Compliance is a metric that provides the number of uninstalled patches on a device. This refers to the number of resources that have been effectively patched or remediated against security threats. The distribution and deployment of patches accomplish nothing if your devices are not compliant.

Automated patch management makes the process of patch compliance more accessible for organizations of any size. Automated patching solutions make it possible for users to patch across all devices regardless of the operating system, location, or third-party application from a single interface.

OpsRamp Patch Management can help your organization to meet regulatory compliance requirements by detecting and remediating non-compliant endpoints using an automated patch management system, assisting with regular software upgrades, establishing system health detection policy, and recognizing patching regulatory standards, and providing visibility over all endpoints through robust reporting features.

Following are reasons why compliance with patch management is so important:

  • Enhance Security
  • Boost Efficiency
  • Enable Remote Working
  • Prevent Reputation loss

Create New Patch Compliance

OpsRamp categorizes any device as Compliant, if there are zero missing patches to be installed for a given Compliance configuration. If the missing patches in the Compliance criteria is greater than zero, the Device would be displayed as Non-Compliant.

To create new patch compliance, follow the below steps:

  1. Login to OpsRamp Portal.
  2. Select a client from the All Clients list.
  3. Go to Automation > Patch Management 2.0.
  4. On the left side of this page, click the Menu bar icon and then Compliance.
  5. Click + ADD to create a new patch configuration.

Let’s get started on creating a new patch compliance. You must fill out the necessary information on the following two pages:

  • Resource Selection
  • Patch Selection

Resource Selection

On this page, we will choose resources based on the requirements.

  1. In the Configuration Name field, give a name to the patch compliance.
  2. Select the Resource group from the drop down list.
  3. Select the Operating system: Windows/Linux
  4. Choose resources from the list. There are two options for doing so.
    • Dynamic: Choose resources by adding an OpsQL query; if any resources match the query, they will be included in the Compliance configurations automatically. This will automate the process and reduce the need for user intervention whenever there are new devices onboarded and required to add new devices to the existing Compliance configurations.
      patch management
    • Select Resources: This is a manual process for searching and selecting resources by defining Resource attributes in a simple search query. The selected resources list would not be updated with newly onboarded devices if the Compliance configuration is saved with this option. Users have to manually update the list for any onboarding or decommission of the devices on the platform.
  5. To proceed to the patch selection page, click Next.
    patch management

Patch Selection

  1. In the Patch Selection page, In the Patch Selection page, Select the patch approval mode: Manual or Automatic on the patch selection page.
  2. Select the patches to be installed:
    • Dynamic Patches: You can have the Patches selected for the installation Dynamically using the filter criteria. With the next Missing Patch Scan job execution, if there are new patches found as per the filter criteria, those patches would be automatically included for installation under the respective configuration.
    • Select Patches: You can select the patched manually from the list or using the Filter criteria
      patch management
  3. Once the patch selection process is completed, click Finish.
    patch management

View List of Patch Compliance

View the list of configured patch compliance under Patch Management 2.0 > Compliance. You can choose one or more patches and take action against them.

patch management

The following table describes the various attributes and actions displayed on the Compliance page:

NameThe name of the patch compliance.
OS TypeType operating system selected during the configuration; Windows/Linux.
ResourcesThe number of resources chosen when scheduling a compliance job.
PatchesNumber patches selected for the particular compliance.
Resource GroupSelected resource group for the specific patch compliance.
Search buttonUse the search field to find jobs.
ApproveUse this option to approve the patches.
EditUse the edit option to change the current job setup.
Run NowRun the patch job on selected devices and resource groups.
RemoveUse this option to remove tasks from the list if they are not relevant.

To see the configuration of the created compliance such as: Properties, Resources, Patches, and logs, click on the compliance jobs listed here.

patch management