Working with operations

This topic provides instructions to add operations for remediating missing patches or vulnerabilities, and view the results after an operation is complete. 

To understand the concept of operations, see Operations

Adding a patch remediation operation

On the Operations page, click Add Operation, and do these steps: 

  1. Enter a unique operation name, and an optional description, and then click Next.
    Operation name must always be unique even if users with different roles are creating it.
  2. On the Patch Selections page, do these steps: 
    1. Select a patch policy (policy having missing patches).
    2. To specify assets, do one of the following:
      • Select associated groups (server groups or server smart groups imported from the policy).
      • Select associated assets and then select individual assets.
  3. To specify reboot options for the assets, select one of the following options: 
    • Honor Patch Reboot Settings: Adheres to the reboot settings defined for the patch in the patch catalog
    • Do Not Reboot: Does not reboot automatically after installing the required patches
    • Reboot at the End: Reboots all assets after the patching process is complete
  4. To specify a schedule for the operation, select one of the following options: 
    1. I will do it later: Change approval is not applicable.
    2. Set a schedule
      1. Click the calendar icon in the Date and Time field, and specify the date and time. 
      2. Select the hours or minutes in the Staging field to specify a staging window. 
        A staging window determines the time before which the patches and payload data must be downloaded on the assets before running the remediation operation. Maximum limit is 999 hours. 
    3. Execute now
  5. To configure change request creation and approval, select the following options: 
    You can create a change ticket for a patch operation in BMC Helix Automation Console (SaaS) only.
    The Change Approval Management page appears only if change automation is enabled in your environment.  
    1. Enable Create Change Ticket.

      Is the Create Change Ticket option is mandatory? How can I disable the change request creation?

      You can enable or disable change ticket creation depending on how administrators have configured the TrueSight Orchestration connector configuration. If the connector is configured with Change Approval as required, you cannot disable the option or skip this step.

      If already selected, continue to select values in other fields for creating a change request. 

    2. Change Template Name: Templates available in TrueSight Orchestration appear. 
    3. Urgency
    4. Impact
    5. Reason for Change
    6. ChangeClass
  6. To configure notifications, select any of the following options: 
    • Send email to: Specify a comma-separated list of email addresses, and then select one or more of the following options: 
      • Select the status to send an email based on the operation status. 
      • Select Attach patch analysis results to the email, and then specify the email attachment size limit. 
      • Specify whether to send a list of assets where the operation failed. 
    • Send SNMP trap to: Specify a hostname or IP address of the server to notify the operation results and then select one or more status options when a notification should be sent.
  7. View the summary of options selected for the operation and save changes. 
    The operation runs according to the defined schedule. 

Adding a vulnerability remediation operation

On the Operations page, click Add Operation, and do these steps: 

  1. Enter a unique operation name, and an optional description, and then click Next.
    Operation name must always be unique (up to 150 characters) even if users with different roles are creating it.
  2. Select Vulnerability Selections and do these steps: 
    • Enter a violation name, asset hostname or IP address, or a CVE ID, and click Search.
      Assets with vulnerabilities that are mapped to remediation content are displayed. 

      Can I perform an empty search?

      No. However, you can place your cursor in the search box, add a space, and click Search. All assets with vulnerabilities mapped to the remediation content are displayed.

    • Click Advanced Search and choose one or more of the following options:
      • Vulnerability Name
      • Severity
      • Operating System
      • Asset
      • CVE ID
      • Scan File
      • Tag
        Assets with vulnerabilities that match the search results are displayed. 

      To view details about the vulnerabilities, expand the asset name. Vulnerability name, port, CVE IDs, severity, remediation, and the remediation type are displayed. 

      Can I import and remediate application vulnerabilities?

      Yes, you can. However, you need to manually map the application vulnerabilities to the remediation content and then remediate them. Auto-mapping is not supported for these vulnerabilities. For instructions on manually mapping vulnerabilities, see Working with risks.

  3. To configure additional remediation options based on the remediation content, do these steps: 
    • If there are no configuration options, click Next
    • For a Patch type of operation, select one of the following options: 
      • Honor Patch Reboot Settings: Adheres to the reboot settings defined for the patch in the patch catalog
      • Do Not Reboot: Does not reboot automatically after installing the required patches
      • Reboot at the End: Reboots all assets after the patching process is complete
  4. To specify a schedule for the operation, select one of the following options: 
    • I will do it later: Change approval is not applicable. 
    • Set a schedule: Click the calendar icon in the Date and Time field, and specify the date and time. 
    • Execute now
  5. To configure change request creation and approval, select the following options: 
    The Change Approval Management page appears only if change automation is enabled in your environment.  
    1. Enable Create Change Ticket.

