Patch policies

Patch policies identify missing patches on assets.

Typically, a patch administrator analyzes assets to identify the missing patches and determine the patches to be acquired to comply with the organizational standards. Using TrueSight Automation Console,you create a policy that scans all assets. When you create a policy, a Patching Job gets created in TrueSight Server Automation with the value for the max_parallel_targets set to unlimited. 

During a policy scan, Automation Console analyzes patches installed or missing on the assets based on the catalog selected in the policy. 

You can now create patch policies for Microsoft Windows and Linux-based operating systems (Red Hat Enterprise Linux, SuSE, Oracle Enterprise Linux, and CentOS only). 

Policy results appear on the Assets page and on the Automation Console dashboard. Using these results, you can then a create a remediation operation to install missing patches on the assets. 

Automation Console enables you to create a policy using multiple options: 

• Patch Policy Filters: 
  • Patch Classifications (applicable for Windows only): Enables you to filter the scan based on the patch classifications such as for security patches, non-security patches, and security tools. You can also choose to skip scanning the assets for service packs. 
  • Patch Groups: TrueSight Server Automation allows you to include or exclude patch groups created in Server Automation. While creating a policy, you can choose to scan the assets based on the patch groups. 
• Assets Selection: Enables you to select either all assets or asset groups (server smart groups in Server Automation) to be scanned by the policy. 

Using the Automation Console, you can schedule a policy to run on a daily or a weekly cadence. If a catalog is disabled in Automation Console, then the policies created using the catalog run based on the last update of the catalog.

Where to go from here

To add, edit, enable, disable a patch policy, see Working-with-patch-policies.