Using the Operations Analyzer to get insights into patching and compliance operations

As an operator with rights to analyze and create patching and compliance jobs, use the Operations Analyzer with Microsoft Teams, powered by BMC HelixGPT, to get insights into patching operations and compliance gaps without leaving the Teams interface.

By providing the AI-powered, real-time analytics in a conversational format, the agent helps you to make faster decisions, streamline operational planning, and consistently meet SLAs.

Preparing to use Operations Analyzer

Before you start using theOperations Analyzer, perform the following tasks:

Products	Task	Reference
TrueSight Server Automation	Enable the required REST settings so that TrueSight Server Automation can support Agentic AI–AI-based interactions. Log in to any TrueSight Server Automation Application Server host. Launch NSH and run the blasadmin command. At the blasadmin prompt, execute:set AppServer IsAgenticRestApiEnabled true Exit the blasadmin prompt. Restart all Application Servers of type All and Config. Important: Authorized roles are defined in the agenticAPI.allowedRoles property located at: <Application Server Installation Directory>/br/deployments/default/tomcat/webapps/rest/WEB-INF/classes/application.properties Any role requiring Agentic AI access must also be configured in the Connector configuration in the BMC Helix Automation Console.	Configuring the TrueSight Server Automation connector
BMC Helix Automation Console	The Operations Analyzer runs in BMC Helix Innovation Suite and communicates with TrueSight Server Automation via the BMC Helix Automation Console. To enable this integration, a connection must be established between BMC Helix Automation Console and the TrueSight Server Automation Application Server. To establish the connection, configure the TrueSight Server Automation connector in BMC Helix Automation Console. Important: The Role configured for the connector must be in the allowed list in TrueSight Server Automation. The introduction of the context removal feature requires additional access control. To use Operations Analyzer capabilities, users must be assigned the BLAdmins role.	Configuring the TrueSight Server Automation connector
BMC Helix Portal	By default, Agentic AI capabilities in BMC Helix Automation Console are disabled. To enable these capabilities for specific roles, assign the following permissions to them in BMC Helix Portal: Server Automation > Agentic AI Automations	Setting up roles and permissions
BMC Helix Innovation Suite	Obtain LLM connection details (endpoint URL, API key, and model ID) Register or update the LLM model in HelixGPT Agent Studio Verify the Model ID in the Operations Analyzer Agent configuration Verify the Model ID in the Operations Analyzer Skill configuration Confirm the same Model ID is used in both Agent and Skill Note: that Operations Analyzer returns up to 20 rows per query and retains the last 10 messages for context	Configuring settings to use the AI-powered capabilities in TrueSight Server Automation
BMC Helix Innovation Suite Microsoft Teams Microsoft Azure	Integrate TrueSight Server Automation with Microsoft Teams.	Integrating TrueSight Server Automation with Microsoft Teams for getting insights into patching operations

To access the chatbot in Microsoft Teams

Log in to Microsoft Teams and click the chatbot you want to access.
The administrator defines the chatbot name during the integration of TrueSight Server Automation with Microsoft Teams (step 5 in the Preparing to use Operations Analyzer section).
To get insights into patching operations, enter your questions, as shown in the following figure:
To get insights into compliance operations, enter your questions, as shown in the following figure:

For more examples of the questions you can ask, see the out-of-the-box sample questions.

Important:
There is no default name for the chatbot. The name is configured by the Administrator while creating it in Microsoft Teams. Check with your Administrator for details.

Scenario

Scenario of patch analysis with Operations Analyzer

Jim, an operator at Apex Global, is responsible for maintaining patching cycles and patch compliance across environments. He wants to identify the failed patch jobs and diagnose the root cause of errors from the latest patching cycle.

With the Operations Analyzer, Jim can access operational data instantly and conversationally through Microsoft Teams, view reports, and review job run logs, eliminating the need to log on to multiple consoles. Quick responses from the bot accelerate decision-making and help Jim maintain SLAs.

He starts with the following question from the Microsoft Teams bot:

Show all patching jobs executed in the last one week

He continues by asking a series of follow-up questions:

Which patching jobs failed in the last one week

Show the errors in job "Ubuntu 2404 Install Mode PAJ"

Against which targets did job "Ubuntu 2404 Install Mode PAJ" fail

Show the errors that occurred on server "ubuntu2404-comp-01" in job "Ubuntu 2404 Install Mode PAJ"

The following figure shows the sample response to the last question:

Scenario of analyzing compliance gaps with Operations Analyzer

Susan, an operator at Apex Global, is responsible for monitoring patch compliance across environments. He wants to identify the compliance gaps and diagnose the root cause of errors.

With the Operations Analyzer, Susan can access operational data instantly and conversationally through Microsoft Teams, view reports, and review job run logs, eliminating the need to log on to multiple consoles. Quick responses from the bot accelerate decision-making and help Susan maintain SLAs.

She starts with the following question from the Microsoft Teams bot:

Get me compliance job names which are run in last 7 days.

