Change Automation user scenario for TrueSight Network Automation

This topic describes a scenario in which a Remediation operation for TrueSight Network Automation initiated by a TrueSight Vulnerability Management administrator is automatically recorded and tracked in the change management system (such as BMC Remedy ITSM), and then executed without user intervention. User intervention is required only for approving the change ticket in the change management system.

Overview

In this scenario, an operator in the IT operations organization is using TrueSight Vulnerability Management to remediate vulnerabilities on network devices. The operator creates the Remediation operation and specifies that the change should be approved in the change management system (such as BMC Remedy IT Service Management). For each Remediation operation, TrueSight Vulnerability Management creates a Draft job in TrueSight Network Automation. Additionally, a change ticket and task ticket is created automatically.

As soon as a Change Manager approves the corresponding change request in the change management system, the job schedule is updated in TrueSight Network Automation and then the job is submitted for execution in TrueSight Network Automation. In addition, the corresponding ticket status in BMC Remedy ITSM is updated. This workflow ensures that all network configuration changes are logged for tracking by the change manager.

The following diagram shows different stages during execution of a Remediation operation that requires approval.

Operation's approval status and statuses of the change ticket and the vulnerability are updated at every stage, as described in Change Automation

User scenario

  1. As part of a critical security operation, the TrueSight Vulnerability Management administrator plans to create a Remediation operation to remediate target servers of high severity security vulnerabilities. As prerequisites, the administrator installs and configures the ITSM Automation runbook and sets up job approval and change tracking mechanism.
  2. While creating the Remediation operation, the administrator specifies that the operation must be approved by the change management system by choosing the Approval Required option on the Create Remediation Operation - Operation Panel. The administrator also chooses the template and values for the Urgency, Impact, ReasonForChange, and ChangeClass fields.

  3. As soon as the administrator completes the operation definition, a draft job that is not scheduled for execution is created in TrueSight Network Automation. 


    The Job Details page shows that this job was created by Vulnerability Management.



    The job is updated with the schedule by the Change Automation account post approval. TrueSight Network Automation returns a Job ID to TrueSight Vulnerability Management. 
  4.  TrueSight Vulnerability Management sends a request for change (RFC) to the change management system through with Job ID returned in the previous step. Change record is created using a specific change template and includes one task, even if multiple devices are used as targets. The Summary field is populated with the operation details and the Notes field is populated with the vulnerability names selected in the Remediation operation.

  5. The change request ID and task ID are sent to TrueSight Vulnerability Management. If the devices that have been specified as targets are present in CMDB as configuration items, then those devices are associated to the change and task requests as Configuration Items (CIs) in the Relationships tab. When you view the Approval Status of the operation in TrueSight Vulnerability Management, it is shown as New.

  6. The Change Manager approves the change request in the change management system.

  7. TrueSight Vulnerability Management checks the status of the Remediation operation. When you view the Approval Status of the operation in TrueSight Vulnerability Management, it is shown as Approved.
  8. The Change Automation account submits the job for execution in TrueSight Network Automation.
  9.  After the TrueSight Network Automation job execution completes successfully, the BMC Remedy ITSM user can open the change ticket to review the following items:

    • Status of task (Completed)
    • Status of change record - determined by change management business logic
    • Review which devices were updated
  10. The Remediation operation run status is updated to Completed in TrueSight Vulnerability Management and the target devices are remediated of high severity security vulnerabilities.

Note: For more information about using the change management console, see Using the Change Management Console and the Change form.

Related topics

Change Automation user scenario for TrueSight Server Automation
Change Automation user scenario for SCCM

Was this page helpful? Yes No Submitting... Thank you

Comments