Creating a vulnerability remediation operation to trigger an automation policy in BMC Helix Intelligent Automation

This topic provides instructions on adding operations for remediating vulnerabilities by using automation platforms other than TrueSight Server Automation, such as Ansible.

After integrating with BMC Helix Intelligent Automation, you as a DevOps Engineer, can create a vulnerability remediation operation in BMC Helix Automation Console and an automation policy in BMC Helix Intelligent Automation with defined trigger conditions. When you execute the vulnerability remediation operation, it triggers the automation policy and the selected vulnerabilities are remediated.

Before you begin

Make sure that you create an automation policy in BMC Helix Intelligent Automation. For more details, see the To create a policy for remediating vulnerabilities by using Ansible Automation Platform section in Remediating-vulnerabilities-in-BMC-Helix-Automation-Console.

To add a vulnerability remediation operation

On the Operations page, click Add Operation, and perform the following steps:

Enter a unique operation name, and an optional description, and then click Next.
The operation name must always be unique (up to 150 characters), even if users with different roles create it.
In the Vulnerability Selections section, you can either enter a search term or use Advanced filter to select vulnerabilities.
Results from only the latest search are selected for the operation. Use any of the following search options to select the vulnerabilities to remediate:
- Enter a vulnerability name, asset host name or IP address, or a CVE ID, and click Search.
  Assets with vulnerabilities are displayed and selected in the operation. You can also place your cursor in the search box, add a space, and click Search. All assets with vulnerabilities are displayed.
- Click Advanced filter, select the required filters, and click Done.
  Assets with vulnerabilities that match the search results are displayed and selected in the operation. Expand the asset name to view details about the vulnerabilities.
In the Remediation Options section, enter additional parameters for vulnerability remediation. These parameter values are recognized by the Ansible playbook when the automation policy is triggered in BMC Helix Intelligent Automation.
In the Maintenance Schedule section, select a schedule to execute the remediation operation:
- I will do it later
- Execute now
Review the summary of options selected for the operation and click Save.

To view operation results

On the Operations page, click the operation name.
The Operation Run Results page displays the total number of assets on which the operation is performed and their status.
On the Operation Run Results page, click an asset name.
The Remediation Status page displays the vulnerability names and their status.
On the Remediation Status page, click a vulnerability name.
The Remediation Results page displays the results of the triggered automation policy and the remediation output received from the automation platform.

To search for an operation, enter the operation name in the search box. The relevant results are displayed.

To remove an operation

You can run a vulnerability remediation operation only once. You must periodically remove operations to make sure that your application does not contain irrelevant data.

On the Operations page, perform the following steps:

Select the operation that you want to remove, click Action, and then click Remove.
Click Continue.

Where to go from here

When you execute the vulnerability remediation operation, the created automation policy is triggered in BMC Helix Intelligent Automation and the selected vulnerabilities are remediated by using the Ansible automation platform. To view the status or other details of the policy run, go to the History page. For more information, see Viewing automation policy runs history.