Operations

Operations perform corrective actions on assets in your environment to remediate missing patches and vulnerabilities.

Patch operation

When you create a patch policy in BMC Helix Automation Console and TrueSight Automation Console, a Patch Analysis Job is created in TrueSight Server Automation. This job scans the servers in your environment and finds missing patches, which are reported on the Risks > Missing Patches page. You can then create a patch remediation operation in the Automation Console that creates a Patch Analysis Remediation Job in Server Automation. This job installs missing patches on the selected assets.

Vulnerability operation

When you import a vulnerability scan file in the Automation Console, assets and vulnerabilities appears on the Assets > Scanned Assets and Risks> Vulnerabilities page respectively. To remediate vulnerabilities, assets must be mapped to an endpoint in the endpoint manager, and vulnerabilities must be mapped to remediation content. When you import a scan file, assets and vulnerabilities are usually automatically mapped depending on the catalogs imported in Automation Console. If they are not automatically mapped, you must manually map assets, and vulnerabilities. 

You can then create a vulnerability remediation operation, which performs the action as per the remediation content mapped for the vulnerabilities. When you create an operation, depending on the remediation content mapped to the vulnerabilities, a Patch, NSH, or a Deploy type of jobs are created in Server Automation.

When you create a vulnerability operation, all vulnerabilities that are mapped to a common remediation content impacting the same asset are resolved. After the operation is successful, these vulnerabilities are closed and no longer appear in the Risks > Vulnerabilities list. If vulnerabilities mapped to the same remediation content are a part of a different operation, scheduled at a later period, those vulnerabilities are also remediated and closed. 

For a vulnerability, when you create another remediation content under a different security group, then the latest remediation content overwrites the existing content. 

When you create an operation, a pre-analysis, deploy, and post-analysis job is executed in Server Automation. 

Note

You can create an operation using all the available options. However, to configure notification options, you must configure a mail server in Server Automation. See Configuring a mail server in TrueSight Server Automation .

Change automation

Starting version 20.02, if an administrator has configured change automation in your environment, depending on the configuration, you can create a change request for a vulnerability operation in BMC Remedy IT Service Management. Creation of change requests is not available for a patch operation. 

In BMC Helix Automation Console (SaaS), you can create a change request for a patch remediation operation too. This capability is not available in TrueSight Automation Console (on-premises). 

After the change request is approved, the operation runs as per the defined schedule. After the operation is successful, the change request is updated and closed. You can view the status of the change request on the Operations page. 


Based on your organization's needs, administrator can make change request creation mandatory, or optional. If it is mandatory, you must select the change request values to create a change for this operation. If optional, you can skip change creation and create an operation without a change tracking process. 

For more information, see Change automation

Where to go from here

To create, edit, and remove an operation, and to view the operation results, see Working with operations

Was this page helpful? Yes No Submitting... Thank you

Comments