Creating a vulnerability remediation operation to use an Ansible job template

Related topics

As a DevOps Engineer, you can create operations to remediate vulnerabilities by using automation platforms other than TrueSight Server Automation, such as Ansible. After integrating with BMC Helix Intelligent Automation, create a vulnerability remediation operation in BMC Helix Automation Console that triggers an Ansible job template to remediate vulnerabilities in your infrastructure. This approach lets you use your existing Ansible-based automation workflows for remediation, saving the need to redesign remediation operations.

Before you begin

Make sure you perform the following prerequisite tasks:

Create an organization, credentials, and inventory in Ansible Automation Platform.
Create an Ansible job template to remediate vulnerabilities.
Configure the Ansible Automation Platform connector in BMC Helix Intelligent Automation.
Integrate BMC Helix Automation Console with BMC Helix Intelligent Automation.
Create and enable a project-level notification webhook in Ansible Automation Platform.
Map vulnerabilities against an Ansible job template in BMC Helix Automation Console.

For more information, see Remediating vulnerabilities by using the Ansible Automation Platform.

To add a vulnerability remediation operation

On the Operations page, click Add Operation, and perform the following steps:

On the Operations page, click Add Operation, and select the Remediation Tool.
The displayed options are according to the endpoint manager configured in your system.
Select IA as the remediation tool to remediate vulnerabilities by using Ansible job templates.
Enter a unique operation name and an optional description, and then click Next.
The operation name must always be unique (up to 150 characters), even if users with different roles create it.
In the Vulnerability Selections section, either enter a search term or use Advanced filter to select vulnerabilities.
Only the latest search results are selected for the operation. Use either of the following search options to select the vulnerabilities to remediate:
- Enter a vulnerability name, asset host name or IP address, or a CVE ID, and click Search.
  Assets with vulnerabilities are displayed and selected in the operation. You can also place your cursor in the search box, add a space, and click Search. All assets with vulnerabilities are displayed.
- Click Advanced filter, select the required filters, and click Done.
  Assets with vulnerabilities that match the search results are displayed and selected in the operation. Expand the asset name to view details about the vulnerabilities.
In the Remediation Options section, select the Configuration Script Parameter link against the required remediation template. Edit the values of the additional parameters for vulnerability remediation.
In the Maintenance Schedule section, select a schedule to execute the remediation operation:
- I will do it later
- Execute now
Review the summary of options selected for the operation and click Save.

To view operation results

On the Operations page, click the operation name.
The Operation Run Results page displays the total number of assets on which the operation is performed and their status.
On the Operation Run Results page, click an asset name.
The Remediation Status page displays the names of vulnerabilities and their status.
On the Remediation Status page, click a vulnerability name.
The Remediation Results page displays the results of the triggered job and the remediation output received.

To search for an operation, enter the operation name in the search box. The relevant results are displayed.

To remove an operation

You can run a vulnerability remediation operation only once. You must periodically remove operations to make sure that your application does not contain irrelevant data.

On the Operations page, perform the following steps:

Select the operation that you want to remove, click Action, and then click Remove.
Click Continue.