She receives the following response:

She asks a series of follow-up questions:

Get me non compliant count per rule for the last job run of each compliance job.

What is the template name for <job name>.

Get me server names that have non-compliant rule for compliance template <template name>.

Get me compliance failure drill-down for all compliance templates.

The following figure shows the sample response to the last question:

Susan uses the data to make faster decisions, streamline operational planning, and consistently meet SLAs.

Operations Analyzer capabilities

Capability	Description	Benefits
Context retention	Operations Analyzer retains conversational context within a session to enable natural, progressive interactions. The system interprets follow-up queries without requiring users to repeat previously provided information by using earlier questions and responses as conversational knowledge. For example, if a user requests a list of patching jobs and then asks, “Which targets failed?”, the system recognizes the second query as related to the initial request and responds appropriately. Important: If you change the subject or start a new line of inquiry, it is recommended to clear the previous conversation context to avoid unintended responses. To reset the session, send /clear in the chat.	Eliminates repetitive input. Improves task efficiency. Provides a streamlined conversational experience for patching insights and analysis.
Intermediate agent system messages	Operations Analyzer displays intermediate system messages in Microsoft Teams to provide real-time visibility into background processing while a query is being handled. These system-generated updates confirm that the agent has received the request and is performing tasks such as interpreting the question, validating context, building or refining a database query, and preparing the final response. Instead of appearing idle, the agent displays progress indicators (for example, Analyzing your request).	Improves transparency during query execution. Reduces user uncertainty. Creates a more interactive and responsive conversational experience.
Server property-based queries	Operations Analyzer enables server property-based queries by using attributes stored in the TrueSight Server Automation environment. The agent can access server metadata such as host name, IP address, operating system, domain name, and other administrative properties, allowing users to retrieve data based on these attributes. Example queries include “List all Linux servers” and “Show me all servers located in Pune.”	Provides precise filtering capabilities. Enables targeted data exploration. Reduces the need to navigate multiple UI screens.

Best practices for using Operations Analyzer

The following table puts the best practices that you should follow when asking questions in Microsoft Teams to get the desired out:

Best practice	Poor question example	Improved question example
Enclose the object names, such as jobs and catalogs, in double quotation marks.	Show job status for rhel10 prod job.	Show job status for "rhel10 prod" job
	What is the status of daily rhel 10 patch analysis job?	What is the status of "daily rhel 10 patch analysis" job?
Clearly state the metrics.	Show patch data.	Show missing patches by server.
	List failed jobs.	List patch job names that failed in the last 2 days.
	For job "rhel10", show the status of all targets.	For job "rhel10", name non-successful targets.
Specify filters explicitly.	Show missing patches.	Show missing patches for Windows servers.
Specify filters explicitly.	List job runs.	List jobs executed in the last 30 days.
Always include a date range for the recent or historical data.	Show recent jobs.	Show jobs run in the last week.
	List old patches.	List patches missing since January 2024.
Specify aggregations explicitly (for example, totals, averages, and counts).	How many jobs?	For each job executed in the last 10 days, provide the count of successful and failed servers.
	Show run times.	What is the average run time for the patching job "rhel10"?
Do not use ambiguous terms, for example, recent.	Show good servers.	Show servers with Patch Compliance Status = Compliant.
Do not use ambiguous terms, for example, recent.	List recent errors.	List error logs for job "rhel10".
Limit one question to one metric.	Show missing patches and server details, and error logs.	Show missing patches for server "aud-pun-10".
Limit one question to one metric.	List jobs and compliance status.	List patch jobs with their compliance status.
Avoid asking out-of-scope actions.	Add a new column to the schema. Predict future patch failures.	No good version; schema changes are out of scope. No good version; predictive analytics are out of scope.
Use business terms from the schema.	Show stuff about compliance for server "aus-pun-10".	Show Patch Compliance Status for server "aus-pun-10".
Use business terms from the schema.	List patch info.	List Missing Patch Details for Windows servers.
State the output format if needed	Show patch jobs.	Show patch jobs grouped by their status as a table.
Avoid SQL or any other technical jargon	SELECT * FROM patching summary table where STATUS = "Failed";	Show all failed patch job runs.
	Write a query to get missing patches for the Windows server "win-aus-10".	Show missing patches for server "win-aus-10".
	SELECT errors FROM error log table WHERE error message is not null for server"'aus-pun-1" in job "rhel10"	From Job "rhel10", show the errors that occurred for server "aus-pun-10".

