Compliance is a metric that provides the number of uninstalled patches on a device. This refers to the number of resources that have been effectively patched or remediated against security threats. The distribution and deployment of patches accomplish nothing if your devices are not compliant.
Automated patch management makes the process of patch compliance more accessible for organizations of any size. Automated patching solutions make it possible for users to patch across all devices regardless of the operating system, location, or third-party application from a single interface.
OpsRamp Patch Management can help your organization to meet regulatory compliance requirements by detecting and remediating non-compliant endpoints using an automated patch management system, assisting with regular software upgrades, establishing system health detection policy, and recognizing patching regulatory standards, and providing visibility over all endpoints through robust reporting features.
Following are reasons why compliance with patch management is so important:
- Enhance Security
- Boost Efficiency
- Enable Remote Working
- Prevent Reputation loss
Create New Patch Compliance
OpsRamp categorizes any device as Compliant, if there are zero missing patches to be installed for a given Compliance configuration. If the missing patches in the Compliance criteria is greater than zero, the Device would be displayed as Non-Compliant.
To create new patch compliance, follow the below steps:
- Login to OpsRamp Portal.
- Select a client from the All Clients list.
- Go to Automation > Patch Management 2.0.
- On the left side of this page, click the Menu bar icon and then Compliance.
- Click + ADD to create a new patch configuration.
Let’s get started on creating a new patch compliance. You must fill out the necessary information on the following two pages:
- Resource Selection
- Patch Selection
On this page, we will choose resources based on the requirements.
- In the Configuration Name field, give a name to the patch compliance.
- Select the Resource group from the drop down list.
- Select the Operating system: Windows/Linux
- Choose resources from the list. There are two options for doing so.
- Dynamic: Choose resources by adding an OpsQL query; if any resources match the query, they will be included in the Compliance configurations automatically. This will automate the process and reduce the need for user intervention whenever there are new devices onboarded and required to add new devices to the existing Compliance configurations.
- Select Resources: This is a manual process for searching and selecting resources by defining Resource attributes in a simple search query. The selected resources list would not be updated with newly onboarded devices if the Compliance configuration is saved with this option. Users have to manually update the list for any onboarding or decommission of the devices on the platform.
- To proceed to the patch selection page, click Next.
- In the Patch Selection page, In the Patch Selection page, Select the patch approval mode: Manual or Automatic on the patch selection page.
- Select the patches to be installed:
- Dynamic Patches: You can have the Patches selected for the installation Dynamically using the filter criteria. With the next Missing Patch Scan job execution, if there are new patches found as per the filter criteria, those patches would be automatically included for installation under the respective configuration.
- Select Patches: You can select the patched manually from the list or using the Filter criteria
- Once the patch selection process is completed, click Finish.
View List of Patch Compliance
View the list of configured patch compliance under Patch Management 2.0 > Compliance. You can choose one or more patches and take action against them.
The following table describes the various attributes and actions displayed on the Compliance page:
|Name||The name of the patch compliance.|
|OS Type||Type operating system selected during the configuration; Windows/Linux.|
|Resources||The number of resources chosen when scheduling a compliance job.|
|Patches||Number patches selected for the particular compliance.|
|Resource Group||Selected resource group for the specific patch compliance.|
|Search button||Use the search field to find jobs.|
|Approve||Use this option to approve the patches.|
|Edit||Use the edit option to change the current job setup.|
|Run Now||Run the patch job on selected devices and resource groups.|
|Remove||Use this option to remove tasks from the list if they are not relevant.|
To see the configuration of the created compliance such as: Properties, Resources, Patches, and logs, click on the compliance jobs listed here.