Overview
Automated Remediation Plans is a low-touch capability that allows you to create and manage a fully automated process for maximum environmental compliance and minimal user intervention.
The feature allows you to automatically create and activate remediation plans based on predefined rules and schedules. The remediation plan rule is based on a dynamic patch filter.
Considering the repeat-type interval, JetPatch checks whether any patches in the filter are needed and deploys them during the maintenance schedule if ‘auto-activate’ is configured.
|
Important: This feature is responsible for creating remediation plans only. Patch installation itself is executed according to configured Maintenance Windows. For details on maintenance window configuration, refer to the dedicated Maintenance Windows documentation. |
Prerequisites
Before configuring automatic remediation plans, ensure that:
- Applicable patches are available in the Patch Catalog.
- Endpoint groups are properly defined.
- Maintenance schedules are already configured.
Automatic Remediation Plans Rules
To access the Automated Remediation Plans Rules, navigate to Rules → Automated Remediation Plan Rules.
Click on ‘Add’ to bring up the prompt for “Create Automated Remediation Plan Rule”.
To access the Automated Remediation Plans Rules, navigate to Rules -> Automated Remediation Plan Rules.
Click on 'Add' to bring up the prompt for "Create Automated Remediation Plan Rule".
Step 1: Create a Patch Filter in the Patch Catalog
Automatic remediation plans rely on saved patch filters. These filters define which patches will be included in the remediation plan.
| Note: Automated Remediation Plans rules are based on existing Patch Filters. For more information check the “Patch Bundles” section in Patch Catalog. |
Navigation
Go to Patches → Patch Catalog.
Procedure
- Review the list of applicable patches displayed for your environment.
- Apply filters according to your patching strategy. For example:
- Patch severity: Important
- Endpoint group: Group B
- Once the desired patches are displayed, save the filter:
- Select Save Filters → Save As.
- Provide a meaningful name and description for the filter.
Outcome
The Patch Bundle will be used later when defining automatic remediation plan rules.
Step 2: Configure Automatic Remediation Plan Rules
After creating a saved patch filter, the next step is to define how and when remediation plans should be created.
Navigation
Go to Remediation Plans → Actions → Create / Edit Remediation Plan Rules.
Procedure
Click on ‘Add’ and insert the following information:
- Rule Name – Enter a rule name that clearly describes its purpose.
- Patch Filter – Select the saved patch filter created in Step 1. JetPatch will include the patches in the chosen filter results in the newly created Remediation Plan.
-
Repeat Every – Configure the creation schedule:
- Repeat Interval – Specify the interval of the automated remediation plan creation.
- Repeat Frequency – Day / Week / Month.
- Repeat Entity – This section changes based on the Repeat Frequency:
- Day: Specify the exact time & timezone of the plan creation.
- Week: Specify which exact days in the week JetPatch will create the automated plan, along with the exact time & timezone.
- Month: Two options are available:
- Recurring Time – Trigger the plan every {first, second, third, fourth, last} {day of the week} at a specific time.
- Day In The Month – Specify a day {1–31} and time for the plan to repeat.
- Auto-Activate Plan – JetPatch will activate the plan automatically based on the repeat fields selected.
- Emergency Plan – Marks your Automated Remediation Plan to run during an Emergency Window, superseding other Maintenance Window rules.
- ITSM Ticket Template Name/ID – Associates a ticket template name with your integrated ITSM based on the actions in this remediation plan.
- Workflow – Select the required Workflow for the different operating system families.
- Notifications – Sends an executive summary to the email you provide.
| Tip: It is recommended to schedule plan creation one day before the actual patching window. This allows time for predictive patching analysis and routine checks before patch execution. |
| Note #1: If JetPatch needs to create a plan but there are no patches in the Patch Filter result, the plan won’t be created and a proper log will be shown in the “Logs & Alerts” section, in Platform Configuration. |
| Note #2: If the selected Patch Filter has the “Smart Group” table filter – JetPatch will apply the plan only on the groups in the “Smart Group” table filter. |
| Note #3: If the selected Patch Filter has the “Endpoint Name” table filter – JetPatch will apply the plan only on the groups having the endpoint assigned to them. |
| Note #4: Because a server can only be assigned to a single maintenance window, using an emergency remediation plan allows you to patch sooner on an as-needed basis. Example: Chrome releases patches on Tuesdays, but your MW is set to Saturdays. You can use an Automated Remediation Plan set to emergency, and patch that server on Tuesday when Chrome puts out a new patch. |
Step 3: Plan Creation and Activation Options
When configuring the rule, you can control whether plans are created and activated automatically.
