out-of-the-box prompts: No
User roles and permissions
Make sure that you have the following roles and permissions to configure and use the Vulnerability Classification agent:
| Product | Role | Description | Reference |
| BMC Helix AIOps | Vulnerability Manager | By default, vulnerability managers have access to the Vulnerability Classification agent. | Roles and permissions |
Supported models
| Model name | Provider | Host |
|---|---|---|
| HelixGPT-v7 | BMC Helix |
|
For more information, see Models in BMC HelixGPT.
Process overview
The following diagram explains the tasks required to configure and use the Vulnerability Classification agent:
Before you begin
Make sure that you have the appropriate license for using the following products:
| Product | Licenses required (SaaS) | Licenses required (on-premises) |
|---|---|---|
| BMC Helix AIOps (includes the BMC HelixGPT for AIOps service) | BMC Helix AIOps & Observability | BMC Helix IT Operations Management on-premises - License entitlements |
| BMC Helix Automation Console | BMC Helix Automation Console service | BMC Helix IT Operations Management on-premises - License entitlements |
Process to set up Vulnerability Classification
Perform the following tasks to set up the Vulnerability Classification agent:
| Product | Task | Description | Reference |
| BMC Helix AIOps | Configure the agent in BMC Helix Agent Studio. | Add the Model ID to the configuration settings of the Vulnerability Classification agent. | Configuring settings to use the AI-powered capabilities in BMC Helix AIOps |
| BMC Helix AIOps | Verify the Vulnerability Classification agent functionality. | Verify whether the Vulnerability Classification agent is working as expected after completing the configuration tasks. | Investigating vulnerabilities |
Vulnerability Classification use cases
The following table lists where you can view the categories assigned by the Vulnerability Classification agent:
| Task | Reference |
| View the vulnerabilities impacting services | Monitoring vulnerabilities |
View detailed information
| Investigate vulnerabilities |
Related topics