The Remediation Plans board is the place to see all remediation plans in JetPatch.
Remediation plans can move back and forth depending on the current status.
Remediation Plan Board Columns
New
The "New" Column represents Non-active remediation plans that were rejected (from the ITSM) or never activated.
Possible statuses
- Missing Configuration - Newly created remediation plans that are not fully configured
- Activation Required - Newly fully configured remediation plans that were never activated
- Rejected by ITSM - Rejected remediation plans (Via ITSM)
Note - Non-active remediation plans that were active in the past and canceled will appear in the "Completed" column
Pending
Remediation Plans will be placed in the "Pending" if the remediation plan is waiting for something to happen to execute successfully.
Possible statuses
-
Pending ITSM Approval
- JetPatch is checking if ITSM is configured for approving the remediation plans.
- If there is no ITSM configured this status should appear for a few seconds only.
-
Sent for approval
- A Change request was opened and JetPatch is waiting for approve/rejected status. (ITSM integration only)
-
Pending Execution
- JetPatch is pending to execution of the expected remediation plan.
- JetPatch will wait to execute the remediation plan if there are non-compliant endpoints with any exemption status (prevent execution from JetPatch), or if the configured maintenance window is not at the moment.
- For more information click on the "Compliance Report" action at the bottom of the remediation plan ticket and check the "Devices Status" section.
In progress
JetPatch will move the remediation plan to the "In Progress" column if there are actions to make at the moment:
- Patch execution - there are valid endpoints in the maintenance window
- Patch setup - Some WSUS operations are needed.
Possible statuses
-
Updating WSUS
- JetPatch is currently updating the WSUS with the requested information from the remediation plan.
-
Failed to update WSUS
- JetPatch encountered some failures while trying to update the WSUS and it will try to update WSUS again in a few moments. Possible reasons are:
- Connectivity issue with the WSUS server - check connectivity between the JetPatch Server to the WSUS server
- JetPatch is trying to update a Computer Group that no longer exists - the information in JetPatch is not updated. Please if "WSUS get groups and computers in the group" failed to execute.
-
Executing
- JetPatch is currently executing the patching workflow on one or more endpoints, based on the patch information from the specific remediation plan.
-
Execution paused
- JetPatch can execute operations on needed endpoints but there is another remediation plan currently executing actions on the same endpoints
-
Cancellation
- The user canceled the remediation plan and chose the option to wait till the currently executing workflows were finished.
- JetPatch won't start new workflow execution and will move the ticket automatically when possible.
Completed
When there are no future actions to make (in the scope of a specific remediation plan) the remediation plan ticket will move to the "Completed".
Possible statuses
- Done - The remediation plan patching process is finished for all applicable endpoints and either installed/removed all patches or have attempted and failed.
- Canceled by X - A user canceled the remediation plan, it was cancelled by policy, or it was cancelled by ITSM.
Note - in case the completed remediation plan has a Done status and is no longer 100% compliant (for example, a new endpoint was added to the relevant remediation plan group), then the remediation plan will move back into the "In Progress" column during the assigned maintenance window. After the remediation action is completed, the remediation plan ticket will be back in the "Completed" column. To avoid this scenario, please cancel the plan.
Manually remove the approval status in WSUS for calceled Remediation Plan
If you cancel a Remediation Plan after the WSUS sync approval but before it goes "In Progress," the approved patches will remain approved in WSUS by default. To prevent these patches from being installed in future RPs, need to manually remove the approval status in WSUS:
- Open WSUS: Access the WSUS management console.
- Find Approved Patches: Locate the patches from the canceled RP.
- Change Status: Change the approval status from "Approved" to "Declined" to prevent future installations.
Archived
The "Archived" column is an optional column to hide remediation plans that are in "Completed" status. A remediation plan can be archived by clicking on the "Archive" action on a "Completed" remediation plan.
You can expand/collapse the column by pressing the "Archived" column header.
- If a remediation plan is archived, JetPatch will automatically cancel it.
Remediation Plan ticket and actions
When looking at the Remediation Plan ticket you can find the following information
- Creation entity - Remediation Plan creation can be triggered in two ways:
- User trigger - by creating the remediation plan after choosing patches from the patch catalog or creating a remediation plan based on the vulnerability scan (located in the Management table). Will be marked with an icon.
- The created user can be seen when hovering over the person icon.
- Automatic trigger - following the Automatic Remediation Plans rule JetPatch will create a new Remediation plan if necessary. Will be marked with the Number sign (#). For more information go to Automatic Remediation Plans
- Remediation Plan ID - the ID JetPatch is generated for this remediation plan.
- Create time - the date of creating the remediation plan. The exact time can be found in a remediation plan compliance report. Hovering the date will show you the number of days passed.
- Plan Name - the plan name. It can be redefined if the remediation plan is in the "New" column. Description can be seen when hovering over the plan name.
- Plan special signs - Representing special plans.
- Plan with Critical patches - will be shown with a red circle and "C".
- Emergency plan - will be shown with a red circle and "E".
- Endpoints Compliance status - the status of the applicable endpoint:
- Compliant - green
- In Progress - yellow
- Non-Compliant - red
- Actions status
- Applied successfully - green
- Not applied yet - gray
- Failed - red
- Actions - The actions can be from plan to plan, based on the location and the remediation plan status
- Activate - for remediation plans with "Activation Required" status. Users can Activate the remediation plan
- Edit - for remediation plans with "Activation Required" status. Users can edit the remediation plan information
- Delete - for remediation plans with "Activation Required" status. Clicking on this action will delete the plan from the board.
- Predict - for remediation plans with future actions. The "Predict" action will redirect the user to the "Predictive Patching" page with the relevant plan ID to calculate the prediction. For more information go to Predictive Patching
-
More options -
- Duplicate - will duplicate the remediation plan. The new plan can be found in the "New" column
- Archive - for remediation plans with "Done" status. Will move the planned ticket to the "Archived" column when there are no actions to do at the moment.
- Delete - only available for canceled remediation plans. After you delete a remediation plan all its entities will be removed from the system (Deleted from Dashboard, Remediation Plan Board, related filtering options will no longer appear. Learn more on how to automatically delete a remediation plan.
- Compliance Report - for active or canceled remediation plans. Will show detailed compliance information about the remediation plan. For more information go to <INSERT HERE LINK TO RELEVANT ARTICLE>
- View - for active remediation plans. Will show the remediation plan details as defined.
-
Cancel -
- Cancel on completion - for remediation plans that are executing operations at the moment. JetPatch will cancel the remediation plan after the current in-progress workflow is finished.
- Cancel/Cancel Immediately - for active remediation plans. JetPatch will cancel the remediation plan immediately without considering the current running activity and it won't execute any new activity related to this remediation plan. Note - Workflows won't be fully executed.
- Notes: In either canceling method you choose, you can either cancel and the remediation plan would move to the 'completed' tab or cancel and archive.
Reports
Reports can be downloaded by clicking on the "SELECT ACTION" button and choosing "Download Reports".
The available reports are:
- Remediation Plans Summaries (CSV) - downloading extended information on the filtered plans (eg: from date X to date Y).
- This report includes a list of patched endpoints (aka compliant endpoints)
Notes
- JetPatch audits the following remediation plan activities in the logs
- When a new Remediation Plan is created from the following channels: UI / API / Vulnerability Parser / Duplicating a remediation Plan
- When a remediation plan execution is paused
- When the user archives / unarchives a remediation plan
Comments
0 comments
Please sign in to leave a comment.