Remediating vulnerabilities in BMC Helix Automation Console

The benefits include:

• Ability to remediate vulnerabilities even if TrueSight Server Automation is restricted on cloud devices due to corporate policy.
• Ability to remediate vulnerabilities even if TrueSight Server Automation does not have the remediation for newly discovered vulnerabilities.

Scenario

Workflow for remediating vulnerabilities in BMC Helix Automation Console by using Ansible Automation Platform

The following table lists the tasks that you need to perform to integrate BMC Helix Automation Console with BMC Helix Intelligent Automation and remediate vulnerabilities by using Ansible Automation Platform:

To create a policy for remediating vulnerabilities by using Ansible Automation Platform

1. Click Policies and then click Create Automation Policy.
2. In the Policy Information section, enter a unique name and an optional description for the policy. 
3. Select Automatic to execute the policy automatically based on the incoming events.

4. In the Trigger section, on the Paste Event JSON tab, enter the event in the JSON format, and click Done.

   Click here to view the sample event JSON

   Sample event JSON

   {
    "_tenant_id": "979915927",
    "severity": "5",
    "os_vendor": "QUALYS",
    "os": "Linux",
    "violation_name": "Missing Package Version",
    "os_version": "Linux RHEL-9",
    "last_observed_date": "1570879232000",
    "cve_ids": [
      "CVE-2024-0725"
     ],
    "cvssv2": null,
    "detection_date": "2019-10-12 11:20:32",
    "_identifier": "15db61f3-ea77-437e-919a-5b139d627c1c:1180b917-0d15-4697-a12c-db1ed41094c5",
    "exploit_available": null,
    "asset_name": "vl-xxx-xxxxx",
    "cvssv3": null,
    "tag": "TSAC"
     }
   }

   The Trigger Condition is generated based on the selected event. Remove the source hostname and continue with the next steps. 

5. Click anywhere in the Trigger Condition box to start building the expression for a trigger condition, and use the suggested parameters, values, and operators to complete the expression.
   For sample expressions, see Trigger condition expression. 
6. To add action to the policy, click Select Action and perform the following steps by using the action wizard:
   1. From the Pick an automation tool section, click the Ansible Automation Platform connector name.
      Only configured connectors are displayed here. The wizard takes you to the next step to select an action. 
   2. Click Sync Actions. 
      All job template and workflow template actions in your Ansible Automation Platform instance appear. 
   3. (Optional) Use the Search Online option to dynamically search for actions in the Ansible Automation Platform application. 
   4. Click Select against the required action.
      
      The wizard takes you to the next step to configure an action.
   5. Provide the following information:
      
      1. Enter the action name and description. 

      2. In Request body, enter the extra variables that you might have used in Ansible Automation Platform:

         Sample request body for stopping an AWS EC2 instance

         {
         "extra_vars": {
          "node": "$.event.asset_name",
          "cve_list": [
           "$.event.cve_ids"
           ]
         }
         }

         

   6. Click Done.
      The added action appears in the Action Configuration section on the Create Automation Policies page.
7. Select Publish Policy and click Save to publish the policy.

Where to go from here

After you create the automation policy, you can create a vulnerability remediation operation in BMC Helix Automation Console. See Create a vulnerability remediation operation.

When you execute the vulnerability remediation operation, the created automation policy is triggered in BMC Helix Intelligent Automation and the selected vulnerabilities are remediated by using the Ansible automation platform. To view the status or other details of the policy run, go to the History page. For more information, see View automation policy run history.