×
 
 
  •  
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')
BMC Helix Automation Console ... Using Operations

Working with operations

This topic provides instructions on adding operations for remediating risks depending on the endpoint manager, TrueSight Server Automation or TrueSight Network Automation. TrueSight Automation Console supports TrueSight Network Automation as an endpoint manager.


This topic provides instructions on adding operations for remediating missing patches or vulnerabilities, and viewing the results after an operation is complete. To understand the concept of operations, see Operations

Adding a patch remediation operation 

On the Operations page, click Add Operation, and do these steps: 

  1. Enter a unique operation name, and an optional description, and then click Next.
    Operation name must always be unique (up to 150 characters) even if users with different roles are creating it.
  2. On the Patch Selections page, do the following steps and click Next
    1. Select a patch policy (policy having missing patches).
    2. To specify assets, do one of the following:
      • Select associated groups (server groups or server smart groups imported from the policy).
      • Select associated assets and then select individual assets.
  3. To specify reboot options for the assets, select one of the following options and click Next
    • Honor Patch Reboot Settings: Adheres to the reboot settings defined for the patch in the patch catalog
    • Do Not Reboot: Does not reboot automatically after installing the required patches
    • Reboot at the End: Reboots all assets after the patching process is complete
  4. To specify a schedule for the operation, select one of the following options and click Next
    1. I will do it later: Change approval is not applicable and you skip to step 6.
    2. Set a schedule
      1. Click the calendar icon in the Date and Time field, and specify the date and time. 
      2. Select the hours or minutes in the Staging Before field to specify a staging and analysis window. 
        A staging window determines the time before which the patches and payload data must be downloaded on the assets before running the remediation operation. If you select 1 hour for staging, analysis starts an hour before the staging phase. Maximum limit is 999 hours.
    3. Execute now
  5. To configure notifications, select any of the following options and click Next
    • Send email to: Specify a comma-separated list of email addresses, and then select one or more of the following options: 
      • Select the status to send an email based on the operation status. 
      • Select Attach patch analysis results to the email, and then specify the email attachment size limit. 
      • Specify whether to send a list of assets where the operation failed. 
    • Send SNMP trap to: Specify a host name or IP address of the server to notify the operation results and then select one or more status options when a notification should be sent.
  6. To configure change request creation and approval, select the following options: 
    The Change Approval Management page appears only if change automation is enabled in your environment.  

    1. Enable Create Change Ticket.

      Is the Create Change Ticket option mandatory? How can I disable the change request creation?

      You can enable or disable change ticket creation depending on how administrators have configured the TrueSight Orchestration connector configuration. If the connector is configured with Change Approval as required, you cannot disable the option or skip this step.

      If already selected, continue to select values in other fields for creating a change request. 

    2. ChangeTemplateName
    3. Urgency
    4. Impact
    5. ReasonforChange
    6. ChangeClass
  7. View the summary of options selected for the operation and click Save
    The operation runs according to the defined schedule. If a change request is created, the operation runs after the change is approved. If you want to update the schedule for an operation in BMC Remedy ITSM, update the Schedule Start Date or the Schedule End Date for the task and not the change request. 

Adding a vulnerability remediation operation

On the Operations page, click Add Operation, and do these steps: 

  1. Enter a unique operation name, and an optional description, and then click Next.
    Operation name must always be unique (up to 150 characters) even if users with different roles are creating it.
  2. Select Vulnerability Selections and use either of the following search options to select the vulnerabilities to remediate:

    • Enter a vulnerability name, asset host name or IP address, or a CVE ID, and click Search.

      Assets with vulnerabilities that are mapped to remediation content are displayed and selected in the operation.

      Can I perform an empty search?

      No. However, you can place your cursor in the search box, add a space, and click Search. All assets with vulnerabilities mapped to the remediation content are displayed.

      You can either enter a search term or use Advanced filter to select vulnerabilities. Results from only the latest search are selected for the operation.

    • Click Advanced filter and select the required filters, and click Done. You can select multiple search criteria from the following options:
      • Asset
      • Managed Asset Tag
      • CVE ID
      • Detection Date
      • Last Observed Date
      • Operating System
      • Risk Owner
      • Risk Score
      • Risk Tag
      • Scan File
      • Scanned Asset Tag
      • Severity
      • SLA

      • Vulnerability Name

        Important

        When you select the Operating System filter, the list of operating systems is populated dynamically depending upon the imported scan file.

        When you select the Assets, Managed Asset Tag, CVE ID, Operating System, Risk Owner, Risk Score, Risk Tag, Severity, and Vulnerability Name filters, you can click Select All to select all the sub-criteria, and click Clear All to clear your selection.


