Articles in this section

Remediation Plans Board

The Remediation Plans board is the place to see all remediation plans in JetPatch.

Remediation plans can move back and forth depends on the current status.

Remediation Plan Board Columns

New 

The "New" Column represents Non-active remediation plans which were rejected (from the ITSM) or never activated.

Possible statuses

  • Pending activation - Newly create remediation plans which were never activated
  • Rejected - rejected remediation plans 

Note - Non-active remediation plans which were active in the past and canceled will appear in the "Completed" column

 

Pending

Remediation Plans will be placed in the "Pending" if the remediation plan is waiting for something to happen in order to execute successfully.

Possible statuses

  1. Pending approval - JetPatch is checking if ITSM is configured for approving the remediation plans. If there is no ITSM configured this status should appear for a few seconds only.
  2. Sent for approval - A Change request was opened and JetPatch is waiting for approve/rejected status. (ITSM integration only) 
  3. Waiting for execution - JetPatch is waiting for executing the expected remediation plan. JetPatch will wait to execute the remediation plan if there are not-compliance endpoints with exemption status (prevent execution from JetPatch) or the configured maintenance window is not at the moment. For more information click on the "Compliance Report" action at the bottom of the remediation plan ticket and check the "Devices Status" section.

In progress

JetPatch will move the remediation plan to the "In Progress" column if there are actions to make at the moment:

  • Patch execution - there are valid endpoint in the maintenance window
  • Patch setup - Some WSUS operations are needed.

Possible statuses

  1. Updating WSUS - JetPatch is currently updating the WSUS with the requested information from the remediation plan.
  2. Failed to update WSUS - JetPatch encountered some failures while trying to update the WSUS and it will try to update WSUS again in a few moments. Possible reasons are:
    1. Connectivity issue with the WSUS server - check connectivity between the JetPatch Server to the WSUS server
    2. JetPatch is trying to update a Computer Group which is no longer exist - the information in JetPatch is not updated. Please if "wsus get groups and computers in group" was failed to execute.
  3. Executing - JetPatch is currently executing the patching workflow on one or more endpoints, based on the patch information from the specific remediation plan.
  4. Execution paused - JetPatch can execute operation on needed endpoints but there is other remediation plan currently executing actions on the same endpoints
  5. Pending cancel - User cancelled the remediation plan and choose the option to wait till the currently executing workflows will finish. JetPatch won't start new workflow execution and will move the ticket automatically when possible.

Completed

When there are not future actions to make (in the scope of a specific remediation plan) the remediation plan ticket will move to the "Completed".

Possible reasons are:

  • All the endpoints in the remediation plan are compliant and there are no future patches to remediate
  • The user canceled the remediation plan

Possible statuses

  1. Done - The remediation plan is completed successfully and all endpoints are 100% compliant. No future action make.
  2. Canceled by user - A user canceled the remediation plan.

Note - in case the completed remediation plan has a Done status and is no longer 100% compliant (for example, a new endpoint was added to the relevant remediation plan group), then the remediation plan will move back into "In Progress" column during the assigned maintenance window. After the remediation action is completed, the remediation plan ticket will be back to the "Completed" column.  To avoid this scenario, please cancel the plan.

 

Archived

The "Archived" column is an optional column to hides remediation plans that are in "Completed" status (100% compliant). A remediation plan can be archived by clicking on the "Archive" action on a "Completed" remediation plan.

You can expand/collapse the column by pressing the "Archived" column header.

Possible statuses

  1. Done - The remediation plan is completed successfully and all endpoints are 100% compliant. No future action make.
  2. Canceled by user - A user canceled the remediation plan.
  • If a remediation plan is archived, JetPatch will automatically cancel it.
  • Also, when upgrading to 4.2.3+, all currently archived remediatioanly plans will automatically be cancelled.
  • These automatically cancelled plans will be marked with the status "cancelled by policy"

 

Remediation Plan ticket and actions

When looking on the Remediation Plan ticket you can find the following information

remediation_plan_board_2.PNG

  1. Creation entity - Remediation Plan creation can be triggered throughout two ways:
    1. User trigger - by creating the remediation plan after choosing patches from the patch catalog or creating a remediation plan based on vulnerability scan (located in the Management table). Will be marked with a image.JPG icon. The created user can be seen when hovering the person icon.
    2. Automatic trigger - following Automatic Remediation Plans rule JetPatch will create new Remediation plan if necessary. Will be marked with the Number sign (#). For more information go to Automatic Remediation Plans
  2. Remediation Plan ID - the ID JetPatch is generated for this remediation plan.
  3. Create time - the date of creating the remediation plan. The exact time can be found in a remediation plan compliance report. Hovering the date will show you the number of days passed.
  4. Plan Name - the plan name. It can be redefined if the remediation plan is in "New" column. Description can be seen when hovering the plan name.
  5. Plan special signs - Representing special plans.
    1. Plan with Critical patches - will be shown with a red circle and "C".
    2. Emergency plan - will be shown with a red circle and "E".
  6. Endpoints Compliance status - the status of the applicable endpoint:
    1. Compliant - green
    2. In Progress - yellow
    3. Non-Compliant - red
  7. Actions status
    1. Applied successfully - green
    2. Not applied yet - gray
    3. Failed - red
  8. Actions - The actions can be from plan to plan, based on the location and the remediation plan status
    1. Edit - for remediation plans with "Pending activation" status. User can edit the remediation plan information
    2. Delete - for remediation plans with "Pending activation" status. Clicking on this action will delete the plan from the board.
    3. Predict - for remediation plans with future actions. "Predict" action will redirect the user to the "Predictive Patching" page with the relevant plan ID to calculate the prediction for. For more information go to Predictive Patching
    4. More options -
      1. Duplicate - will duplicate the remediation plan. The new plan can be found in "New" column
      2. Archive - for remediation plans with "Done" status. Will move the plan ticket to the "Archived" column when there are no actions to do at the moment.
      3. Delete - only available for cancelled remediation plans. After you delete a remediation plan all its entities will be removed from the system (Deleted from Dashboard, Remediation Plan Board, related filtering options will no longer appear. Learn more on how to automatically delete a remediation plan.
    5. Compliance Report - for active or canceled remediation plans. Will show detailed compliance information about the remediation plan. For more information go to <INSERT HERE LINK TO RELEVANT ARTICLE>
    6. View - for active remediation plans. Will show the remediation plan details as define.
    7. Cancel
      1. Cancel on completion - for remediation plans which are executing operations at the moment. JetPatch will cancel the remediation plan after the current in-progress workflow will finish.
      2. Cancel/Cancel Immediately - for active remediation plans. JetPatch will cancel the remediation plan immediately without considering the current running activity and it won't execute any new activity related to this remediation plan. Note - Workflows won't be fully executed. 
      3. Notes: In either canceling method you choose, you can either cancel and the remediation plan would move to 'completed' tab or cancel and archive.Cancel_Plan.PNG

Reports

Reports can be downloaded by clicking on the "SELECT ACTION" button and choose "Download Reports".

The available reports are:

  • Remediation Plans Summaries (CSV) - downloading extended information on the filtered plans (eg: from date X to date Y).
    • This report includes a list of patched endpoints (aka compliant endpoints) 

Notes 

  • JetPatch audits the following remediation plan activities in the logs
    • When a new Remediation Plan is created from the following channels: UI / API / Vulnerability Parser / Duplicating a remediation Plan 
    • When a remediation plan execution is paused
    • When the user archives / unarchives a remediation plan 

Related articles

Comments

0 comments

Please sign in to leave a comment.