Initiating actions with Manual Response

This feature is not available for BMC Defender SIEM for Motorola.

As a BMC AMI Command Center for Security administrator, you can initiate specified actions from an individual message by creating a Manual Response, which sends a response request to BMC AMI Datastream. BMC AMI Datastream validates the request and, if warranted, issues the response.

First you define the responses that you want to request of the mainframe system, and then you create a Manual Response to trigger the response requests.

Before you begin

You must log in with administrator credentials.

Make sure that you have response requests defined, as described in Sending-response-requests-to-BMC-AMI-Datastream.

To create a Manual Response

You can create a Manual Response as follows from any Message Detail tab.

Log in to the BMC Defender Server web interface and open a Message Detail tab:
For example, on the Messages > Search tab, click Details at the end of a message.

Click Create Manual Response and complete the following items:

Item	Description
Create Manual Response section
Message	Selected message
Forwarder	Preconfigured two-way communication network forwarder The response request is sent and received along this path. For information about network forwarders, see Setting-up-a-network-forwarder.
Request	Response request, as defined in Sending-response-requests-to-BMC-AMI-Datastream After selecting the request, the defined required fields for that request are displayed. Parse expressions in the parameter fields are applied to the selected message.
Ticket Response section
Create Ticket	Whether to open a ticket (but the alert message is always sent) Specify one of the following options: Disabled—no ticket is opened Enabled (default)—a ticket is opened with the parameters set in this section
Assign Ticket To	Name of the ticket operator to whom the ticket is assigned By default, the ticket is assigned to the currently logged in user.
Alert Facility	Facility to associate with the alert message
Alert Severity	Severity to associate with the alert message
Alert Message / Ticket Text	Message text You might want to add a variable first (see below) and copy the variable. Add a message and paste the variable where you want it. Click Suggest to insert a message based on the selected request. You can modify the suggested message. To see open tickets, select the Tickets > Opened tab.
Insert Alert Variable	Variable to insert in the message text Select the variable and click Insert. The page refreshes and the variable is displayed in the message box, overwriting any existing content. When the alert is triggered, the alert replaces the variables with the name.

Click Preview Response at the top of the Manual Response tab.
The system validates the Manual Response and displays a preview of the request for confirmation.
Click Confirm Send.

The system sends the specified response request with the specified field values to BMC AMI Datastream, which immediately returns acknowledgment of the request received.

The Manual Response tab displays the request and response:

After BMC AMI Datastream validates and executes (if deemed appropriate) the response, it sends a message with the response status.

Viewing Manual Responses

The Messages > Manual Response tab displays a summary of the sent responses and their history:

_{Click to enlarge the image.}

You can see the original message and response. To see messages from previous days, select a date from the View Date menu.

Troubleshooting

If you do not receive the expected response, verify the following items:

The request action code matches a code configured in BMC AMI Datastream.
Alert Automation is enabled in BMC AMI Datastream.
The matching parameters are valid.