Closed Loop Server Audit module

Before you can use the Closed Loop Server Audit module to track the remediation of audit discrepancies (see Ticketing-policy-violations-and-documenting-automatic-remediation), you must ensure that the module is properly integrated to work with the TrueSight Server Automation and BMC Remedy ITSM systems.

Tips for configuring the Closed Loop Server Audit module
Runbook Defaults configuration for Closed Loop Server Audit
Incident, Change, and Task default configuration for Closed Loop Server Audit
Default User configuration group for Closed Loop Server Audit
Configuration Management group for Closed Loop Server Audit
Sample xml for Closed Loop Server Audit configuration items

Tips for configuring the Closed Loop Server Audit module

If the Audit Job takes more than 5 minutes to complete, the workflow process times out. To increase the time-out period, you can add the <timeout> parameter to the BL_Connection_Details configuration item in the Runbook Defaults configuration group. See Runbook Defaults configuration for Closed Loop Server Audit.
When setting up the Remediation_Job_Delimiter configuration item in the Runbook Defaults configuration group, ensure that you are not using any special characters (such as hyphens or vertical bars) that are used in the host name string. The workflows us this delimiter to extract the Change ID from the job name, so the delimiter forms a crucial differentiation factor to determine where the host name ends and where the Change ID starts in the remediation job name.
TrueSight Orchestration leverages the TrueSight Server Automation CopyJob feature in the BMC Continuous Compliance for Servers run books where two or more non-compliant servers are verified simultaneously through a TrueSight Server Automation job. For that, TrueSight Orchestration creates a copy of the verification job and runs it. In earlier versions, TrueSight Server Automation did not support simultaneous running of verification jobs.
To configure this module, you must specify the TrueSight Server Automation version and destination directory of the verify job in the Closed Loop Server Audit - Runbook Default configuration.

Note

The format of the verify job name created by TrueSight Orchestration is TargetBoxName-AO-ChangeID-AO-EpocTimenow. The value -AO- in the j ob-name-format is the delimiter which is used from the existing module configuration element <Remediation_Job_Delimiter>.

Runbook Defaults configuration for Closed Loop Server Audit

The values in the Runbook Default configuration items must match the values of the component template and Audit job in your TrueSight Server Automation system. The following table lists these configuration items.

