Articles in this section

Remediation Plans Board

The Remediation Plans board is the place to see all remediation plans in JetPatch.

Remediation plans can move back and forth depending on the current status.

Remediation Plan Board Columns

New 

The "New" Column represents Non-active remediation plans that were rejected (from the ITSM) or never activated.

Possible statuses

  • Pending activation - Newly created remediation plans that were never activated
  • Rejected - rejected remediation plans 

Note - Non-active remediation plans that were active in the past and canceled will appear in the "Completed" column

 

Pending

Remediation Plans will be placed in the "Pending" if the remediation plan is waiting for something to happen in order to execute successfully.

Possible statuses

  1. Pending approval
    • JetPatch is checking if ITSM is configured for approving the remediation plans.
    • If there is no ITSM configured this status should appear for a few seconds only.
  2. Sent for approval
    • A Change request was opened and JetPatch is waiting for approve/rejected status. (ITSM integration only) 
  3. Waiting for execution
    • JetPatch is waiting to execute the expected remediation plan.
    • JetPatch will wait to execute the remediation plan if there are not-compliant endpoints with any exemption status (prevent execution from JetPatch), or if the configured maintenance window is not at the moment.
    • For more information click on the "Compliance Report" action at the bottom of the remediation plan ticket and check the "Devices Status" section.

In progress

JetPatch will move the remediation plan to the "In Progress" column if there are actions to make at the moment:

  • Patch execution - there are valid endpoints in the maintenance window
  • Patch setup - Some WSUS operations are needed.

Possible statuses

  1. Updating WSUS
    • JetPatch is currently updating the WSUS with the requested information from the remediation plan.
  2. Failed to update WSUS
    • JetPatch encountered some failures while trying to update the WSUS and it will try to update WSUS again in a few moments. Possible reasons are:
    • Connectivity issue with the WSUS server - check connectivity between the JetPatch Server to the WSUS server
    • JetPatch is trying to update a Computer Group that no longer exists - the information in JetPatch is not updated. Please if "WSUS get groups and computers in the group" failed to execute.
  3. Executing
    • JetPatch is currently executing the patching workflow on one or more endpoints, based on the patch information from the specific remediation plan.
  4. Execution paused
    • JetPatch can execute operations on needed endpoints but there is another remediation plan currently executing actions on the same endpoints
  5. Pending cancel
    • The user canceled the remediation plan and chose the option to wait till the currently executing workflows were finished.
    • JetPatch won't start new workflow execution and will move the ticket automatically when possible.

Completed

When there are no future actions to make (in the scope of a specific remediation plan) the remediation plan ticket will move to the "Completed".

Possible reasons are:

  • All the endpoints in the remediation plan are compliant and there are no future patches to remediate
  • The user canceled the remediation plan

Possible statuses

  1. Done - The remediation plan is completed successfully and all endpoints are 100% compliant. No future action is made.
  2. Canceled by user - A user canceled the remediation plan.

Note - in case the completed remediation plan has a Done status and is no longer 100% compliant (for example, a new endpoint was added to the relevant remediation plan group), then the remediation plan will move back into the "In Progress" column during the assigned maintenance window. After the remediation action is completed, the remediation plan ticket will be back in the "Completed" column.  To avoid this scenario, please cancel the plan.

 

Archived

The "Archived" column is an optional column to hide remediation plans that are in "Completed" status (100% compliant). A remediation plan can be archived by clicking on the "Archive" action on a "Completed" remediation plan.

You can expand/collapse the column by pressing the "Archived" column header.

Possible statuses

  1. Done - The remediation plan is completed successfully and all endpoints are 100% compliant. No future action is made.
  2. Canceled by user - A user canceled the remediation plan.
  • If a remediation plan is archived, JetPatch will automatically cancel it.
  • Also, when upgrading to 4.2.3+, all currently archived remediation plans will automatically be canceled.
  • These automatically canceled plans will be marked with the status "canceled by policy"

 

Remediation Plan ticket and actions

When looking at the Remediation Plan ticket you can find the following information

remediation_plan_board_2.PNG

  1. Creation entity - Remediation Plan creation can be triggered in two ways:
    • User trigger - by creating the remediation plan after choosing patches from the patch catalog or creating a remediation plan based on the vulnerability scan (located in the Management table). Will be marked with an icon.
    • The created user can be seen when hovering over the person icon.
    • Automatic trigger - following the Automatic Remediation Plans rule JetPatch will create a new Remediation plan if necessary. Will be marked with the Number sign (#). For more information go to Automatic Remediation Plans
  2. Remediation Plan ID - the ID JetPatch is generated for this remediation plan.
  3. Create time - the date of creating the remediation plan. The exact time can be found in a remediation plan compliance report. Hovering the date will show you the number of days passed.
  4. Plan Name - the plan name. It can be redefined if the remediation plan is in the "New" column. Description can be seen when hovering over the plan name.
  5. Plan special signs - Representing special plans.
    • Plan with Critical patches - will be shown with a red circle and "C".
    • Emergency plan - will be shown with a red circle and "E".
  6. Endpoints Compliance status - the status of the applicable endpoint:
    • Compliant - green
    • In Progress - yellow
    • Non-Compliant - red
  7. Actions status
    • Applied successfully - green
    • Not applied yet - gray
    • Failed - red
  8. Actions - The actions can be from plan to plan, based on the location and the remediation plan status
    • Edit - for remediation plans with "Pending activation" status. Users can edit the remediation plan information
    • Delete - for remediation plans with "Pending activation" status. Clicking on this action will delete the plan from the board.
    • Predict - for remediation plans with future actions. The "Predict" action will redirect the user to the "Predictive Patching" page with the relevant plan ID to calculate the prediction for. For more information go to Predictive Patching
    • More options -
      • Duplicate - will duplicate the remediation plan. The new plan can be found in the "New" column
      • Archive - for remediation plans with "Done" status. Will move the planned ticket to the "Archived" column when there are no actions to do at the moment.
      • Delete - only available for canceled remediation plans. After you delete a remediation plan all its entities will be removed from the system (Deleted from Dashboard, Remediation Plan Board, related filtering options will no longer appear. Learn more on how to automatically delete a remediation plan.
    • Compliance Report - for active or canceled remediation plans. Will show detailed compliance information about the remediation plan. For more information go to <INSERT HERE LINK TO RELEVANT ARTICLE>
    • View - for active remediation plans. Will show the remediation plan details as defined.
    • Cancel
      • Cancel on completion - for remediation plans that are executing operations at the moment. JetPatch will cancel the remediation plan after the current in-progress workflow is finished.
      • Cancel/Cancel Immediately - for active remediation plans. JetPatch will cancel the remediation plan immediately without considering the current running activity and it won't execute any new activity related to this remediation plan. Note - Workflows won't be fully executed. 
      • Notes: In either canceling method you choose, you can either cancel and the remediation plan would move to the 'completed' tab or cancel and archive.Cancel_Plan.PNG

Reports

Reports can be downloaded by clicking on the "SELECT ACTION" button and choosing "Download Reports".

The available reports are:

  • Remediation Plans Summaries (CSV) - downloading extended information on the filtered plans (eg: from date X to date Y).
    • This report includes a list of patched endpoints (aka compliant endpoints) 

Notes 

  • JetPatch audits the following remediation plan activities in the logs
    • When a new Remediation Plan is created from the following channels: UI / API / Vulnerability Parser / Duplicating a remediation Plan 
    • When a remediation plan execution is paused
    • When the user archives / unarchives a remediation plan 

Related articles

Comments

0 comments

Please sign in to leave a comment.