Remediation plans are created either automatically or manually. We strongly recommend you follow the patching checklist as part of your remediation plan process.
For a manual Remediation Plan, follow the instructions:
Creating a Remediation Plan
- Click on Patches > Patches Catalog in the main menu
- Select the Patches you would like to install. To easily create the Remediation Plan you can filter by the specific patch name, patch severity, category, etc.
- Click on Create Remediation Plan
Configure Plan
The first part of the Remediation Plan is to define the Remediation Plan information:
- Remediation Plan Name
- Description
- SLA dates
- Email a Report on Completion
- Is Emergency Remediation Plan
- Email a Report on Completion
Fill in the needed values and click Save & Continue
SLA Dates
Every Remediation Plan has SLA to follow the required execution timeline in your organization.
- SLA Start Date - the date from which you want to measure the SLA for this specific Remediation Plan. The default value is the creation date of the plan.
- SLA End Date - the date to which you want to measure the SLA for this specific Remediation Plan. The default value is the creation date + the configured days in the following configured attribute in intigua.properties:
# Will determine the SLA End Date
Note: A remediation plan will automatically cancel if current time > SLA End Date
pg.sla.planned-end-period.days = 30- By default SLA End Date is 30 days after activation. This is configurable (see above)
- Status will be “Cancelled by policy”
- You can manually override the default end date during remediation plan creation (see highlighted field below)
To download the SLA Report check Generate SLA Report
Email a Report on Completion
When an active Remediation Plan is moved to the ‘Done’ or 'Cancelled by policy' Status under the "Completed" column, JetPatch can send a notification email with an executive summary. To enable this executive summary email, select the checkbox under the Notifications section of the Configure Plan tab, and enter the recipient email address where you'd like to send the email.
Approve Patches
You can specify several actions you would like to perform on the patches:
- No Action - Nothing has been specified for the specific patch.
- Install - This indicates that the patch has been put into a remediation plan and in addition, the plan has been activated. However, the patches have yet to be installed.
- Remove - JetPatch will roll back the selected patch(es). Rollback is not yet available for AIX or Ubuntu.
- Not Approved - This indicates that a patch is available for an endpoint(s), however is not in an active remediation plan. JetPatch will reset the approval of the patch to 'Not Approved" when discovered.
- Decline - JetPatch will decline the patch from JetPatch and WSUS (for Windows)
You can also add and edit your patch selection by Clicking on Edit Patches
Note - After a patch is created you can also access and edit it via the Remediation Plans dashboard
When finishing assigning the requested action for the patches, click on Save & Continue
Bulk actions
You can use the "Bulk Action" to assign the same action to selected patches:
- Select the required patches to the Bulk Action. You can select all patches by clicking the checkbox in the left of the headers of the table.
- Click on the "Select Bulk Action" list and choose the required bulk action to perform on all the selected patches.
Create Cycle
Select the Endpoint Groups you want the remediation plan to run on and the workflows (For each Operating System) you would like to run.
Choose if you want to Save the Cycle or Save and activate the Plan
Notes -
- The "Affected Compliance Rules" will show if the rules created for custom compliance are considered for the set of patches in the respected Endpoint Groups.
-
Patching Actions - The number of actions needed on the endpoint group
-
If the value of SG in the Patching Actions column is “0” mark it with bold red
-
-
Patch Breakdown - A breakdown of the patch statuses for the relevant Endpoint Group.
-
If the value of SG in the Patch Breakdown column is “No applicable patches” mark it with bold red
-
What's Next?
After activating a Remediation Plan, the plan will move to the "Pending" column in the Remediation Plan Board and will wait for ITSM approval, if configured.
When a plan is approved it goes to In Progress status (in the RP dashboard) and is activated according to the maintenance windows set for the endpoints.
If the plan was rejected, it will return to the New status (in the RP dashboard) awaiting further action
Note - a remediation plan will be executed on each endpoint based on the next maintenance schedule configured to that endpoint
Rollback
Linux/Unix Notes
- JetPatch can only roll back Linux/Unix patches it installs.
-
When reverting a patch installation process, JetPatch uses OS-level undo functionality to remove all related packages. In order for that procedure to succeed, the previous package version must exist in the repository. More information can be found here.
- JetPatch does not support rollback for Ubuntu, Debian, and AIX.
Windows Notes
- For Windows, JetPatch can uninstall any patch, regardless of how it was installed, as long as Microsoft allows it (eg: SSU updates are not allowed to be rollbacked by Microsoft).
Comments
0 comments
Please sign in to leave a comment.