Working with operations

This topic provides instructions to add operations for remediating missing patches or vulnerabilities, and view the results after an operation is complete. 

To understand the concept of operations, see Operations

Adding an operation for missing patches

On the Operations page, click Add Operation, and do these steps: 

  1. Enter a unique operation name, and an optional description, and then click Next.
  2. On the Patch Selections page, do these steps: 
    1. Select a patch policy.
    2. To specify assets, do one of the following:
      • Select associated groups (server smart groups imported from the policy).
      • Select associated assets and then select individual assets.
  3. To specify reboot options for the assets, select one of the following options: 
    • Honor Patch Reboot Settings: Adheres to the reboot settings defined for the patch in the patch catalog
    • Do Not Reboot: Does not reboot automatically after installing the required patches
    • Reboot at the End: Reboots all assets after the operation is complete
  4. To specify a schedule for the operation, select one of the following options: 
    1. I will do it later
    2. Set a schedule
      1. Click the calendar icon in the Date and Time field, and specify the date and time. 
      2. Select the hours or minutes in the Staging field to specify a staging window. 
        A staging window determines the time before which the patches and payload data must be downloaded on the assets before running the remediation operation. Maximum limit is 24 hours.
    3. Execute now
  5. To configure notifications, select any of the following options: 
    • Send email to: Specify a comma-separated list of email addresses, and then select one or more of the following options: 
      • Select the status to send an email based on the operation status. 
      • Select Attach patch analysis results to the email, and then specify the email attachment size limit. 
      • Specify whether to send a list of assets where the operation failed. 
    • Send SNMP trap to: Specify a hostname or IP address of the server to notify the operation results and then select one or more status options when a notification should be sent.
  6. View the summary of options selected for the operation and save changes. 
    The operation runs according to the defined schedule. 

Adding a vulnerability operation

On the Operations page, click Add Operation, and do these steps: 

  1. Enter a unique operation name, and an optional description, and then click Next.
  2. Select Vulnerability Selections and do these steps: 

    • Enter a violation name, asset hostname or IP address, or a CVE ID, and click Search.
      Assets with vulnerabilities that are mapped to remediation content are displayed. 

      Can I perform a blank search?

      No. However, you can place your cursor in the search box, add a space, and click Search. All assets with vulnerabilities mapped to the remediation content are displayed.

    • Click Advanced Search and choose one or more of the following options:

      • Severity
      • Operating System
      • Asset
      • CVE ID
      • Scan File
      • Violation Name
        Assets with vulnerabilities that match the search results are displayed. 

      To view details about the vulnerabilities, expand the asset name. Vulnerability name, port, CVE IDs, severity, operating system, and the remediation type are displayed. 
      Vulnerability details.png

  3. To configure additional remediation options based on the remediation content, do these steps: 
    • If there are no configuration options, click Next
    • For a Deploy or a Patch type of operation, select one of the following options: 
      • Honor Patch Reboot Settings: Adheres to the reboot settings defined for the patch in the patch catalog
      • Do Not Reboot: Does not reboot automatically after installing the required patches
      • Reboot at the End: Reboots all assets after the operation is complete
  4. To specify a schedule for the operation, select one of the following options : 

    1. I will do it later
    2. Set a schedule
      1. Click the calendar icon in the Date and Time field, and specify the date and time. 
      2. Select the hours or minutes in the Staging field to specify a staging window. 
        A staging window determines the time before which the patches and payload data must be downloaded on the assets before running the remediation operation. 
    3. Execute now
  2. To configure notifications, select any of the following options: 
    • Send email to: Specify a comma-separated list of email addresses, and then select one or more of the following options: 
      • Select the status to send an email based on the operation status. 
      • Select Attach patch analysis results to the email, and then specify the email attachment size limit. 
      • Specify whether to send a list of assets where the operation failed. 
    • Send SNMP trap to: Specify a hostname or IP address of the server to notify the operation results and then select one or more status options when a notification should be sent.
  3. View the summary of options selected for the operation and save changes. 
    Depending on the remediation type such as NSH script, patch, or a deploy type, separate jobs are created in TrueSight Server Automation. For example, if the vulnerabilities require only an NSH script, and a deploy job, two separate operations are displayed on the Operations page. 

Viewing results for an operation

On the Operations page, do the following:

  1. Click the operation name.
    The Operation Run Results page shows the following details:
    • Date, time, and duration of the operation
    • Date, time, and status of the policy scan conducted as part of the operation (for a patch operation only)
    • Date, time, and status of the operation (for a vulnerability operation only)
    • Total number of assets on which the operation is performed, and their status
    • List of assets and the number of patches installed or missing on them (for a patch operation only)

    Are operation results displayed for all operations?

    No. Operation results are displayed for operations in a Success state.

  2. To view the list of patches installed for each asset, click the asset name (for a patch operation only).
    Operation run results.png
    The patch name and the status is displayed. You can view the patch severity for each patch. 
  3. To view detailed logs for an operation, click logs. 
    Detailed log messages with a timeline are displayed for each asset. 

Removing an operation

An operation can only be run once. You may want to remove operations periodically to ensure that your application does not contain irrelevant data.

On the Operations page, do the following:

  1. Select an operation and click Action > Remove.
  2. Click Continue.

 

  • 19.11
Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*