Change Automation user scenario for SCCM
This topic describes a scenario in which a Remediation operation initiated by a TrueSight Vulnerability Management administrator is automatically recorded and tracked in the change management system (such as BMC Remedy ITSM), and then executed without user intervention. User intervention is required only for approving the change ticket in the change management system.
In this scenario, an operator in the IT operations organization is using TrueSight Vulnerability Management to remediate vulnerabilities on target servers. The operator creates the Remediation operation and specifies that the change should be approved in the change management system (such as BMC Remedy IT Service Management). For each Remediation operation, TrueSight Vulnerability Management creates a job in SCCM. Additionally, a change ticket and task ticket is created automatically.
As soon as a Change Manager approves the corresponding change request in the change management system, the job schedule is updated in SCCM and the job is executed in SCCM. The corresponding ticket in the change management system is updated with the results. This workflow ensures that all server configuration changes are logged for tracking by the change manager.
The TrueSight Vulnerability Management integration with BMC Remedy ITSM supports the following job types:
- Application Deployment Job
- Package Deployment Job
- Software Update Deployment Job
The following diagram shows different stages during execution of a Remediation operation that requires approval.
Operation's approval status and statuses of the change ticket and the vulnerability are updated at every stage, as described in Change Automation.
- As part of a critical security operation, the TrueSight Vulnerability Management administrator plans to create a Remediation operation to remediate target servers of high severity security vulnerabilities. As prerequisites, the administrator installs and configures the ITSM Automation runbook and sets up job approval and change tracking mechanism.
- While creating the Remediation operation, the administrator specifies that the operation must be approved by the change management system by choosing the Approval Required option on the Create Remediation Operation - Operation Panel. The administrator also chooses the template and values for the Urgency, Impact, ReasonForChange, and ChangeClass fields.
- As soon as the administrator completes the operation definition, a job with dummy schedule is created in SCCM.
Job properties show that this job was created by TrueSight Vulnerability Management.
The job is updated with the actual schedule by the Change Automation account post approval. SCCM returns a Job ID to TrueSight Vulnerability Management. SCCM returns a Job ID to TrueSight Vulnerability Management.
- TrueSight Vulnerability Management sends a request for change (RFC) to the change management system through with Job ID returned in the previous step. Change record is created using a specific change template and includes one task, even if multiple servers are used as targets. The Summary field is populated with the operation details and the Notes field is populated with the vulnerability names selected in the Remediation operation.
- The change request ID and task ID are sent to TrueSight Vulnerability Management. If the servers that have been specified as targets are present in CMDB as configuration items, then those servers are associated to the change and task requests as Configuration Items (CIs) in the Relationships tab.
When you view the Approval Status of the operation in TrueSight Vulnerability Management, it is shown as New.
The Change Manager approves the change request in the change management system.
- TrueSight Vulnerability Management checks the status of the Remediation operation and sees that it has been approved. The Change Automation account updates the job in SCCM with the schedule, and submits the job for execution in SCCM.
After the SCCM job execution completes successfully, the BMC Remedy ITSM user can open the change ticket to review the following items:
- Status of task (Completed)
- Status of change record - determined by change management business logic
- Review which servers were updated
The Remediation operation run status is updated to Completed in TrueSight Vulnerability Management and the target servers are remediated of high severity security vulnerabilities.
Note: For more information about using the change management console, see Using the Change Management Console and the Change form.