0 Replies Latest reply on Sep 8, 2016 12:37 PM by Sean Berry

    Learning Lab 19 Notes

    Sean Berry

      Hands-on Lab —

      Getting to Know BladeLogic Threat Director

      Session ID: LL19  Date / Time:  Thursday, September 8, 11:00 AM - 11:45 AM, Room:  Bristlecone 7

       

      Hands-on Lab — BMC BladeLogic Threat Director

      Session ID: LL19

      Date / Time: Thursday, September 8, 11:00 am - 11:45 am

      Room: Bristlecone 7

      Description: The pressure is on to prevent security threats from impacting your business.  Bladelogic Threat Director from BMC utilizes BladeLogic Server Automation's (BSA) powerful remediation tools and operational insight to help BOTH the Security Team and the Operations Team meet policy and regulatory requirements in the most efficient way possible.  Try it yourself as we take you on a tour of BMC’s new BladeLogic Threat Director to manage vulnerabilities, understand trends, and track progress of remediation.


      Capacity limited to 40 students. Attendees must register to secure a spot.

      Level: Intermediate

      Presentation Type: Technical

      Product(s): BMC BladeLogic Threat Director

      Type: Hands-on Lab

      Track: Datacenter Automation, Security, and Compliance

      Overview

      This lab will introduce the participant to assessing, managing, and remediating vulnerabilities using BladeLogic Threat Director.

      It will focus on 3 lab sessions:

      1. Assess a zero-day vulnerability across the environment and schedule remediations.
      2. Identify and knock down top Sev 5 and Sev 4 vulnerabilities
      3. Assess all vulnerabilities for a group of servers

      Lab Environment

      • The lab for this exercise is hosted in a virtual demo environment, which we will access with a web browser.

      Goals

      • The participants will:
        • Learn and understand several common use/value cases for Threat Director
        • Understand how to use Threat Director for basic tasks
        • Understand how to apply Threat Director to their own threats and vulnerabilities.

      Customer Value

      • Track remediation progress across all steps in their process and identify potential bottlenecks
      • Compare performance against established SLAs
      • Eliminate redundant effort by separating remediation already scheduled against those yet to be addressed

       

      Use Case:

      Assess a zero-day vulnerability across the environment and schedule remediations.

      Exercise

      1. Ensure you're connected to the Demo Environment, via "RDP" or "Full Screen RDP" to the "JumpServer"
      2. On the Jumpserver, doubleclick on the "BladeLogic Threat Director" link at top left
      3. Login with credentials BLAdmin / password, site bl-appserver.
      4. Select Threat Director from top left.
      5. Select Filter by CVE, fill in CVE-1556
      6. Observe when this was detected, # of vulnerabilities, and whether we can remediate etc.

      Use Case:

      Identify and knock down top Sev 5 and Sev 4 vulnerabilities

      Exercise

      1. (should already be here, but just in case):
        1. Ensure you're connected to the Demo Environment, with username: __________
        2. On the Jumpserver, doubleclick on the "BladeLogic Threat Director" link at left, mid-screen.
        3. Login with credentials BLAdmin / password, site bl-appserver.
      2. Select Threat Director from top left.
      3. Select Filter by Severity, check Sev 5 and Sev 4, leave all others blank.
        1. How many Sev 5 vulnerabilities exist?  How recently was one detected?  How many are mapped to remediations?
      4. Observe when this was detected, # of vulnerabilities, and whether we can remediate etc.

      Use Case:

      Assess all vulnerabilities for a group of servers

      Exercise

      1. (should already be here, but just in case):
        1. Ensure you're connected to the Demo Environment, with username: __________
        2. On the Jumpserver, doubleclick on the "BladeLogic Threat Director" link at left, mid-screen.
        3. Login with credentials BLAdmin / password, site bl-appserver.
      2. Select Threat Director from top left.
      3. Select Filter by Server Smartgroup, select "AA All Perimeter Servers" smartgroup.
        1. How many total vulnerabilities exist? ____
        2. How many Sev 5 vulnerabilities exist?  ____
        3. Of the total number of vulnerabilities, how many are in this group?
        4. How recently was one detected?  How many are mapped to remediations?
      4. Observe when this was detected, # of vulnerabilities, and whether we can remediate etc