Available Options
- Create Plan Now – Immediately creates a remediation plan when the rule is saved. The plan will be visible in the Remediation Plans dashboard.
- Activate Plan on Creation – Automatically activates the remediation plan, removing the need for manual activation. Once activated, the plan waits for the scheduled maintenance window before patching begins.
| Note: By default, remediation plans are created in an inactive state. Selecting ‘Activate Plan on Creation’ changes that behavior. |
Additional Configuration
- Select the appropriate workflows for the remediation plan.
- Ensure the rule is enabled.
- Save the remediation plan rule.
Step 4: Viewing and Monitoring Your Remediation Plans
After creating the rule, you can monitor remediation plans using both table and dashboard views.
Table View
From the remediation plans table, you can quickly verify:
- Which patch filter is associated with the plan?
- Is the plan enabled?
- Is automatic activation configured?
Dashboard View
- Newly created plans initially appear in the New column if manual activation is required.
- Plans created with automatic activation move directly to Pending and wait for the maintenance window.
Visual Indicators
- Automatic plans are marked with an “A” icon.
- Manual plans display a user icon, including the name of the user who created the plan.
These indicators make it easy to distinguish between automatic and manually created remediation plans.
Automatic Remediation Plans Rules Table
Automatic Remediation Plans Rules Table
For any automated plan rule, you can find the following information:
| Column | Description |
| Name | The name of the rule. |
| Patch Filter | The patch filter associated with this rule. |
| Modified By | The user who last modified the rule. |
| Status | Enabled or Disabled. |
| Repeat Schedule | The configured schedule for plan creation. |
| Next Creation | The date and time the next plan will be created. |
| Automated Activation | Whether the plan is set to activate automatically. |
| Actions | Edit Rule / Create Now (creates the plan immediately) / Delete Rule / Show Patch Filter (redirects to the Patch Catalog with the relevant filter selected). |
Schedules
The following table summarizes the available repeat schedule configurations:
| Repeat Interval | Repeat Frequency | Repeat Entity | Repeat Schedule |
| X | Day(s) | Time & Timezone | Every X days at MM:HH <TIMEZONE> |
| X | Week(s) | Days of the week, Time & Timezone | Every X weeks on A, B, C at MM:HH <TIMEZONE> |
| X+D | Month(s) – Day in the Month | Ordinal day of the month, Days of the week, Time & Timezone | X Days after every Y’th weekday, at MM:HH <TIMEZONE> |
| X | Month(s) – Time in the Month | Day Y, Time & Timezone | Every X months on day Y at MM:HH <TIMEZONE> |
Troubleshooting When Automation Remediation Plans are not being Created
If automated remediation plans are not being created as expected, check the following common causes:
- Remediation Plan Rule is Disabled – Verify that the rule status is set to Enabled.
- The Patch Bundle has No Results – If there are no patches matching the filter criteria, no plan will be created. A log entry will appear in the “Logs & Alerts” section in Platform Configuration.
- The Patch Bundle is Broken – A broken Automated Remediation Plans Rule can happen if the selected Patch Filter is broken. To fix it, go to Patches → Remediation Plans and fix the problematic Patch Filter.
- For more information, check the “Patch Bundles” section in the Patch Catalog.
Why Are there Multiple Plans of the Same Name?
Once a plan is activated, it cannot be edited.
If it is waiting for execution and a new auto policy runs, you may see more than one plan with the same name. This is expected behavior - at the end of the day, remediation plans are policies, and only one plan will run and synchronize with the other plans.
Related Articles
Comments
0 comments
Please sign in to leave a comment.