2 Replies Latest reply on Oct 24, 2018 2:08 AM by Sanket Taral

    Vulnerability detection and remediation using BMC Threat Director 3.0.00 (Renamed to TrueSight Vulnerability Management(TSVM)) and TrueSight Network automation(TNA)

    Sanket Taral
      Share This:

      Hi Experts,

       

      Hope you are doing well.

       

      We are trying to implement Vulnerability detection and remediation using BMC Threat Director 3.0.00 (Renamed to TrueSight Vulnerability Management(TSVM)) and TrueSight Network automation(TNA) against network devices.

       

      In TSVM we can import the device vulnerability scan result so that we will have all the vulnerabilities against device available in TSVM and then using CVE number in a vulnerability to a CVE number associated with a rule in TNA we can auto-map them in order to push re-mediate configuration on device through TNA rules.

       

      In order to achieve end to end auto Vulnerability remediation we suppose to have rules with corrective action present in TNA for detected vulnerabilities in TSVM. but after checking OOTB rule's in TNA we did not find single rule which will re-mediate the Vulnerability.

       

      So in this scenario can you please provide your help on below points:

       

      1. Is there any way I can import any file(like xml file that we can import using security vulnerability importer option) in TNA which will provide rules with appropriate remediation action?

       

      2. If we have only security vulnerability importer option to import such rules in TNA, then as per my knowledge this approach will only provide us rule skeleton but not the corrective action and we have to configure corrective actions manually. please provide confirmation on this.

       

      3. From where I can get exact xml for vulnerability detected against device so that I can import it in TNA. I have checked vendor websites but did not find one.

       

      I will appreciate the quick response on this as I have to close this as fast we can.

       

      Thanks and Regards,

      Sanket