×
 
 
  •  
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')

Unsupported content

 

This version of the product has reached end of support. The documentation is available for your convenience. However, you must be logged in to access it. You will not be able to leave comments.
TrueSight Vulnerability Management 3.1 ... Using Help content for all windows

Patch Analysis results - Missing Patches tab

The Missing Patches tab lists all patches that are missing on one or more target servers. Select one of those patches, and the Targets list at right shows the targets where that patch is missing.

Using the Missing Patches tab, you can run a remediation operation to deploy missing patches to target servers. A remediation operation automatically downloads and packages the missing patches and creates a Deploy operation to deploy the patches to the targets you specify.

When remediating target servers, you can deploy all missing patches to all target servers. On Microsoft Windows targets, you can run a remediation operation that deploys a missing patch to all servers where the patch is missing or to a single server.

To search for patches or targets

In the Search Patches box, enter a text string of any length. The Patches list shows all missing patches with names that include that text string. If you leave the box blank, the page shows all missing patches. Search for unpatched targets in a similar way, using the Search Targets box.

To obtain information about a patch

In the patches list, find the patch for which you want information and, hover your cursor over the information icon . A pop-up message describes the patch.

To filter information by errata (Linux only)

From Errata, select the category of information you want to display.

To remediate missing patches

To begin remediation, choose one of the following actions:

  • To remediate all missing patches for all targets, select the Actions icon  at the top of the patches list at left and then select Remediate All Patches For All Targets.
    The New Remediation Operation dialog box opens.
  • (Windows only) To remediate all targets for one missing patch, select a patch in the patches list at left. Then, select the Actions icon  at the top of the targets list at right and select Remediate All Targets For This Patch.
    The New Remediation Operation dialog box opens. Note that some rules do not support remediation.
  • (Windows only) To remediate one target for one missing patch, select a patch in the patches list at left. Then, in the targets list at right, find the target to remediate, click , and select Remediate Selected Target For Patch
    The New Remediation Operation dialog box opens.

Use the New Remediation Operation dialog box, as described in the following section. 

Remediation based on a deploy template

When setting up remediation based on a deploy template, you specify locations to store BLPackages and jobs that are created automatically. The locations you choose are folders in TrueSight Server Automation. You can also a select a deploy template, which controls the behavior of the remediation job. If the deploy template is defined as an advanced Deploy Job, you can make scheduling decisions for the remediation job. 

Deploy templates can be defined for a security group or at the connector level.

  1. For Depot Group, use the folder icon to navigate to a depot group that can store the BLPackage created for this remediation operation.
  2. For Job Group, use the folder icon to navigate to a job group that can store the job created for this remediation operation.
  3. To specify Deploy job settings for the remediation operation, perform the following steps:
    1. Click the Selected Deploy Template tab, which shows a list of Deploy jobs that can be used as templates for the remediation operation.

    2. Select a Deploy job in the list of templates.
      The Deploy job appears in the Selected Deploy Template field. To remove a Deploy template, select the Deploy job again from the list of possible Deploy jobs. 

    3. Optionally, inspect the settings of the template by clicking Details. TrueSight Vulnerability Management lists settings for the selected job, such as its logging level and reboot settings. To return to the list of template jobs, click Templates.

      Note

      Many options are available for controlling the behavior of a Deploy Job (that is, a deploy template) used for remediation purposes. See here for a complete list. For instructions on using TrueSight Server Automation to implement those options, see Setting deploy options for remediation jobs.

    4. If you have selected a Deploy template that is defined as an Advanced Deploy job in TrueSight Server Automation, you can schedule the individual phases of the remediation operation (that is, simulate, stage, and commit). Take the following steps:
      1. Click the Phase Schedules and Execution tab.

