21.02.01: Patch 1
Review the fixes and updates for TrueSight Automation Console 21.02.01 that might impact your users.
This patch contains the following updates.
Vulnerability management for network devices in TrueSight Network Automation
TrueSight Automation Console now integrates with TrueSight Network Automation to identify and remediate vulnerabilities on the network devices in your environment. For integrating with TrueSight Network Automation, an administrator must have configured the TrueSight Network Automation connector, which retrieves the rules enabled in Network Automation.
When you import a vulnerability scan file, the assets in the file are either automatically mapped to the devices (endpoints) in TrueSight Network Automation or you can map them manually later. Vulnerabilities are also mapped to the rules (remediation content) automatically or manually. After the assets are mapped to the endpoints, and the vulnerabilities are mapped to the remediation content, you can create an operation to remediate the vulnerabilities.
The following figure shows the Vulnerability dashboard that displays the state and health of the vulnerabilities identified by Automation Console.
Apart from this, capabilities such as remediating vulnerabilities directly from the dashboard and adding tags to the scanned assets are also supported.
The following capabilities are not supported for managing vulnerabilities on the network devices:
- Auto-import of scan files
- Mark vulnerabilities as exceptions
- Change approval process for operations
To get started, see Configuring the TrueSight Network Automation connector.
Support for high availability
You can now configure TrueSight Automation Console for high availability. For details, see Configuring TrueSight Automation Console for high availability.
Ability to keep patch catalogs current
You can now update a patch catalog any time, irrespective of a previously configured schedule. When you update the catalog in Automation Console, it is automatically updated in TrueSight Server Automation with the latest patches released by the vendor and is synced with the catalog in Automation Console.
If a catalog is already updated in TrueSight Server Automation, you can perform the sync action in Automation Console to sync with the latest updated catalog.
For details, see Working with catalogs.
Support for Batch jobs
You can now create operation templates and operations for Batch jobs.
Ad hoc operations
You can now create ad hoc operations without using the operation templates to run existing NSH Script, Deploy, and Batch jobs in Server Automation.
For more information, see Working with operations.
Enhanced patch policy configuration
While creating a patch policy for a Linux system such as SUSE, OEL, CentOS, and RHEL, you can now configure the following modes to scan assets based on the selected patch catalog:
- Install Mode to identify and install missing RPMs and their dependencies.
- (For SUSE Linux only) Dist-Upgrade Mode to identify the distribution or service pack upgrade for the scanned assets.
For more information, see Working with patch policies.
This release includes the following GUI enhancements:
- On the Risks page, the remediation content now displays the version and architecture of an operating system in addition to its type and vendor. These additional details are used to increase the percentage of auto-mapped assets.
For details, see Working with risks.
- On the Managed Assets page, you can now add tags to the assets to classify and enrich data, and use these tags to filter assets.
For details, see Working with assets.
Downloading the patch
This patch contains a full installer. You can download the installation file from the BMC Electronic Product Downloads (EPD) Site.
For instructions, see Downloading the installation files.
Installing the patch
If you are installing this patch as a fresh product installation, the process to install the patch is the same as installing any base version.
For more information, see Installing.
Upgrading to the patch
While upgrading to a patch, ensure that you specify the exact build number applicable to this patch.
For instructions, see Upgrading.
Do I need to configure the connectors after upgrading?
You do not need to configure the connectors that are already configured. Your previous connector configuration are supported as is. Configure any other connectors based on your requirement.