Configuration Item	Description
BladeLogic_Trap_Mappings	An XML structure that holds the TrueSight Server Automation trap mappings. See Sample xml for Closed Loop Server Audit configuration itemsfor details.
BL_Connection_Details	An XML structure that holds the TrueSight Server Automation adapter name. <connection-details> <adapter-name>BladeLogic Adapter</adapter-name> <timeout>TIMEOUT_IN_SECONDS</timeout> </connection-details> You may have more than one connection. If so, update the xml for the BL_Connection_Details_Instance_2 configuration item. For information about activating two instances of the TrueSight Orchestration application adapter for TrueSight Server Automation, see Troubleshooting the Continuous Compliance for Servers run book when the BladeLogic adapter is enabled in the BLCLI tunneling mode in the TrueSight Orchestration documentation. Note: If the Audit Job takes more than 5 minutes to complete, the process times out. To increase the time-out period, adjust the <time-out> parameter.
Export_Path	A string value that holds the directory name that must exist on the TrueSight Server Automation adapter peer where the CSV file of Audit job results is stored. This path does not contain the file name. Change this value based on your environment. For example, C:\temp
File_Connection_Details	An XML structure that holds the values needed to make a File adapter request to read exported job results on the peer running the TrueSight Server Automation adapter. Enter the name of the File adapter in the <adapter-name> field. This adapter is used for reading the exported Audit Job results. Ensure that the host name element matches the host name of the peer running the TrueSight Server Automation adapter. <ConnectionDetails> <invocation-mechanism>command-line</invocation-mechanism> <adapter-name>FileAdapter</adapter-name> <hostname>172.21.124.89</hostname> <username /> <password /> <timeout>120</timeout> <prompt /> <allow-unknown-hosts>true</allow-unknown-hosts> </ConnectionDetails>
Package_Group_Name	A string value that holds the TrueSight Server Automation Depot folder structure which contains the BLPackages used to remediate Audit discrepancies. For example, /Closed Loop Remediation/Audit
bSoftLinked bCollectFileAcl bCollectFileAttributes bCopyFileContents bCollectRegistryAcl blcli_tunneling isSimulateEnabled isCommitEnabled isStagedIndirect	These parameters are used to create the remediation job. Allowed values: true and false. Note For information about enabling the TrueSight Server Automation adapter in BLCLI tunneling mode, see Troubleshooting the Continuous Compliance for Servers run book when the BladeLogic adapter is enabled in the BLCLI tunneling mode in the TrueSight Orchestration documentation.
Remediation_Job_Group	A string value that holds the TrueSight Server Automation Job folder structure which contains the newly created remediation job to remediate Audit discrepancies. For example, /Remediation/Audit
SNMP_Target	IP address of the computer of the TrueSight Orchestration peer running an SNMP Monitor adapter on the grid. Jobs executed on TrueSight Server Automation that require SNMP Trap notification back to TrueSight Orchestration use this value for the Job Run Notification SNMP properties.
Default_TimeZone	This field is used to convert the Scheduled start date (the date found in BMC Remedy ITSM Change) to TrueSight Server Automation specific date and time for the creation of the remediation job. Best practice is to keep TrueSight Orchestration, BMC Remedy AR System and the TrueSight Server Automation Application Server all on the same time zone setting. Time zones are interpreted as text if they have names. For time zones representing a GMT offset value, the following syntax is used: GMTOffsetTimeZone: GMT Sign Hours : Minutes Sign: one of + - Hours: Digit Digit Digit Minutes: Digit Digit Digit: one of 0 1 2 3 4 5 6 7 8 9 Note: Hours must be between 0 and 23, and minutes must be between 00 and 59. The format is locale independent and digits must be taken from the Basic Latin block of the Unicode standard. For example, GMT-4:00 You must add or subtract one hour every six months to adjust the time for Daylight Savings Time.
Jobs	An XML structure that contains a list of Audit Jobs that TrueSight Orchestration manages. Multiple job elements are allowed, and a job might contain multiple template elements. The elements job-group and group represent folder names within TrueSight Server Automation. Elements job-name and name represent job and component template names. <jobs><job> <job-group>/Closed Loop Folder/CLSA</job-group> <job-name>audit job</job-name> <templates><template> <group>/CLSA</group> <name>CLSA Template</name> </template></templates> </job> </jobs> Note: Server-based Audit jobs are not supported.
Remediation_Job_Delimiter	A string value that holds the delimiter used to separate the data values that are concatenated to build Job names within TrueSight Server Automation. This delimiter should be a character or a group of characters that can be a part of a Server name, IP address, ITSM Change request ID, a timestamp, or epoch date. It must be unique enough so it does not appear in a host or job name.
BL_Properties	For the Remediation_Job_Change_Ticket_Property entry, enter the name of the Property created for the Deploy and Batch Job types in TrueSight Server Automation. This is required for the remediation and verification stage in TrueSight Orchestration. Enter the name of the Custom Property added to the Jobs in the TrueSight Server Automation Custom Dictionary dialogue window, as described in Creating new job properties for Closed Loop Server Audit and Closed Loop Server Compliance. For example, CHANGE TICKET ID.
Destination_Verify_Job_ Group	A string value that holds the TrueSight Server Automation Job folder structure which contains the copy of the verification job that ensures that the Audit discrepancies have been remediated. For example, /Remediation/Verify/Audit
BL_Version	You can have multiple versions of the TrueSight Server Automation Console installed and as a result you might have multiple BL_Version configuration items. For example, you might have both versions 8.0 and 8.1 of the console installed on a particular computer. This configuration item specifies the version and location of the TrueSight Server Automation Console that is launched from the Task ticket in BMC Remedy ITSM. Update the following items: Version — Enter the version number for the console. For example, 8.2. Windows — If the console is installed on a Microsoft Windows system, enter the console executable path. For example, C:\Program Files\BMC Software\Bladelogic\CM\rcp UNIX — If the console is installed on a UNIX system, enter the console executable path. For example, /opt/bmc/BladeLogic/CM/rcp

Incident, Change, and Task default configuration for Closed Loop Server Audit

The values in the Incident, Change, Task, and Configuration management configuration groups must match the values of the incident, change and tasks templates you configured in BMC Remedy ITSM.

Incident Management configuration group

The following table lists the Incident Management configuration items.

Configuration Item	Description
Platform	Name of the incident platform as seen in the Incident Management module configuration. For example, BMC_AR_System
Incident_Template_Name	Name of the BMC Remedy ITSM incident template used to create an incident in the target BMC Remedy ITSM instance. For example, BladeLogic Audit Inconsistency Incident Template.
Default_Status	Status of the incident when created. By default, the value is set to In Progress.
Default_Service_Type	Service type of the incident when created. By default, the value is set to Infrastructure Event.
Default_Impact	Impact type of the incident when created. By default, the value is set to 3-Moderate/Limited.
Default_Urgency	Urgency level of the incident when created. By default, the value is set to 3-Medium.
Default_Reported_Source	Reported Source of the incident when created. By default, the value is set to Systems Management.
Default_Status_Reason	Status Reason of the incident when created. By default, the value is set to Infrastructure Change.

Change Management configuration group

The following table lists the Change Management configuration items.

