On the Dashboard Screen, The 'Patches Compliance' Tab provides an overview of your environment.
Patches Compliance Dashboard - Components
All Operating Systems Summary
Total Compliance:
% Total Compliance
The percentage (rounded up) of endpoints that completed all required actions based on the associated remediation plans.
Note - Endpoints that were not part of any remediation plan in the past are considered compliant, therefore they are not affecting the Total Compliance calculation.
Calculation - (total endpoints - pending - failed - exempted) / total endpoints
Example (from the above image) - (174-0-7-39) / 174 = 74%
Applicable endpoints
Represent the endpoints that JetPatch can theoretically patch. There are two cases of non-applicable endpoints:
-
Endpoints with not-supported OS or do not exist in WSUS (Windows only) = "Patching Inapplicable" exemption.
- Endpoints that were discovered by the Vulnerability Scanner integration = "Unknown Endpoint" exemption.
Calculation - The best way to calculate is to go to Endpoints > Management, then filter on all Exemptions minus Unknown (let's call that number one). Then, filter only on patching inapplicable (let's call that number two). Then do one minus two to get your applicable endpoints number.
Example (from the above image) - 174
Compliant Endpoints
Endpoints without future remediation actions
Calculation - (total endpoints - in progress - pending - failed - exempted)
Example (from the above image) - (174 - 0 - 0 - 7 - 39) = 128
In-progress endpoints
Endpoints that should run a remediation action now (and are not exempted).
Pending endpoints
Endpoints that should run a remediation action in a future time (the Maintenance Schedule is for a future time) are not exempted.
Calculation - Go to Patches > Remediation Plans and go into
Example (from the above image) - 0
Failed endpoints
Endpoints that failed to execute a patch process (workflow) or patch action.
Calculation - The best way to calculate is to go to Endpoints > Management, then filter on Patch Status failed (known issue - it sometimes does not calculate accurately. Target fix 4.2)
Example (from the above image) - 7
Exempted endpoints
Endpoints that are blocked from being patched (now and at a future time). Exempted Endpoints can be compliant.
Calculation - Go to Endpoints > Management and filter with the following exemptions:
- Maintenance Window Required (when it is needed)
- Suspended By User
- Powered Off
- Power Suspended
- Power Unknown
- Untested Endpoint
- Invalid Credentials
- Unsupported PowerShell Execution Policy (from EP Readiness)
- Unsupported PowerShell Version (from EP Readiness)
- Advisories Not Exist (from EP Readiness)
- Packages Not Exist (from EP Readiness)
- Subscription Missing (from EP Readiness)
Example (from the above image) - 39
For more information about endpoint exemption, see Endpoint Exemptions and Warnings
Effective Compliance:
% Effective Compliance
The percentage (rounded up) of endpoints that completed all required actions based on the associated remediation plans while ignoring exempted endpoints.
Note - Endpoints that were not part of any remediation plan in the past are considered compliant, therefore they are not affecting the Total Compliance calculation.
Calculation - (total endpoints - pending - failed) / total endpoints
Example (from the above image) - (174 - 0 - 7) / 189 = 96%
Applicable endpoints
Total patch applicable endpoints in your environment excluding exempted endpoints
Calculation - (total endpoints - exempted)
Example (from the above image) - (174 - 37) = 135
Compliant Endpoints
Endpoints without future remediation actions
Calculation - (total endpoints - in progress - pending - failed - exempted)
Example (from the above image) - (174 - 0 - 0 - 7 - 39) = 128
In-progress endpoints, Pending endpoints, Failed endpoints
Same as in "Total Compliance" excluding exempted endpoints (as defined above)
Detailed Data By Operating System
Here you can see a breakdown of endpoint compliance by the operating system.
Total Endpoints: Total patch applicable endpoints in your environment (per OS)
Iמ Progress, Exempted, Pending, Failed, Compliance: Same as in "Effective Compliance" above (per OS)
Download Reports
There are two optional reports you can download:
Compliance Summary
Provides the following data (detailed by the operating system):
-
- Total Servers
- Failed Servers
- In Progress Servers
- Pending Servers
- Exempted Servers
- Compliant Servers
SLA Summary
Provides the status of the remediation plan according to their SLA time.
Learn more on SLA Reports
Comments
0 comments
Please sign in to leave a comment.