      2. Take any of the following actions:
        • If you do not want to schedule the phases of the remediation action, select Do not execute. 
        • If you want to schedule all phases to run sequentially, select Execute sequentially and then specify a time zone and a start time for when execution begins.
        • If you want to schedule each phase individually, select Execute selected phases. Select a time zone. Then specify a start time for each phase that you want to schedule. Instead of setting a start time, you can click After Previous Phase to indicate that the phase should begin after the previous phase completes. You can also click Not Scheduled to specify that a particular phase is not scheduled.
  4. (optional) If you select a Deploy template, the Approval Settings tab appears. If you set up job approval and change tracking, you can request a job approval through a change management system, such as BMC Remedy ITSM and hence, execute the Change Automation use case. Select the change template and various approval parameters, as described in Job approval options.

    Job approval options

    OptionDescription
    Template

    Select Default Template from the list. When you choose this option, change request will be created in BMC Remedy ITSM based on the default template.
    You can also create customized templates in BMC Remedy ITSM and configure the DEFAULT_TEMPLATE_MAP parameter in TrueSight Orchestration to display and use that template in Vulnerability Management. For more information about this parameter, see Configuring the ITSM Automation run book in the TrueSight Orchestration documentation.

    Urgency

    Enter the urgency of the change being requested.

    • Critical—The change is immediately necessary to prevent severe business impact. Change approval is needed by the CAB or Emergency Committee (CAB/E-CAB).
    • High—The change is needed as soon as possible because of potentially damaging service impact.
    • Medium—The change will solve irritating problems or repair missing functionality. This change can be scheduled.
    • Low—The change will lead to improvements, changes in workflow, or configuration. This change can be scheduled.
    Impact

    Select the scope of the change being requested. For example, is the job targeted for one server or a large number of servers? The default value is Minor/Localized.

    • Extensive—There is significant business service impact because multiple customers are affected by the change. Considerable human and technical resources are needed. Management is involved in the decision process. The RFC must be discussed in the Change Advisory Board (CAB) meeting and approved by the Change Manager. The Change Manager seeks advice on change authorization and planning.
    • Significant—There is clear service impact because at least one customer is affected by the change. The RFC must be discussed in the CAB meeting and approved by the Change Manager. The Change Manager seeks advice on authorization and planning.
    • Moderate—There is little impact on current services because no customers are affected as a result of the change. The Change Manager can authorize this RFC.
    • Minor—The change can be executed without prior approval from the Change Manager because no customers are affected by the change.
    ReasonForChange

    Select the reason to be specified in the change request. Valid values are:

    • 1-Fix/Repair
    • 2-New Functionality
    • 3-Maintenance
    • 4-Upgrade
    • 5-Other
    ChangeClass

    Select the class for the change request. Valid values are:

    • Emergency
    • Expedited
    • Latent
    • Normal
    • No Impact
    • Standard
  5. Click Create to save the remediation operation so it can be run later (using the Remediation Options tab), or click Execute to save the remediation operation and run it immediately.
    You can also click the Patch Summary and Target Summary tabs to see what rules are included in the remediation operation and the targets where the operation runs.

Remediation without a deploy template

When setting up remediation without a deploy template, you specify locations to store BLPackages and jobs that are created automatically. The locations you choose are folders in TrueSight Server Automation. 

  1. For Depot Group, use the folder icon to navigate to a depot group that can store the BLPackage created for this remediation operation.
  2. For Job Group, use the folder icon to navigate to a job group that can store the job created for this remediation operation.
  3. Click Create to save the remediation operation so it can be run later (using the Remediation Options tab), or click Execute to save the remediation operation and run it immediately.
    You can also click the Patch Summary and Target Summary tabs to see what rules are included in the remediation operation and the targets where the operation runs.

Was this page helpful? Yes No Submitting... Thank you
Last modified by Sulekha Gulati on Feb 05, 2020

Comments

Log in or register to comment.

NSH Script results - Show Log tab
Patch Analysis results - Remediation Operations tab
© Copyright 2013 - 2019 BMC Software, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2024 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.