Operations

Operations perform corrective actions on assets in your environment to remediate missing patches, vulnerabilities, and non-compliant resources. You can also create operations to run NSH and Deploy jobs in TrueSight Server Automation. 

Patch operation

When you create a patch policy in BMC Helix Automation Console
, a Patch Analysis Job is created in TrueSight Server Automation. This job scans the servers in your environment and finds missing patches, which are reported on the Risks > Missing Patches page. You can then create a patch remediation operation in the Automation Console that creates a Patch Analysis Remediation Job in Server Automation. This job installs missing patches on the selected assets.

After the patch policy scan is completed, you create a remediation operation for the missing patches identified on the assets. If the selected remediation content is also applicable to the vulnerabilities found on the same assets, then both the missing patches and vulnerabilities get remediated. This ensures noise reduction for missing patches. 

When you create an operation, a pre-analysis, deploy, and post-analysis job is executed in Server Automation. 

Vulnerability operation

When you import a vulnerability scan file in the Automation Console, assets and vulnerabilities appears on the Assets > Scanned Assets and Risks> Vulnerabilities page respectively. To remediate vulnerabilities, assets must be mapped to an endpoint in the endpoint manager, and vulnerabilities must be mapped to remediation content. When you import a scan file, assets and vulnerabilities are usually automatically mapped depending on the catalogs imported in Automation Console. If they are not automatically mapped, you must manually map assets, and vulnerabilities. 

You can then create a vulnerability remediation operation, which performs the action as per the remediation content mapped for the vulnerabilities. When you create an operation, depending on the remediation content mapped to the vulnerabilities, a Patch, NSH, or a Deploy type of jobs are created in Server Automation.

When you create a vulnerability operation, all vulnerabilities that are mapped to a common remediation content impacting the same asset are resolved. After the operation is successful, these vulnerabilities are closed and no longer appear in the Risks > Vulnerabilities list. If vulnerabilities mapped to the same remediation content are a part of a different operation, scheduled at a later period, those vulnerabilities are also remediated and closed. 

When you import a scan file, after the vulnerabilities get auto-mapped, these are ready to be remediated. When you create a remediation operation for the vulnerabilities on the scanned assets, if the selected remediation content is also applicable to the missing patches identified on the same set of assets, then both the vulnerabilities and the missing patches get remediated. This ensures noise reduction for vulnerabilities. 

Compliance operation

When you create compliance scan policies to scan assets for compliance violations, data appears in the Risks > Compliance page, which shows the scanned assets, evaluated rules, and the percentage of compliant versus non-compliant rules on the assets. For all non-compliant rules, you can create an operation to resolve the rules and make the assets compliant with the policies. 

For managing compliance, your TrueSight Server Automation version must be 21.02.

Operation Templates

You can create operation templates using which operations can be created to run jobs in TrueSight Server Automation. Currently, NSH script and BLPackage Deploy jobs (software packages and BLPackages) are supported. Automation Console only supports Basic deploy jobs. 

While creating an operation template, you can choose options that can be overridden by the operators while creating an operation based on the template. For example, if you choose the Allow Override option for users to choose assets on which the NSH script is executed, operators can choose the assets while creating an operation. If it is not selected, operations have to be created with the default options only. For a deploy type of a job, you cannot create multiple templates using the same job else it may override the default values specified for the job. You cannot copy a template for a deploy job either.

As a template owner, you can share the template with multiple security groups to create operations of the same type repeatedly, and hence brings more efficiency in running operations. Only template owners can share, edit, copy, or remove the template. 

When you create any operation (patch, vulnerability, compliance, or based on a template), a job gets created in Server Automation with the value for the max_parallel_targets set to unlimited. 

For working with operation templates, your TrueSight Server Automation version must be 21.02.

Change automation

If an administrator has configured change automation in your environment, depending on the configuration, you can create a change request for a vulnerability or a patch operation in BMC Remedy IT Service Management. 

After the change request is approved, the operation runs as per the defined schedule. After the operation is successful, the change request is updated and closed. You can view the status of the change request on the Operations page. 

Based on your organization's needs, administrator can make change request creation mandatory, or optional. If it is mandatory, you must select the change request values to create a change for this operation. If optional, you can skip change creation and create an operation without a change tracking process. 

For more information, see Change automation. 

Where to go from here

• To add, edit, and remove an operation, and to view the operation results, see Working with operations. 
• To add, edit, share, and copy operation templates, and to create operations for NSH and Deploy jobs, see Working with operation templates.