        Assets with vulnerabilities that match the search results are displayed and selected in the operation.
        To view details about the vulnerabilities, expand the asset name. The Vulnerability name, port, CVE IDs, severity, remediation, and the remediation type are displayed.

  3. To prepare a list of operations: 

    In TrueSight Server Automation, a list of operations is prepared based on the remediation content, such as NSH script and blpackages.
    In TrueSight Network Automation a single operation is created for all the rules when no exceptions on violations are available.
    For example, an operation is created for any violation for which an exception exists. For all the other violations, a separate operation is created.

  4. To configure additional remediation options based on the remediation content, do these steps: 
    • If there are no configuration options, click Next
    • For a Patch type of operation, select one of the following options: 
      • Honor Patch Reboot Settings: Adheres to the reboot settings defined for the patch in the patch catalog
      • Do Not Reboot: Does not reboot automatically after installing the required patches
      • Reboot at the End: Reboots all assets after the patching process is complete
  5. To specify a schedule for the operation, select one of the following options: 
      • I will do it later: Change approval is not applicable and skip to step 6. 
      • Set a schedule: Click the calendar icon in the Date and Time field, and specify the date and time. 
      • Execute now

  6. To configure change request creation and approval, select the following options:The Change Approval Management page appears only if change automation is enabled in your environment.  

      1. Enable Create Change Ticket.

        Is the Create Change Ticket option is mandatory? How can I disable the change request creation?

        You can enable or disable change ticket creation depending on how administrators have configured the TrueSight Orchestration connector configuration. If the connector is configured with Change Approval as required, you cannot disable the option or skip this step.

        If already selected, continue to select values in other fields for creating a change request. 

      2. ChangeTemplateName
      3. Urgency
      4. Impact
      5. ReasonforChange
      6. ChangeClass
  7. To configure notifications, select any of the following options: 
      • Send email to: Specify a comma-separated list of email addresses, and then select whether to send an email based on the operation status. 
      • Send SNMP trap to: Specify a host name or IP address of the server to notify the operation results and then select one or more status options when a notification should be sent.

  8. View the summary of options selected for the operation and save changes. 
    A parent operation is created, which creates child operations based on the remediation type. Depending on the remediation type such as NSH script, patch, or a deploy type, separate jobs are created in TrueSight Server Automation. For example, if the vulnerabilities require only an NSH script, and a deploy job, two separate jobs are created in TrueSight Server Automation and two operations are displayed under the parent operation on the Operations page. 

    If change approval is configured, after a change request is created, the change request ID appears on the Operations page for all type of operations. Click the ID to view the status and other details.

    If you want to update the schedule for an operation in BMC Remedy ITSM, update the Schedule Start Date or the Schedule End Date for the task and not the change request. 

    Consult the following table to understand the correlation between the change request status and the operation status and the impact on the vulnerabilities and assets state. 

    Change request statusOperation statusVulnerabilities and assets state
    Not applicable yetAwaiting attentionAwaiting attention
    NewAwaiting approvalAwaiting approval
    Ready to Execute

    Awaiting execution

    Success (After the operation completes successfully)

    Awaiting execution

    Closed (After the operation completes successfully)

    Ready to executeCancelled due to schedule timeoutAwaiting attention
    CancelledCancelled due to approval rejectionAwaiting attention
     

Adding a compliance remediation operation

On the Operations page, click Add Operation, and do these steps: 

  1. Enter a unique operation name, and an optional description, and then click Next.
    Operation name must always be unique (up to 150 characters) even if users with different roles are creating it.
  2. On the Compliance Selections page, do these steps: 
    1. Select a compliance scan policy.
      Non-compliant assets are displayed.
  3. To specify a schedule for the operation, select one of the following options: 
    • I will do it later: Change approval is not applicable and skip to step 5. 
    • Set a schedule: Click the calendar icon in the Date and Time field, and specify the date and time. 
    • Execute now
  4. To configure change request creation and approval, select the following options: 
    The Change Approval Management page appears only if change automation is enabled in your environment.  

    1. Enable Create Change Ticket.

      Is the Create Change Ticket option is mandatory? How can I disable the change request creation?

      You can enable or disable change ticket creation depending on how administrators have configured the TrueSight Orchestration connector configuration. If the connector is configured with Change Approval as required, you cannot disable the option or skip this step.

      If already selected, continue to select values in other fields for creating a change request. 