Out-of-the-box sample questions

Ask any of the following out-of-the-box questions in Microsoft Teams to get insights into patching operations and compliance:

Sample questions for patching operations

Category	Purpose	Sample questions
Patch job summary	Assess patching activity, coverage, and efficiency.	Which patch jobs ran in the last 30 days? Which targets were included in a "Win2019 Complete Patch Analysis" patch job? What is the average time to patch all machines?
Missing patches	Identify patch compliance gaps.	Which servers are missing critical or security patches? What are the top 10 most missing patches across servers for "RHEL Errata Patch Analysis Job" job? Which patches are missing on more than 50% of servers in the last job run for Windows?
Patch compliance and trends	Evaluate patch compliance trends and measure improvement over time	What is the patch compliance trend/health over the last 3 months for a Patch Job "RHEL Errata Patch Analysis Job"? What is the patch compliance trend over the last 30 days for Windows patch jobs? How has patch compliance improved since the last run based on Windows OS?
Failure drill-down	Identify recurring patching failures and highlight high-risk targets	Which targets have repeated patching failures? Can I get a summary of all failed patch attempts this month? Share a summary for servers where patching failed more than twice.
Patch job execution metrics and trends	Identify performance bottlenecks in patch analysis	Which servers consistently take the longest time for patch analysis? Which jobs consistently take the longest time for patch analysis?
Patch job and target group insights	Analyze patching coverage and scheduling patterns	Which servers are most often patched together? Are there any targets not included in any patch job? Which servers are overdue for patching?

Sample questions for compliance jobs

Category	Purpose	Sample questions
Root cause analysis	Identify the exact cause of non-compliance	Why is <server name> non-compliant on <Compliance Job name>? Why did <rule name> fail on <server name> on <Compliance job name>? Why did <server name> fail in the last run of <compliance job name>? Get me rule names which are non compliant in compliance job <Compliance Job Name>. Ignore the rule names if it is compliant at least one server
Failures	Identify compliance job failures	Get me all target names from the compliance jobs which are completed with warnings in latest run. Get me the top 20 server names with highest non-compliant count across compliance jobs Get me compliance job names which are run in last 7/15/30/60 days.
About remediating compliance gaps	Evaluate the requirements for manual and automatic remediations and analyze the results	Which servers remain non-compliant because rules require manual remediation? For <server name>, which failures were fixed automatically and which still require human action?
Grouping or Pattern analysis	Identify compliance gaps across server groups	Which servers failed the same rule(s) in the last <compliance job name>run? Get me the servers which are Non compliant for the rule "<Rule Name>" in <Compliance Job Name>
Trends and reporting	Evaluate compliance job trends	What is the compliance-job compliance trend based on policy/rule results over the last 90 days? only the most recent run for each compliance job within that 90-day window?
Prioritization recommendations	Identify critical compliance gaps for prioritized remediation	Which failing rules should I fix first to achieve compliance on the most servers? Identify the top 5 rules blocking compliance on multiple servers from all compliance jobs. This means the rules with the highest count of non-compliant servers in the latest run(s)? Which single rule gives the largest compliance boost across the environment?
Impact analysis	Analyze the impact of rules on compliance	If rule <Rule name>is updated, how many servers will break? assess across all CIS compliance runs in the latest job run? treat “will break” as the number of servers that are currently compliant for this rule in the latest job runs

Server properties

Operations Analyzer uses server properties from TrueSight Server Automation (TSSA) to filter and retrieve relevant data. These properties describe managed servers, such as host name, operating system, location, and environment. When you ask a question in Microsoft Teams, the Operations Analyzer agent uses these properties to narrow results and return accurate, targeted information. The following table lists the server properties that can be used in queries.

Property Name	Description
NAME	Human-readable name of the server.
HOST	Hostname of the server.
OS_NAME	The category of the operating system installed on the server.
OS_RELEASE	Release number of the installed operating system.
OS_VENDOR	Vendor or provider of the operating system.
OS_VERSION	Operating System version.
PLATFORM_NAME	Platform type of the server.
IP_ADDRESS	IP address assigned to the server.
DATE_CREATED	Date when the server was first added to the system.
DATE_MODIFIED	Date when the server metadata was last updated.
STAGING_DIR	Path name to the staging directory used by the agent on the server.
SUBNET_MASK	Subnet mask of the server’s IP configuration.
DESCRIPTION	Description or notes related to the server or its RSCD agent.
AGENT_MAJOR_VERSION	Major version of the RSCD agent installed on the server.
AGENT_MINOR_VERSION	Minor version of the RSCD agent installed on the server.
AGENT_PATCH_VERSION	Patch version of the RSCD agent installed on the server.
AGENT_BUILD_VERSION	Build number of the RSCD agent installed on the server.
AGENT_STATUS	Current status of the RSCD agent on the server. For example, "agent is alive", "agent is not responding."
AGENT_STATUS_REASON	If the current Agent Status is 'agent is not responding', this property provides the reason or cause of the issue
CUSTOMER	Customer or tenant to which the server belongs
ENVIRONMENT	Name of the environment the server is in. For example, Production, QA, and Development.
FQ_HOST	Fully qualified host name (FQDN) of the server.
IS_PENDING_REBOOT	Indicates whether the server requires a reboot to complete the patching process.
PHYSICAL_LOCATION	Physical or geographic location of the server.
RSCD_DIR	Installation directory path of the RSCD agent on the server.