Remediation plans are created either automatically or manually.
For a manual Remediation Plan, follow the instructions:
Creating a Remediation Plan
- Click on Patches > Patches Catalog in the main menu
- Select the Patches you would like to install. To easily create the Remediation Plan you can filter by the specific patch name, patch severity, category, etc.
- Click on Create Remediation Plan
The first part of the Remediation Plan is to define the Remeidaiton Plan information:
Fill in the needed values and click Save & Continue
Starting with JetPatch 4.1.1 UR3, every Remediation Plan has SLA to follow the required execution timeline in your organization.
- SLA Start Date - the date from which you want to measure the SLA for this specific Remediation Plan. The default value is the creation date of the plan.
- SLA End Date - the date to which you want to measure the SLA for this specific Remediation Plan. The default value is the creation date + the configured days in the following configured attribute in intigua.properties:
# Will determine the SLA End Date
pg.sla.planned-end-period.days = 30
To download the SLA Report check Generate SLA Report
You can specify several actions you would like to perform on the patches:
- No Action - Nothing has been specified for the specific patch.
- Install - This indicates that the patch has been put into a remediation plan and in addition, the plan has been activated. However, the patches have yet to be installed.
- Remove - JetPatch will rollback the selected patch(es). This option is not available for operating systems not fully supported by JetPatch.
- Not Approved - This indicates that a patch is available for an endpoint(s), however is not in an active remediation plan. JetPatch will reset the approval of the patch to 'Not Approved" when discovered.
- Decline - JetPatch will decline the patch from JetPatch and WSUS (for Windows)
You can also add and edit your patch selection by Clicking on Edit Patches
Note - After a patch is created you can also access and edit it via the Remediation Plans dashboard
When finishing assigning the requested action for the patches, click on Save & Continue
You can use the "Bulk Action" to assign the same action to selected patches:
- Select the required patches to the Bulk Action. You can select all patches by clicking the checkbox in the left of the headers of the table.
- Click on the "Select Bulk Action" list and choose the required bulk action to perform on all the selected patches.
Choose if you want to Save Cycle or Save & Activate Plan
- The "Affected Compliance Rules" will show if the rules created for custom compliance are considered for the set of patches in the respected Endpoint Groups.
- Patching Actions - The number of actions needed on the endpoint group
- Patch Breakdown - A breakdown of the patches statuses for the relevant Endpoint Group.
After activating a Remediation Plan, the plan will move to the "Pending" column in the Remediation Plan Board and will wait for ITSM approval, if configured.
When a plan is approved it goes to In Progress status (in the RP dashboard) and is activated according to the maintenance windows set for the endpoints.
If the plan was rejected, it will return to the New status (in the RP dashboard) awaiting further action
Note - a remediation plan will be executed on each endpoint based on the next maintenance schedule configured to that endpoint
- JetPatch can only rollback Linux/Unix patches it installs.
When reverting a patch installation process, JetPatch uses OS-level undo functionality to remove all related packages. In order for that procedure to succeed, the previous package version must exist in the repository. More information can be found here.
- JetPatch 4.1.2 does not support rollback for Ubuntu and AIX.
- For Windows, JetPatch can uninstall any patch, regardless of how it was installed, as long as Microsoft allows it.