    2. ChangeTemplateName
    3. Urgency
    4. Impact
    5. ReasonforChange
    6. ChangeClass
  5. To configure notifications, select any of the following options: 
    • Send email to: Specify a comma-separated list of email addresses, and then select whether to send an email based on the operation status. 
    • Send SNMP trap to: Specify a host name or IP address of the server to notify the operation results and then select one or more status options when a notification should be sent.
  6. View the summary of options selected for the operation and save changes.
    To view details of an operation, click Actions > View and the operation summary page is displayed. 
    The operation runs according to the defined schedule. If change approval is configured, after a change request is created, the change request ID appears on the Operations page. Click the ID to view the status and other details. If you want to update the schedule for an operation in BMC Remedy ITSM, update the Schedule Start Date or the Schedule End Date for the task and not the change request. 

    Consult the following table to understand the correlation between the change request status and the operation status and the impact on the vulnerabilities and assets state. 

    Change request statusOperation statusVulnerabilities and assets state
    Not applicable yetAwaiting attentionAwaiting attention
    NewAwaiting approvalAwaiting approval
    Ready to Execute

    Awaiting execution

    Success (After the operation completes successfully)

    Awaiting execution

    Closed (After the operation completes successfully)

    Ready to executeCancelled due to schedule timeoutAwaiting attention
    CancelledCancelled due to approval rejectionAwaiting attention

Adding an adhoc operation

On the Operations page, click Add Operation, and do these steps: 

  1. Enter a unique operation name, and an optional description, and then click Next.
    Operation name must always be unique (up to 150 characters) even if users with different roles are creating it.
  2. Select Adhoc Job Selections, and do the following:
    1. From the Job Type list, select one of these job types: NSH Script, Deploy, or Batch

      Important

      • To create Batch jobs, use the latest compatible version of TrueSight Server Automation as mentioned in System requirements..
      • Batch jobs that are configured using the "Use the following servers for all jobs" option in TrueSight Server Automation are supported.
    2. In the Select Job Name field, click Browse and select the required job name.
    3. In the Save Job In field, click Browse and select the path where you want to save the job, which triggers the selected job in TrueSight Server Automation.
    4. (Optional) From the Assets list, select the assets and the asset groups where you want to run the job. By default, the Assets table displays the assets and asset groups that are associated with the selected job. You can either enter a search term or use Advanced filter to select assets.
      Click Advanced filter and select the required filters, and click Done. You can select multiple search criteria from the following options:
      • Asset
      • Asset Tag

      • Operating System

        Assets that match the search results are displayed. Click Select to choose the assets.

    5. Click Next.
  3. To configure the script parameters, do the following:
    • NSH Script Job: Click  corresponding to the parameter that you want to configure, and specify a value for the parameter. Similarly, configure other parameters.
    • Deploy Job: Click  corresponding to the parameter that you want to configure, and specify a value for the parameter. Similarly, configure other parameters.
      The Reboot Option list displays the reboot option configured for the existing TrueSight Server Automation job and changing this option is not supported. 
    • Batch Job: Not applicable
    If the number of parameters are more, use the scroll bar to quickly navigate through the parameter list.
  4. To specify a schedule for the operation, select one of the following options: 
    • I will do it later: Change approval is not applicable and skip to step 5. 
    • Set a schedule: Click the calendar icon in the Date and Time field, and specify the date and time. 
    • Execute now
  5. To configure change request creation and approval, select the following options: 
    The Change Approval Management page appears only if change automation is enabled in your environment.  

    1. Enable Create Change Ticket.

      Is the Create Change Ticket option is mandatory? How can I disable the change request creation?

      You can enable or disable change ticket creation depending on how administrators have configured the TrueSight Orchestration connector configuration. If the connector is configured with Change Approval as required, you cannot disable the option or skip this step.

      If already selected, continue to select values in other fields for creating a change request. 

    2. ChangeTemplateName
    3. Urgency
    4. Impact
    5. ReasonforChange
    6. ChangeClass
  6. To configure notifications, select any of the following options: 
    • Send email to: Specify a comma-separated list of email addresses, and then select whether to send an email based on the operation status. 
    • Send SNMP trap to: Specify a host name or IP address of the server to notify the operation results and then select one or more status options when a notification should be sent.
  7. Review the summary of options selected for the operation, and save the changes.
    To view details of an operation, click Actions > View and the operation summary page is displayed. 
    The operation runs according to the defined schedule. If the change approval is configured, the change request ID appears on the Operations page after a change request is created. Click the ID to view the status and other details. If you want to update the schedule for an operation in BMC Remedy ITSM, update the Schedule Start Date or the Schedule End Date for the task and not the change request.

