Operations

Operations perform corrective actions on assets in your environment to remediate missing patches and vulnerabilities.

Patch operation

When you create a patch policy in TrueSight Automation Console, a Patch Analysis Job is created in TrueSight Server Automation. This job scans the servers in your environment and finds missing patches, which are reported on the Risks > Missing Patches page. You can then create a patch remediation operation in the Automation Console that creates a Patch Analysis Remediation Job in Server Automation. This job installs missing patches on the selected assets.

After the patch policy scan is completed, you create a remediation operation for the missing patches identified on the assets. If the selected remediation content is also applicable to the vulnerabilities found on the same assets, then both the missing patches and vulnerabilities get remediated. This ensures noise reduction for missing patches.

When you create an operation, a pre-analysis, deploy, and post-analysis job is executed in Server Automation.

Vulnerability operation

When you import a vulnerability scan file in the Automation Console, assets and vulnerabilities appears on the Assets > Scanned Assets and Risks> Vulnerabilities page respectively. To remediate vulnerabilities, assets must be mapped to an endpoint in the endpoint manager, and vulnerabilities must be mapped to remediation content. When you import a scan file, assets and vulnerabilities are usually automatically mapped depending on the catalogs imported in Automation Console. If they are not automatically mapped, you must manually map assets, and vulnerabilities.

You can then create a vulnerability remediation operation, which performs the action as per the remediation content mapped for the vulnerabilities. When you create an operation, depending on the remediation content mapped to the vulnerabilities, a Patch, NSH, or a Deploy type of jobs are created in Server Automation.

When you create a vulnerability operation, all vulnerabilities that are mapped to a common remediation content impacting the same asset are resolved. After the operation is successful, these vulnerabilities are closed and no longer appear in the Risks > Vulnerabilities list. If vulnerabilities mapped to the same remediation content are a part of a different operation, scheduled at a later period, those vulnerabilities are also remediated and closed.

Note

You can create an operation using all the available options. However, to configure notification options, you must configure a mail server in Server Automation. SeeConfiguring a mail server in TrueSight Server Automation.

When you import a scan file, after the vulnerabilities get auto-mapped, these are ready to be remediated. When you create a remediation operation for the vulnerabilities on the scanned assets, if the selected remediation content is also applicable to the missing patches identified on the same set of assets, then both the vulnerabilities and the missing patches get remediated. This ensures noise reduction for vulnerabilities.

Change automation

If an administrator has configured change automation in your environment, depending on the configuration, you can create a change request for a vulnerability or a patch operation in BMC Remedy IT Service Management.

After the change request is approved, the operation runs as per the defined schedule. After the operation is successful, the change request is updated and closed. You can view the status of the change request on the Operations page.

Based on your organization's needs, administrator can make change request creation mandatory, or optional. If it is mandatory, you must select the change request values to create a change for this operation. If optional, you can skip change creation and create an operation without a change tracking process.

For more information, see Change-automation.

Where to go from here

To add, edit, and remove an operation, and to view the operation results, see Working-with-operations.