Change Automation

This topic describes benefits and stages in the Change Automation use case.

Benefits of Change Automation

When operational changes are implemented, administrators need to document and track these changes in a change management system. To automate this change tracking process, a Request For Change (RFC) is automatically created in the change management system, whenever an endpoint administrator initiates a Remediation operation in Vulnerability Management that requires approval. After the change is approved in Change Management, the corresponding job is scheduled for execution in the endpoint manager.

After the job has run, the change task is closed with an associated completion status and any changed configuration items (CIs). Administrators can view the status of the corresponding Remediation operation in the TrueSight Vulnerability Management GUI. 

The main benefit of this integration is to enforce continuous compliance to the change process without introducing labor intensive activities. The integration reduces the risk of unauthorized and unplanned changes through enforced change tracking.

Supported endpoint managers

Starting with version 3.1, TrueSight Vulnerability Management supports Change Automation for the following endpoint managers:

  • TrueSight Server Automation
  • TrueSight Network Automation
  • Microsoft System Center Configuration Manager (SCCM)

Before you use Change Automation

Before you use Change Automation, ensure that you have set up the following prerequisites:

  1. Install and configure ITSM Automation runbook
  2. Set up job approval and change tracking

Stages in Change Automation

Note

This section provides an overview of the stages in Change Automation. For the endpoint manager-specific use case scenarios, see the following topics:

The following diagram shows the different stages during execution of a Remediation operation that requires approval.

The following table describes the stages of this use case.

StageDescriptionChange Ticket status in BMC Remedy ITSMOperation's Approval Status in Vulnerability ManagementVulnerability Status in Vulnerability Management
1

When an administrator chooses to create a Remediation operation with configuration parameters, such as template and impact, and selects the Approval Required option, the logged in user belonging to the selected security group creates a job in the endpoint manager.

Not created yetNewAwaiting attention
2

Endpoint manager returns Job ID to TrueSight Vulnerability Management after a job is created.

Not created yetNewAwaiting attention
3

A RFC is sent to the change management system through the endpoint manager with the Job ID returned in step 2. Change management system creates a change record and returns a change ID and task ID.

Planning In ProgressNewAwaiting approval
4

TrueSight Vulnerability Management updates the job created at the endpoint manager with the source of the change ticket (in this case, Vulnerability Management), Change ID, and Task ID and applies the specified template to the change record based on the input received in the change creation request.

Planning In Progress NewAwaiting approval
5

TrueSight Vulnerability Management checks the status of each change record. If the change record is approved, TrueSight Vulnerability Management performs the following tasks:

  • Updates the job in the endpoint manger with the schedule.
  • Updates the approval status of the Remediation operation to Approved in TrueSight Vulnerability Management after the Data Refresh interval.
  • Updates the vulnerability status to Awaiting execution.

If approval is not received or not received by the specified scheduled time, TrueSight Vulnerability Management performs the following tasks:

  • Updates the Remediation operation status to Error.
  • Updates the approval status of operation to Cancelled.
  • Updates the vulnerability status to Awaiting attention.

Implementation In Progress (when approved)

Cancelled (when cancelled)


Approved (when approved)

Cancelled (when approval not received by the specified scheduled time)



Awaiting execution (when approved)

Awaiting attention (when approval not received by the specified scheduled time)

6

Job starts executing in the endpoint manager.

Implementation In ProgressApprovedAwaiting execution
7

Once job execution is over, the following actions take place:

  • The Remediation operation status is updated in TrueSight Vulnerability Management.
  • RFC is completed in the change management system.
  • On the Security Dashboard, vulnerability status for an asset is updated.
CompletedCompletedClosed



Was this page helpful? Yes No Submitting... Thank you

Comments