Configuration Item	Description
Platform	Name of the Change platform as seen in the Change Management module configuration. For example, BMC_AR_System
Change_Template_Name	Name of the BMC Remedy ITSM Change template used to create a Change in the target BMC Remedy ITSM instance. For example, BladeLogic Audit Change Template.
Default_Status	Status of the change when created. By default, the value is set to Draft.
Default_Change_Type	Type of change. By default, the value is set to Change.
Default_Impact	Impact type of the change when created. By default, the value is set to 3-Moderate/Limited.
Default_Risk_Level	Risk level of the change when created. By default, the value is set to Risk Level 2.
Default_Timing	Timing value of the change when created. By default, the value is set to Normal.
Default_Urgency	Urgency level of the change when created. By default, the value is set to 3-Medium.
Date_Format	Date format used to convert TrueSight Server Automation specific date format to the BMC Remedy ITSM epoch date.

Task Management configuration group

Update the Platform configuration item to match the name of the incident platform as seen in the Incident Management module configuration (for example, BMC_AR_System ).

Default User configuration group for Closed Loop Server Audit

The following table lists the Default User configuration items.

Configuration Item	Description
Enable	A string value that determines whether user authentication is enabled in the current BMC Remedy ITSM environment. Allowed values: true and false. It is recommended to set this value to true.
Platform	Name of the authentication platform. For example, BMC_AR_System
Schema	BMC Remedy ITSM schema used for user identification. For example, CTM: People.
Adapter	Name of the BMC Remedy Actor adapter configured on the grid. For example, ARSAdapter.
Version	Version of BMC Remedy ITSM used for user authentication.
Authentication_Query_ Mappings	The mappings used in the authentication query. Do not modify this field. The field is populated by the information provided in the other fields of this configuration group. <mappings> <person-id type="int">Person ID</person-id> <first-name type="string">First Name</first-name> <last-name type="string">Last Name</last-name> <company type="int">Company</company> <login-id type="string">Remedy Login ID</login-id> </mappings>
Note: For the following fields, use the same information you entered when you created the BMC Remedy ITSM user account on _Creating and configuring BMC Remedy ITSM user accounts for continuous compliance use cases.
Username	A string value that matches the name of a valid logon ID in BMC Remedy ITSM. For example, orchestrationuser.
Default_First_Name	First name as seen in BMC Remedy ITSM instance for the given user name. For example, BladeLogic.
Default_Last_Name	Last name as seen in BMC Remedy ITSM instance for the given user name. For example, Orchestration User.
Default_Company	Company name as seen in BMC Remedy ITSM instance for the given user name. For example, Calbro Financial Services.
Default_Company_Location	Company location as seen in BMC Remedy ITSM instance for the given user name. For example, Calbro Financial Services.

Configuration Management group for Closed Loop Server Audit

The following table lists the Configuration Management configuration items.

Configuration Item	Description
Enable	Indicates if BMC Atrium CMDB access is enabled in the current BMC Remedy ITSM environment. Set this value to true only if CI information is present with BMC Remedy AR System and/or the BMC Atrium CMDB for servers being managed by TrueSight Server Automation. Allowed values: true and false.
Platform	Name of the BMC Atrium CMDB platform as seen in the Configuration Management module configuration. For example, BMC_AR_System.
Server_Class_Name	Name of the server class used to retrieve the relevant Configuration Item information. For example, BMC_ComputerSystem.
BL_Atrium_ Integration_ Enabled	Specifies how the configuration items are retrieved through TrueSight Server Automation Integration for Atrium. A value of true retrieves the configuration items using the CDMachineID. A value of false retrieves the configuration items using the CI name.
BL_Server_Class_ Name	Name of the server class used to retrieve the relevant Configuration Item information. For example, BMC_ComputerSystem.
BL_ComputerSystem_ Mappings	Specifies the mappings between the configuration item name and the display name. See BL_ComputerSystem_Mappings xml for Closed Loop Server Audit.