    Consult the following table to understand the correlation between the change request status and the operation status and the impact on the vulnerabilities and assets state. 

    Change request statusOperation statusVulnerabilities and assets state
    Not applicable yetAwaiting attentionAwaiting attention
    NewAwaiting approvalAwaiting approval
    Ready to Execute

    Awaiting execution

    Success (After the operation completes successfully)

    Awaiting execution

    Closed (After the operation completes successfully)

    Ready to executeCancelled due to schedule timeoutAwaiting attention
    CancelledCancelled due to approval rejectionAwaiting attention

Viewing operation results

On the Operations page, do the following:

  1. Click the operation name.
    The Operation Run Results page shows the following details:
    • Date, time, and duration of the operation
    • Date, time, and status of the policy scan conducted as part of the operation (for a patch operation only)
    • Date, time, and status of the operation (for a vulnerability and a compliance operation)
    • Total number of assets on which the operation is performed, and their status
    • List of assets and the number of patches installed or missing on them (for a patch operation only)
  2. To view the list of patches installed for each asset, click the asset name (for a patch operation only).

    The patch name and the status is displayed. You can view the patch severity for each patch. 
  3. To view detailed logs for an operation, click logs. 
    For a patch operation, remediation and a post-analysis logs are displayed. Detailed log messages with a timeline are displayed for each asset. 

To search for an operation, enter the operation name in the search box. The relevant results are displayed.

For a Batch job operation, note the following:

  • You can drill down to view the additional details of NSH Script and Deploy type of member jobs. Drill down is not available for other member job types, such as Snapshot, Update Server Properties, and File Deploy.

  • A Batch job operation can also contain other Batch jobs as member jobs. However, only the logs are displayed for these child Batch jobs.

  • The details of a Batch job operation run include only the member job logs.

Editing a patch remediation operation

You can edit a patch remediation operation that is created with or without using a template.

On the Operations page, do the following:

  1. Click edit action corresponding to the operation that you want to update.

  2. Edit the following configurations:

    • Description
    • Assets in patch deployment
    • Reboot options
    • Operation schedule
    • Notifications

    For the configuration details, see Adding a patch remediation operation.

    The operation name and patch policy cannot be modified.

  3. To update the change approval management details, do the following:
    1. On the Connectors page, edit the TrueSight Orchestrator Connector configuration.
    2. For editing operations, specify whether you want to create a new change ticket for approved operations.
    3. Do one of the following:
      • Enable Create a New Change Ticket on operation edit to enforce change during the operation edit.
        This option is enabled by default. With this configuration, Automation Console cancels any existing change ticket and creates a new one. 
      • Disable Create a New Change Ticket on operation edit to use the existing change ticket or create a new one. 
        For any non-approved change ticket, Automation Console always cancels the existing change ticket and creates a new one. When the change approval is not mandatory, you can skip the approval and cancel any existing change ticket.

      • Based on this, followings are the possible combinations where user may mandate the change ticket creation during operation Create and / or Edit and the change ticket option i.e. Create a New , Use Existing, Skip Approval - will be available to him while editing the patch remediation operation, on Change Approval Management page.

        Make Change approval

        mandatory 

        Create a new ticket on

        operation edit

        Operation Status

        is Awaiting Approval ?

        'Create a New'

        option available

        'Use Existing'

        option available

        'Skip Approval'

        option available

        YesYesYesYesNoNo
        YesNoYesYesNoNo
        NoYesYesYesNoYes
        NoNoYesYesNoYes
        YesYesNoYesNoNo
        YesNoNoYesYesNo
        NoYesNoYesNoYes
        NoNoNoYesYesYes
      • Use existing change ticket option is available in Operation edit, only when operation is in Awaiting execution state i.e. ticket is approved and operation is waiting for its execution. Provided necessary messages on selecting these option by user on this page e.g. Use Existing option will not update any details of change in ITSM, but in TSSA job.
  4. Save the changes.

Removing an operation

Any patch, vulnerability, or compliance operation can only be run once. You may want to remove operations periodically to ensure that your application does not contain irrelevant data. 

When you remove a vulnerability remediation parent operation, its child operations are also removed. 

On the Operations page, do the following:

  1. To delete a parent operation, click Action > Remove.
    OR
    To delete a child operation only, expand the parent operation and click Action > Remove
  2. Click Continue.
Was this page helpful? Yes No Submitting... Thank you
Last modified by Sonal Rajapurkar on Aug 01, 2023
operations

Comments

Log in or register to comment.

Operations
Working with operation templates
© Copyright 2019 - 2022 BMC Software, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2023 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.