Operations perform corrective actions on the assets in your environment to remediate risks. For the TrueSight Server Automation endpoint manager, you can remediate missing patches, vulnerabilities, and non-compliant resources. You can also create operations to run NSH Script, Deploy, and Batch jobs in TrueSight Server Automation.
For the TrueSight Network Automation endpoint manager, you can remediate vulnerabilities identified on the assets.Operations perform corrective actions on assets in your environment to remediate missing patches, vulnerabilities, and non-compliant resources. You can also create operations to run NSH Script, Deploy, and Batch jobs in TrueSight Server Automation.
For the TrueSight Server Automation endpoint manager onlyWhen you create a patch policy in Automation Console, a Patch Analysis Job is created in TrueSight Server Automation. This job scans the servers in your environment and finds missing patches, which are reported on the Risks > Missing Patches page. You can then create a patch remediation operation in the Automation Console that creates a Patch Analysis Remediation Job in Server Automation. This job installs missing patches on the selected assets.
After the patch policy scan is completed, you create a remediation operation for the missing patches identified on the assets. If the selected remediation content is also applicable to the vulnerabilities found on the same assets, then both the missing patches and vulnerabilities get remediated. This ensures noise reduction for missing patches.
When you create an operation, a pre-analysis, deploy, and post-analysis job is executed in Server Automation.
When you import a vulnerability scan file in the Automation Console, assets and vulnerabilities appears on the Assets > Scanned Assets and Risks> Vulnerabilities page respectively. To remediate vulnerabilities, assets must be mapped to an endpoint in the endpoint managerTrueSight Server Automation or TrueSight Network Automation, and vulnerabilities must be mapped to remediation content depending on the endpoint manager. When you import a scan file, assets and vulnerabilities are usually automatically mapped depending on the catalogs imported in Automation Console. If they are not automatically mapped, you must manually map assets, and vulnerabilities.
You can then create a vulnerability remediation operation, which performs the action as per the remediation content mapped for the vulnerabilities. When you create an operation, depending on the remediation content mapped to the vulnerabilities, a Patch, NSH, or a Deploy type of jobs are created in Server Automation.
When you create a vulnerability operation, all vulnerabilities that are mapped to a common remediation content impacting the same asset are resolved. After the operation is successful, these vulnerabilities are closed and no longer appear in the Risks > Vulnerabilities list. If vulnerabilities mapped to the same remediation content are a part of a different operation, scheduled at a later period, those vulnerabilities are also remediated and closed.
You can create an operation using all the available options. However, to configure notification options, you must configure a mail server in Server Automation. See .
When you import a scan file, after the vulnerabilities get auto-mapped, these are ready to be remediated. When you create a remediation operation for the vulnerabilities on the scanned assets, if the selected remediation content is also applicable to the missing patches identified on the same set of assets, then both the vulnerabilities and the missing patches get remediated. This ensures noise reduction for vulnerabilities.
For TrueSight Server Automation onlyWhen you create compliance scan policies to scan assets for compliance violations, data appears in the Risks > Compliance page, which shows the scanned assets, evaluated rules, and the percentage of compliant versus non-compliant rules on the assets. For all non-compliant rules, you can create an operation to resolve the rules and make the assets compliant with the policies.
For managing compliance, your TrueSight Server Automation version must be 21.02.
Ad hoc operations for existing jobs
For TrueSight Server Automation onlyNEW IN 21.02.01 You can create an operation based on an exiting NSH Script, Deploy, or Batch job. This operation is used to run any of these existing jobs in TrueSight Server Automation.
Batch jobs that are configured using the "Use the following servers for all jobs" option in TrueSight Server Automation are supported.
For TrueSight Server Automation onlyYou can create operation templates using which operations can be created to create and run jobs in TrueSight Server Automation. Currently, NSH Script, BLPackage Deploy (software packages and BLPackages), and Batch jobs are supported. Automation Console only supports Basic deploy jobs.
While creating an operation template, you can choose options that can be overridden by the operators while creating an operation based on the template. For example, if you choose the Allow Override option for users to choose assets on which the NSH script is executed, operators can choose the assets while creating an operation. If it is not selected, operations have to be created with the default options only. For a deploy type of a job, you cannot create multiple templates using the same job else it may override the default values specified for the job. You cannot copy a template for a deploy job either.
As a template owner, you can share the template with multiple security groups to create operations of the same type repeatedly, and hence brings more efficiency in running operations. Only template owners can share, edit, copy, or remove the template.
When you create any operation (based on a template or ad-hoc operation), a job gets created in Server Automation with the value for the
max_parallel_targets set to unlimited.
For working with operation templates, your TrueSight Server Automation version must be 21.02. To create operation templates or ad-hoc job operations using the Batch job type, TrueSight Server Automation version must be 21.02.01.
For TrueSight Server Automation onlyIf an administrator has configured change automation in your environment, depending on the configuration, you can create a change request for a vulnerability or a patch operation in BMC Remedy IT Service Management.
After the change request is approved, the operation runs as per the defined schedule. After the operation is successful, the change request is updated and closed. You can view the status of the change request on the Operations page.
Based on your organization's needs, administrator can make change request creation mandatory, or optional. If it is mandatory, you must select the change request values to create a change for this operation. If optional, you can skip change creation and create an operation without a change tracking process.
For more information, see Change automation.
Where to go from here
- To add, edit, and remove an operation, and to view the operation results, see Working with operations.
- To add, edit, share, and copy operation templates, and to create operations for NSH, Deploy, and Batch jobs, see Working with operation templates.