This section provides an overview and process flow to enable creating and approving change requests in an IT service management system for remediation operations.
In this release,TrueSight Automation Consolesupports creating and approving change requests in BMC Remedy IT Service Management and ServiceNow ITSM systems.
When operational changes such as installing patches or remediating vulnerabilities are implemented, administrators need to keep a track of these changes in a change management system. Organizations may use an approval process, where a change is not implemented unless it is approved. To automate the process of creating a change request, approving it, and then ensuring that the change is implemented, change automation is enabled.
You can create a change request for a vulnerability or a patch remediation operation. This is done by integrating with TrueSight Orchestration – ITSM Automation runbook. This runbook supports creating change requests in both BMC Remedy IT Service Management and ServiceNow ITSM systems.
When you create an operation in Automation Console, you can create a change request, with approval settings as configured in the ITSM system of your choice. The change request ID appears against the operation on the Operations page. After a change is approved, based on the schedule, the operation runs and remediates the missing patches or vulnerabilities.
For a patch remediation operation, a configuration item (CI) is not associated with the change request. For a vulnerability operation, a CI gets associated with the change request.
Change automation ensures continuous compliance to the change process without introducing labor intensive activities. The integration reduces the risk of unauthorized and unplanned changes through enforced change tracking.
Change automation process flow
The following figure shows the end-to-end process flow for a vulnerability operation with a change approval configured.
Change automation considerations
As administrators, when you implement change automation, consider the following:
- A single change request is created for a single operation.
- Change request creation is only available if you have selected Execute Now or defined a schedule for the operation.
If you select the Maintenance Schedule as I will do it later, you do not see the option to create a change request.
- When a change is created, the change request ID is updated in the job description in the TrueSight Server Automation job created for the operation.
- If you update the schedule for an operation in the task associated with the change request, the updated schedule is reflected for the operation. After approval, the operation runs according to the new schedule. Note that you must update the Schedule Start Date or the Schedule End Date for the task and not the change request.
- If the operation schedule expires before the change request is approved, the operation and the job is cancelled, and the status is shown as Cancelled due to schedule timeout.
- If the change request is cancelled or not approved, the operation and the job are cancelled.
If using change templates in BMC Remedy ITSM, ensure that the Scheduled for Approval stage is enabled in the template.
Consult the following table to understand the correlation between the change request status and the operation status and the impact on the vulnerabilities and assets state.
|Change request status||Operation status||Vulnerabilities and assets state|
|Not applicable yet||Awaiting attention||Awaiting attention|
|New||Awaiting approval||Awaiting approval|
|Ready to Execute|
Success (After the operation completes successfully)
Closed (After the operation completes successfully)
|Ready to execute||Cancelled due to schedule timeout||Awaiting attention|
|Cancelled||Cancelled due to approval rejection||Awaiting attention|
Where to go from here
To install and configure the ITSM runbook, and to set up a change request creation, see Enabling change automation.