      Is the Create Change Ticket option is mandatory? How can I disable the change request creation?

      You can enable or disable change ticket creation depending on how administrators have configured the TrueSight Orchestration connector configuration. If the connector is configured with Change Approval as required, you cannot disable the option or skip this step.

      If already selected, continue to select values in other fields for creating a change request. 

    2. Change Template Name: Templates available in TrueSight Orchestration appear. 
    3. Urgency
    4. Impact
    5. Reason for Change
    6. ChangeClass
  6. To configure notifications, select any of the following options: 
    • Send email to: Specify a comma-separated list of email addresses, and then select one or more of the following options: 
      • Select the status to send an email based on the operation status. 
      • Select Attach patch analysis results to the email, and then specify the email attachment size limit. 
      • Specify whether to send a list of assets where the operation failed. 
    • Send SNMP trap to: Specify a hostname or IP address of the server to notify the operation results and then select one or more status options when a notification should be sent.
  7. View the summary of options selected for the operation and save changes. 
    A draft operation is created, which creates sub-operations based on the remediation type. Depending on the remediation type such as NSH script, patch, or a deploy type, separate jobs are created in TrueSight Server Automation. For example, if the vulnerabilities require only an NSH script, and a deploy job, two separate jobs are created in TrueSight Server Automation and two operations are displayed on the Operations page. 

    If change approval is configured, after a change request is created, the change request ID appears on the Operations page for all type of operations. Click the ID to view the status and other details.


    Consult the following table to understand the correlation between the change request status and the operation status and the impact on the vulnerabilities and assets state. 

    Change request statusOperation statusVulnerabilities and assets state
    Not applicable yetAwaiting attentionAwaiting attention
    NewAwaiting approvalAwaiting approval
    Ready to Execute

    Awaiting execution

    Success (After the operation completes successfully)

    Awaiting execution

    Closed (After the operation completes successfully)

    Ready to executeCancelled due to schedule timeoutAwaiting attention
    CancelledCancelled due to approval rejectionAwaiting attention

Viewing results for an operation

On the Operations page, do the following:

  1. Click the operation name.
    The Operation Run Results page shows the following details:
    • Date, time, and duration of the operation
    • Date, time, and status of the policy scan conducted as part of the operation (for a patch operation only)
    • Date, time, and status of the operation (for a vulnerability operation only)
    • Total number of assets on which the operation is performed, and their status
    • List of assets and the number of patches installed or missing on them (for a patch operation only)
  1. Are operation results displayed for all operations?

    No. Operation results are displayed for operations in a Success state.

  2. To view the list of patches installed for each asset, click the asset name (for a patch operation only).

    The patch name and the status is displayed. You can view the patch severity for each patch. 
  3. To view detailed logs for an operation, click logs. 
    Detailed log messages with a timeline are displayed for each asset. 

Removing an operation

An operation can only be run once. You may want to remove operations periodically to ensure that your application does not contain irrelevant data. 

When you delete a vulnerability remediation draft operation, its sub-operations are also removed. This is available in BMC Helix Automation Console (SaaS) and TrueSight Automation Console (on-premises) version 20.02.01 only. 

For a patch remediation operation, no draft operations get created. 

On the Operations page, do the following:

  1. Select an operation and click Action > Remove.
  2. Click Continue.
Was this page helpful? Yes No Submitting... Thank you

Comments

  1. Ramon Vazquez

    line "You can create a change ticket for a patch operation in BMC Helix Automation Console (SaaS) only." should be removed as in docs.bmc.com/docs/display/tsac2002/Change+automation details both SaaS and on-premises:


    In this release, BMC Helix Automation Console (SaaS) and TrueSight Automation Console (on-premises) support creating and approving change requests in a change management system, called BMC Remedy IT Service Management.


    In the master page is correct docs.bmc.com/docs/display/HACDocMaster/.Working+with+operations+v20.08

    Aug 03, 2020 08:13
    1. Shweta Hardikar

      Hi Ramon,

      You are right, change automation is supported in both SaaS and on-premises worlds. However, in SaaS, you can use change automation for both patch and vulnerability operations. For on-premises, it's supported for vulnerability operations only.  

      And the link you refer to is the ongoing 20.08 release in which change automation will be supported for both types (patch and vulnerability) operations and on both (on-prem and SaaS) platforms.

      Still, let me check if we can improve the doc for clarity. Thanks for your comment. 

      Aug 04, 2020 12:20