Patch policies

Patch policies identify missing patches on assets.

Typically, a patch administrator analyzes assets to identify the missing patches and determine the patches to be acquired to comply with the organizational standards. Using BMC Helix Automation Console, you create a policy that scans all assets. When you create a policy, a Patching Job gets created in TrueSight Server Automation. During a policy scan, Automation Console analyzes patches installed or missing on the assets based on the catalog selected in the policy. 

Policy results appear on the Assets page and on the Automation Console dashboard. Using these results, you can then a create a remediation operation to install missing patches on the assets. 

Automation Console enables you to create a policy using multiple options: 

  • Patch Policy Filters: 
    • Patch Classifications (applicable for Windows only): Enables you to filter the scan based on the patch classifications such as for security patches, non-security patches, and security tools. You can also choose to skip scanning the assets for service packs. 
    • Patch Groups: TrueSight Server Automation allows you to include or exclude patch groups created in Server Automation. While creating a policy, you can choose to scan the assets based on the patch groups. 
  • Assets Selection: Enables you to select either all assets or asset groups (server smart groups in Server Automation) to be scanned by the policy. 

Using the Automation Console, you can schedule a policy to run on a daily or a weekly cadence. 

Where to go from here

To add, edit, enable, disable a patch policy, see Working-with-patch-policies

 

  • 19.11
Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*