Link to home
Start Free TrialLog in
Avatar of TTCTECH
TTCTECHFlag for United States of America

asked on

BMC/Tenable Cross Referencing

Our company utilizes Tenable Security Center for our vulnerability scanning, and BMC Client Management for our patching/mitigation.

What we are noticing, is that the 2 systems don't always "speak the same language".

For instance, Tenable might say that there is a vulnerability for Plugin ID 100551, but BMC doesn't look at the missing patch roll-up in the same manner.  Trying to reference CVE numbers and the like, also gets messy.

Is there some method in which we could readily compare missing patches between the 2 dissimilar systems?

Thank you
Avatar of btan
btan
No direct mapoing automated of the CVE but I see there is a need for an orchestration layer for the partners to have API (e.g. Tenable.io) called into tenable for this all in one view in BMC first then the next level.

Here is existing that support tenable.io. And there is BMC mention
BMC BladeLogic consumes Tenable.io vulnerability scan data to ensure security and regulatory compliance across the entire digital service lifecycle, from service creation to operation to decommissioning. By leveraging Tenable.io vulnerability data, BladeLogic can help customers identify vulnerabilities, reduce risk and ensure compliance
you will need to ask BMC principle for more info.
https://www.tenable.com/products/tenable-io/integrations?utm_source=press_release&utm_campaign=RSA_Partner_Release&utm_content=Works_With_io
Avatar of TTCTECH
TTCTECH
Flag of United States of America image

ASKER

BMC's response appears to be related to the Tenable.io offering, which is the external cloud scanning service.

Our usage would be for internal, Security Center (Nessus) scanning.

Thank you
ASKER CERTIFIED SOLUTION
Avatar of btan
btan
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial