More about the new features in the 1.3 release

New features in the 1.3 release of WebSphere Automation include fix history records and outbound proxy support.

Fix history

Information technology operations teams must be responsive to the most recent security vulnerabilities. A patching service-level agreement (SLA) requires that an operations team fix vulnerability within 30, 60 or 90 days (or faster) based on vulnerability severity. Therefore, it is vital to be able to demonstrate the date that a vulnerability was detected, and the date that the fix was applied. WebSphere Automation provides a history of fixes that are applied to each registered server, including when each issue was detected, when and how it was fixed, and how long servers were exposed. An example is shown in the following image.

Example Server information page showing hostname, WebSphere version, installation directory, Java SDK version, Server type, and a list of fixes installed on the server.

A record of all detected security vulnerabilities (CVEs) and the resolution status makes it easy to respond to patching SLA inquiries. WebSphere Automation keeps records of when vulnerabilities were detected, when and how they were fixed, and how many days servers were exposed. See the following image for an example Server vulnerabilities page.

Example Server vulnerabilities page showing list of CVEs that affect the server. Column headings include Risk level, CVE, Status, Days exposed, Detection date.

WebSphere Automation keeps a complete history of the actions that led to the current state. Whether a fix is installed, uninstalled, or included in a fix pack update, WebSphere Automation provides the detailed change history. These records give teams the confidence and the necessary details to show that they are meeting their patching SLAs. The following image shows an example Fix history page.

Example Server vulnerabilities fix history page showing list of CVEs that affect the server. Column headings include Fix, Action, Status, Resolved CVEs, and Date.

Also new in WebSphere Automation is the ability to see CVE and security bulletin information directly in the user interface. The inline bulletin information streamlines the user experience. The full details of the security bulletin are still available at the published bulletin page, which you can access by clicking the View button. The following image shows an example CVE information page.

Example CVE information page with information about a particular CVE that affects your server inventory, including a description, the risk level, number of days your inventory has been exposed, and detected date. In the Affected servers area, column headings include Servers, WebSphere version, Java SDK version, Hostname, Cell, Vulnerability status, Days exposed, and Detection date.

The CVEs tab is also improved, making it easier to see the breadth and impact of security vulnerabilities across the whole server inventory. The aggregated CVEs view shows the date that a vulnerability was first detected in the environment, the number of impacted servers (whether fixed or still vulnerable), and the longest number of days a server was exposed. The following image shows the updated CVEs page.

Example CVEs page with security vulnerabilities that affect server inventory. Seven rows of vulnerabilities are shown. Column headings include Risk level, CVE, Days exposed, Fixed servers, Vulnerable servers, and Detection date.

This capability scales to environments with thousands of servers, as shown in the following image.

Example CVEs page with security vulnerabilities that affect server inventory. Seven rows of critical vulnerabilities are shown. Column headings include Risk level, CVE, Days exposed, Fixed servers, Vulnerable servers, and Detection date. In the Vulnerable servers column, values range from 316 to 2000.

Outbound proxy support

To support enterprise network requirements, WebSphere Automation now supports an outbound proxy server configuration. By default, WebSphere Automation accesses the IBM Support pages for the most recent security bulletin information. For networks that require access to external resources (such as ibm.com) to flow through an outbound proxy, you can specify the outbound proxy host, port, and TLS configuration.

For more information, see Configuring to use a proxy server.

This new feature resolves the following requests for enhancement (RFEs):

Try out the new features

You can explore the new features and capabilities of WebSphere Automation in the cloud and on-premises. You can try the new fix history features in the IBM Cloud hosted trial at no expense.

You can also get access to a trial of WebSphere Automation that can be used for 60 days at no cost, either on-premises or in a hosted cloud environment. For more information, see Accessing a 60-day trial.