Sample xml for Closed Loop Server Audit configuration items

BladeLogic_Trap_Mappings xml for Closed Loop Server Audit

<bladelogic-trap-mappings>
<enterprise>bladelogic</enterprise>
<generic-trap-type>6</generic-trap-type>
<specific-trap-type>trapJobCompletion</specific-trap-type>
<jc-job-name>.1.3.6.1.4.1.12788.1.1.1</jc-job-name>
<jc-start-time>.1.3.6.1.4.1.12788.1.1.2</jc-start-time>
<jc-end-time>.1.3.6.1.4.1.12788.1.1.3</jc-end-time>
<jc-overall-status>.1.3.6.1.4.1.12788.1.1.4</jc-overall-status>
<jc-exit-code>.1.3.6.1.4.1.12788.1.1.5</jc-exit-code>
<jc-group-id>.1.3.6.1.4.1.12788.1.1.6</jc-group-id>
<jc-run-id>.1.3.6.1.4.1.12788.1.1.7</jc-run-id>
<jc-type-id>.1.3.6.1.4.1.12788.1.1.8</jc-type-id>
<ar-cons-type>.1.3.6.1.4.1.12788.1.2.1</ar-cons-type>
<ar-obj-type>.1.3.6.1.4.1.12788.1.2.2</ar-obj-type>
<ar-os-type>.1.3.6.1.4.1.12788.1.2.3</ar-os-type>
<cr-cons-type>.1.3.6.1.4.1.12788.1.5.1</cr-cons-type>
<cr-template-name>.1.3.6.1.4.1.12788.1.5.2</cr-template-name>
<cr-rule-name>.1.3.6.1.4.1.12788.1.5.3</cr-rule-name>
<at-user-name>.1.3.6.1.4.1.12788.1.3.1</at-user-name>
<at-host-name>.1.3.6.1.4.1.12788.1.3.2</at-host-name>
<at-command-string>.1.3.6.1.4.1.12788.1.3.3</at-command-string>
<at-time-occurred>.1.3.6.1.4.1.12788.1.3.4</at-time-occurred>
<rat-date>.1.3.6.1.4.1.12788.1.4.1</rat-date>
<rat-role-name>.1.3.6.1.4.1.12788.1.4.2</rat-role-name>
<rat-user-name>.1.3.6.1.4.1.12788.1.4.3</rat-user-name>
<rat-object-type>.1.3.6.1.4.1.12788.1.4.4</rat-object-type>
<rat-object-name>.1.3.6.1.4.1.12788.1.4.5</rat-object-name>
<rat-authorization-action>.1.3.6.1.4.1.12788.1.4.6</rat-authorization-action>
<rat-action-status>.1.3.6.1.4.1.12788.1.4.7</rat-action-status>
<rat-message>.1.3.6.1.4.1.12788.1.4.8</rat-message>
</bladelogic-trap-mappings>

BL_ComputerSystem_Mappings xml for Closed Loop Server Audit

<mappings>

<asset-class type="enum-value">AssetClass</asset-class>
<assigned-to type="string-value">AssignedTo</assigned-to>
<creation-date type="time-value">CreateDate</creation-date>
<dataset-id type="string-value">DatasetId</dataset-id>
<description type="string-value">Description</description>
<disposal-date type="time-value">DisposalDate</disposal-date>
<domain type="string-value">Domain</domain>
<floor type="string-value">Floor</floor>
<hostname type="string-value">HostName</hostname>
<id type="string">RequestId</id>
<installation-date type="time-value">InstallationDate</installation-date>
<instance-id type="string">InstanceId</instance-id>
<ip-address type="string-value">LogicalID</ip-address>
<item type="string-value">Item</item>
<last-modified-by type="string-value">LastModifiedBy</last-modified-by>
<logs type="diary-value">MaintenanceLog</logs>
<manufacturer type="string-value">ManufacturerName</manufacturer>
<model type="enum-value">Model</model>
<modified-date type="time-value">ModifiedDate</modified-date>
<name type="string-value">Name</name>
<notes type="diary-value">Notes</notes>
<order-id type="string-value">OrderID</order-id>
<owner type="string-value">OwnerName</owner>
<part-number type="string-value">PartNumber</part-number>
<product-category type="enum-value">AcquiredMethod</product-category>
<purchase-date type="time-value">PurchaseDate</purchase-date>
<received-date type="time-value">ReceivedDate</received-date>
<reconciliation-id type="string-value">ReconciliationIdentity</reconciliation-id>
<region type="string-value">Region</region>
<requisition-id type="string-value">RequisitionID</requisition-id>
<room type="string-value">Room</room>
<schedule-type type="enum-value">ScheduleType</schedule-type>
<serial-number type="string-value">SerialNumber</serial-number>
<short-description type="string-value">ShortDescription</short-description>
<site type="string-value">Site</site>
<status type="enum-value">AssetLifecycleStatus</status>
<submitter type="string-value">Submitter</submitter>
<supplier type="string-value">SupplierName</supplier>
<supported-by-service type="string-value">Supported</supported-by-service>
<system-role type="string-value">SystemRole</system-role>
<tag-number type="string-value">TagNumber</tag-number>
<total-physical-memory type="string-value">TotalPhysicalMemory</total-physical-memory>
<type type="enum-value">Type</type>
<unit-price type="string-value">UnitPrice</unit-price>
<urgency type="enum-value">Urgency</urgency>
<users-affected type="string-value">UsersAffected</users-affected>
<version type="string-value">VersionNumber</version>
<cd-machine-id type="string-value">CDMachineID</cd-machine-id>
</mappings>